Jack Dempsey reigned as the world heavyweight champion from 1919 to 1926 and his aggressive fighting style and exceptional punching power made him one of the most popular boxers in history. When asked about his strategy, he would reply that “the best defense is a good offense.” He once threw a left hook that shattered his opponent’s cheek bone in 13 places. But it’s worth noting that this punch came after patient and methodical observation. Dempsey is ranked 10th among all-time heavyweights because he was careful to observe his opponents and respond appropriately to their attacks.
In Part 3 of our Business Continuity Planning series, we take a look at the critical steps needed to ensure a planned and methodical approach to recovery from both anticipated and unanticipated business interruptions.
So, let’s dive in...
While Business Continuity Planning refers to the business as a whole, Disaster Recovery looks specifically at the IT systems that support the business’s Mission Essential Functions. The goal of this step is for you to strengthen the process an organization uses to recover access to their software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after an emergency event.
Support Essential Functions
Taking the information gathered in the Business Impact Analysis, and using our IT Disaster Recovery Planning Checklist (downloadable HERE), take a look at the IT systems that support and enable those Essential Functions. Make sure that the corresponding resources have been identified and fully allocated and that the Functions are supported by effective processes and procedures. This is where Disaster Recovery starts.
Determine RPO & RTO
For each of the critical systems, identify the parameters around which recovery systems and processes must be designed. Recovery Point Objective (RPO) describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan’s maximum allowable threshold or “tolerance.” The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity. So both of them, RPO and RTO, really influence the kind of redundancy or backup infrastructure you will put together. The tighter the RPO and RTO, the more money you will spend on your infrastructure.
Develop Recovery Strategies
Now that you know the critical systems and the associated RPO and RTO that are acceptable to the business, it is time to design the recovery strategies that will be used upon initiation of the continuity plan. Each type of event may dictate a different response so each response should be mapped to an Initiating Event. The responses can incorporate automated system responses or manual responses performed by personnel.
Formulate Response Procedures
While Response Procedures can take a variety of forms, they normally incorporate key processes such as: incident confirmation by one or more parties, information gathering to determine exactly what resources are involved, IT resource containment, analysis of what occurred, reporting results to stakeholders and/or executive leadership, and follow-up review to determine methods that may stop another similar incident from occurring.
Use our free IT Disaster Recovery Planning Checklist (downloadable HERE) to identify the critical elements of an effective disaster recovery plan.
Just as Jack Dempsey was methodical in his defensive tactics, through these activities you, too, will discover the value of solid and methodical recovery actions to defend your business.