How to Create an IT Disaster Recovery Plan

Just about every business relies on information technology in order to function in today’s world. Some businesses rely on systems more significantly than others.

Unfortunately, IT systems can fail. There are a range of reasons for this – from physical failure through to being attacked by cybercriminals or the spread of computer viruses. And when systems fail it can be costly.

Not only can you lose money via productivity and profitability while you are offline and looking to fix the problem, you can also lose valuable data. Never mind the reputational damage it can result in and even legal problems.

Research in 2017 by Dynamic Business Technologies found that 45 per cent of total unplanned downtime in businesses is caused by hardware failures. This is followed by loss of power at 35 per cent, data corruption at 24 per cent, external security breaches at 23 per cent and accidental user error at 20 per cent.

Your business can’t afford to be unprepared in the event of an IT disaster. Creating an IT disaster recovery plan will ensure you have a step-by-step process to follow to get up and running and back to normal as quickly as possible following a significant IT event.

These are the steps you should take to develop one for your organization:

• Identify different scenarios that could affect your IT systems. For example fires, natural disasters, hardware failure, problematic software, viruses and so on.
• Perform a comprehensive risk assessment with these various scenarios.
• Ensure you have all your relevant IT infrastructure documents gathered in an easy to access place.
• Canvas your senior management to determine what they feel are your most critical internet technology assets.
• Review historic events – has your organization had a previous history of disruptions and outages? How were these handled?
• Does your company’s management have a minimum time it considers to be acceptable for IT systems to be unavailable?
• Identify and review any current procedures in place in your organization to respond to critical outages.
• Identify staff to be part of any critical response teams for IT disruptions.
• Where appropriate, arrange for further training of members of your critical response teams.
• Determine whether your hardware and software vendors have emergency response capabilities. If these have been used previously, evaluate the level of usefulness you received from these services.
• Give recommendations on what to do in the event of certain scenarios, including an estimate of time and costs.
• Determine when you need to escalate issues and to whom.
• Test your plans in real-time scenarios. There’s no point only having a theoretical plan, you need to know that the plans work.
• Include communications and media strategies to deploy in an IT crisis.
• Determine any insurance issues as well as financial and legal issues that could arise as a result of an IT crisis.
• Have senior management review your plans and recommendations and sign off on it.
• Communicate your IT disaster recovery plan to relevant internal stakeholders.
• Audit and review your organization’s IT disaster recovery capabilities regularly.