6 Initial Steps to Developing a Backup & Disaster Recovery Plan
Backup & Disaster – It’s All In The Planning
All businesses should develop a clearly defined Backup and Disaster Recovery (BDR) Plan for their data in the event of business continuity issues; such as hardware or infrastructure failure, fire or flood.
There are some essential questions which should be considered when outlining a Disaster Recovery plan, including;
- Who holds overall responsibility for managing the business data backups & their integrity?
- Who is responsible for recovery of business data in the event of any disaster?
- How long would it take to recover data from the current backup solution?
- Can the data be restored to different devices/hardware models?
- What is the software and process used to reconstruct a working system?
- Depending on the scenario do we need to reconfigure any hardware or software manually?
We recommend ensuring all procedures are up to date and have been tested by more than one member of staff.
Ideally your Managed IT Service Provider will have a Disaster Recovery plan or policy on your behalf to restore and test data as we do for our clients.
Step 1. Assess the risks to the business
Backup & Disaster, they are not likely to be aliens, even floods and fires can be unlikely. The most likely business disasters are failures that include hardware, software and infrastructure. Fire and flood normally proving less likely to cause the disasters. Statistics point in recent months to increased likelihood of cybercrime; including fraud and virus attack being the most likely loss of data and service to SME businesses.
Typical risk assessment areas include;
- Review of current data backup policy
- Assess aging hardware assets purchase dates and warranty periods
- Log all software licence information, collating expiration dates, version details and support life details
- Gather all data on your current systems, passwords and user permission details
- Collate data on externally provided items such as hosting, domain details and website login details
Step 2. Review the current data backup & disaster policy
Ensure there is a current data backup policy in place. Review and test the policy, checking that data can be recovered in a suitable period of time from a business continuity perspective.
Step 3. Develop replacement hardware policy
Assess ageing hardware purchase dates and warranty periods. Using your risk assessment coupled with age and warranty periods, develop a rolling hardware replacement policy. Ensure that budgets are allowed for future replacements
Step 4. Assess software age, licences, version information and end of life schedules
Using your risk assessment, identify software which is no longer licenced or supported. Ensure you have budgeted costs for the replacement of the software. Consider your update schedules and how regularly software is updated within the business. Often industry specific software is updated regularly due to legislative amendments. Whereas other software can fall behind and become outdated or obsolete without updates being applied.
Step 5. Create a list of users, facilities and permissions for regular review
Gather your user details, their permissions, usernames, email addresses and passwords. Ensure that you know which users have access to which areas of the business systems. Verify user restrictions and be prepared to review policy information on password changes and to include staff departures from the business.
Step 6. Collate data on externally provided services
Gather your business information for externally provided services such as domain names, website information, logins and access details. This should include relevant registrant and hosting details, along with permissions and email addresses for administrative details. This information is critical to protect the business against leaving staff and malicious lock outs from various accounts. It should include social media accounts on all platforms. Removal of staff links to personal accounts and the creation of a business account for all aspects. This should not accessible for only one member of staff, but for a team.
From risk assessment to development of initial backup & disaster Recovery information, an outline plan can be created within six relatively straight forward steps.
If you would like an Excel Workbook which allows you to complete the relevant steps easily. Drop Jacqui an email and she will send it to you allowing you to complete the form and retain the data gathered.