Core Disaster Recovery Business Continuity Assessment
Many businesses have never tested the recovery process in the event of a server or site failure
With business continuity a core component of risk management, a well-rehearsed plan lays the foundation for confidence that IT systems will work when needed most.
Terms like Maximum Tolerable Period of Disruption (MTPOD), recovery time objective (RTO) and recovery point objective (RPO) are often used, but what do they really mean? In practical terms, recovery time objective is the duration until a business can return to normal after the failure of a server or key computer site, and recovery point objective is the place in the transaction flow where the business resumes.
- Recovery Time Objective (RTO) - How long can your business afford to be down?
- Recovery Point Objective (RPO) - How often do you backup? How much data can your business afford to lose in the event of a disaster?
- Level of Service (LOS) - What are your business' critical servers and essential units that cannot be disrupted?
Implementing a disaster recovery plan includes documenting the process to bring a server or group of servers back online in the event of failure. An overlooked step in the process often flows from the assumption that an IT expert is always readily available. Due to the inherent unpredictability of a disaster, the IT staff that your company relies on may take time to find and start action. Considering this human latency when developing the recovery plan naturally highlights any undesirable complexity in the systems and processes, and the need to support recovery even with minimal IT expertise on hand.
- Core disaster recovery and business assessment questions
- Could a newly hired IT professional quickly handle the situation?
- Could a remote IT engineer talk a novice through the procedures?
- Could a smart phone, tablet, or remote laptop provide all needed access to bring your business back online?
- Could the disaster recovery business continuity plan be executed within the RTO and RPO requirements?
In addition to reviewing your disaster recovery and business continuity plan your team needs to define a realistic picture of their expectations. You could spend too much time thinking of costly alternatives to cover aspects of daily operations that may not be critical. When doing so, ask yourself and your executive team:
- Specifically, what level of protection is necessary (RTO, RPO, LOS)?
- Which aspects of your company's business must stay operational?
All of this is defined in Janco's "Disaster Recovery - Business Continuity Template".