When you’re faced with downtime, data isn’t available to your customers, which generally means that business—yours and your customers’—stops. This can quickly get expensive. So whether it’s a blizzard or zombies, you’d better have a disaster recovery plan in place.
First, take an operational risk assessment of your building and its key operating components, including its location, power generation, HVAC, critical systems, network infrastructure, security, work space, fire protection, building floors and walls, and utilities. After you’ve identified potential risks to operations, prioritize the risk scenarios (e.g., fire, flood, earthquake, hurricane, vandalism) in order of severity, potential damage, and likelihood of occurrence. This will help you determine the order of your plan’s response activities, based on the situation.
Now you’re ready to develop your plan. While each disaster recovery plan is unique, here are a few general areas to address:
- Initiate emergency response procedures, including event report, notifications, damage assessment, and assembly of teams.
- Launch emergency procedures, including data protection, quality assurance, security, and backup; power, HVAC, and utility management; and back-up for applications, hardware, network, etc.
- Decide whether to declare disaster: Determine if the situation can be handled without staff leaving the building. If situation is serious, declare disaster, issue evacuation orders, and instruct staff to follow emergency procedures.
- Continue backup and recovery procedures, including application-level backup procedures, hardware-level, network backup, and launch recovery procedures.
- Begin alternate site recovery procedures, as necessary. Initial teams arrive at alternate data center or contracted facility and launch all recovery procedures.
- Address primary site situation, determining if the site is repaired and ready to accept data center operations. Launch all recovery procedures upon return, and data center staff return to complete recovery and resume normal operations.
- Conduct post-recovery activities, including validating that all systems, assets, and utilities are functioning normally. Review the event and response, identify lessons learned, and summarize in a report to management.
Lastly, once you’ve developed and implemented your plan:
- Test it regularly to reflect the changing dynamics of your environment.
- Review it regularly to ensure it still supports your organization’s needs and goals.
Like a health check-up, your disaster recovery plan needs a regular review and test to ensure that your systems and staff are prepared for any disaster that might occur—zombies or not.