Disasters can be termed ‘natural.’ Whether humans or organisations, we may not be able to (always) avoid disasters. However, with meticulous planning, the after-effects of disasters can be minimised.
The documented set of procedures or processes involved in recovering a business I.T. infrastructure back to working ways after a disaster is referred to as the data recovery plan.
The disaster data recovery plan (DRP) is implemented to minimise the data loss and downtime after a disaster.
An organisation that implements disaster data recovery plan do so with the primary aim of protecting itself in the advent that all of its tools including computers and operations suddenly become useless due to disaster or any other reason. With the disaster data recovery plan, organisations ensure that the core parts of their operations is less tempered with or interrupted and ensures an orderly and collected recovery of their data even in the aftermath of the disaster.
When speaking about minimising data loss, it can be viewed from two different angles; RTO (recovery time objective) and RPO (recovery point objective).
The RTO suggests the time frame within which the data should and must be recovered successfully and the business mechanisms put back in place. After an incident or MI (Major Incident) must have occurred, the disruption in business continuity may cause some damages to the business. However, the RTO suggests that there is an acceptable timeframe within which the business should be restored and beyond which there might be unchangeable damage to the successful running of the firm.
The RPO, on the other hand, is the age of the files that have to/needs to be recovered. If an MI takes place and a computer, organisational system or a particular network is interrupted, there may not be need of recovering every file to help it resume normal working. Some files are age-long and may have little or no effect on the current shape of things.
However, some files are the foundation of the current runs and must be recovered if the system is to be brought back to working ways. The RPO traces the time backwards, with its starting point being when the disaster or Major Incident took place.
The RPO is specialized to be traced back to days, hours and even seconds! So more clearly, the RPO is measured in time, and it is the age of the files that are required by the backup storage to resume business or achieve business continuity after an MI (Major Incident).
These disasters could be manmade, natural or caused by the environment.
BENEFITS OF THE DISASTER DATA RECOVERY PLAN
Companies that draft a disaster data recovery plan do so because of the awareness of the benefits. Here are a few of the benefits of this plan;
- There is minimal risk of delay
- There is a high sense of security
- There is a guarantee of the reliability of standby systems
- There is reduction of legal liabilities
- It makes the work environment to be less stressful
TYPES OF DATA RECOVERY PLANS
Although data recovery plans are not a ‘one-size-fits-all’ thing, there are primarily three elements that control the mapping out of these plans;
- Preventive measures
- Detective measures and
- Corrective measures.
Just as the names imply, preventive plans are taken to prevent and reduce the risks attached to these disasters or to keep them at bay. Detective measures are taken to detect any form of irregularities within the I.T. system while the corrective measures are taken after the disaster must have taken place.
WHAT METHODS ARE EMPLOYED IN MAPPING DATA RECOVERY PLANS?
In the data recovery journal, G.H. Wolds highlights ten steps in setting up data recovery plans.
- Obtain a top management commitment to the plan
- Establish planning committees that will help oversee the development and carrying out of the plan.
- Endeavor to assess risk (risk assessment)
- Put priority check in place for both processing and operations so there can be proper allocation of the limited resources.
- Determine recovery strategies
- Endeavor to collect relevant data
- Organize and document your written plan
- Determine your testing criteria and periods
- Test the plan and then finally
- Obtain the approval of the plan.