At a minimum a data backup and disaster recovery plan needs to specificy relevant policies, procedures, vendors and key personnel. A plan must be written for a variety of reasons. Your insurance, auditors or other stakeholders may want to see it and there may be questions of liability without it. A written plan will also help you spot gaps in the plan. For example, if you will “replace all of your computers” as part of a recovery plan, what if the disaster is widespread (for example a tornado) and every business in the area is also replacing computers? Will there be enough to go around? Who are your vendors?
For data recovery, you need to consider where your data is stored. Is it in the cloud? From where will you connect to the cloud? What if electricity is intermittent? Where will you set up shop in the interim? What if the cloud provider itself suffers the disaster and you cannot access the provider?
The scenarios are many and varied, and it is not until you start to write them down that you truly come to appreciate the scope that is data backup and disaster recovery planning.
A data backup and disaster recovery plan must be reviewed and updated on an ongoing basis. For example, if vendors change, they must be considered not only in terms of daily operations, but whether they can provide equipment or service on an emergency basis, turnaround time and cost. A plan is not something which is done once and forgotten.
Last, if you are interested in ISO certification your business must have a plan to address business continuity and disaster recovery. More information on this topic is available at www.iso.org.
For more information on data backup and disaster recovery planning best practices, please contact us.