Developing a Disaster Recovery (DR) Plan

The Importance of a Disaster Recovery Plan

A business who does not have a disaster recovery (DR) plan is simply asking for trouble!   Murphy's Law states that anything that can happen, will happen. Computers can become infected with viruses and malware.  Hard drives can break down at any time or arrive with defects.  Files can be accidentally overwritten or deleted.  Employees do power off computers improperly.  Power outages and spikes do occur.  Buildings do get flooded or burned down.   Any one of these things, and countless other events, could result in a retailer losing business-critical data.  And that data loss can have serious, real-life consequences:

• Lost revenue
• Financial cost
• Regulatory problems
• Damaged brand
• Lost productivity
• Damaged customer relationships

That's why it is critical for you to have a disaster recovery plan - both to protect the systems and data your business depends on and to recover from a disaster in a reasonable amount of time.  When crafting a disaster recovery plan, make sure to think about all the locations where critical data currently resides.  For retail organizations, that includes the head office as well as each and every remote store location.  The risks associated with data loss apply as much to individual retail stores as they do to corporate, maybe even more so.

Key Elements of a Disaster Recovery Plan

Developing a comprehensive disaster recovery plan is no small task.  There is no one "right" type of disaster recovery plan and there is no single uniform approach.  That said, many disaster recovery plans share these key elements:

• Develop an Emergency Communications Plan and Contact List
  • Generate a list of internal and external recovery team contacts
  • Generate a list of internal and external contacts who need to be briefed at the onset of the disaster and receive ongoing updates throughout the event
  • Once a disaster event has been declared, alert and mobilize recovery team members to react and respond to the situation at hand
  • During and following the disaster, periodically update relevant parties as necessary
• Define Key Roles and Responsibilities
  • Clearly define the key roles and responsibilities for anyone involved in disaster planning and recovery operations
• Inventory all Hardware and Software Assets
  • Complete a detailed inventory of hardware and software applications, including vendor technical support contact numbers
  • Prioritize applications into three tiers  - Tier 1 applications are mission-critical apps needed immediately, Tier 2 applications are needed within a day, and Tier 3 applications can wait a few days or more
  • For each application, also determine how much data loss is acceptable in the event of a disaster
• Identify and Reduce (or Prevent) a Disaster
  • Create multiple copies (backup) of mission-critical data and files
  • Regularly test backups for reliability and recoverability
  • Use an uninterrupted power supply (UPS)
  • Conduct routine inspections of the IT infrastructure
• Identify Potential Threats or Problems That Could Lead to a Disaster
  • Use antivirus software and firewalls
  • Install server and network monitoring software
  • Install fire alarms
• Establish Procedures for System and Data Recovery After a Disaster
  • Fix or replace damaged hardware and network components
  • Restore or reinstall application software
  • Recover mission-critical data