Which organizational functions should be involved in disaster recovery planning?

Unplanned downtime or a business-immobilizing incident, whether a natural disaster or malicious attack, will impact all levels of an organization. Your disaster recovery team is responsible for building your organization’s disaster recovery plan, developing the plan’s processes and procedures, and implementing the plan in the event of a crisis to ensure data recovery is possible. Having a recovery plan is critical, yes, but just as important is the team of individuals dedicated to bringing your business back online successfully. So, who should you put on your disaster recovery dream team?

Ideally, you want a cross-functional team from multiple departments who can leverage their expertise to cover all areas of risk within an organization. Let’s take a look.

Disaster Recovery Coordinator
Also known as a crisis management coordinator, this person should be a business leader within your organization who will oversee the execution of your disaster recovery (this is primarily IT-focused) plan as a whole. They will confirm that your disaster recovery plan aligns with business needs already determined through your Business Impact Analysis (BIA) and that members of the disaster recovery team are notified. This person initiates recovery plan protocols and coordinates the efforts of the IT team through each step of the plan from the beginning of a disaster through to a successful recovery of assets.

A good example of someone who could assume this role would be: someone in your upper-level IT management.

Critical Business Unit Advisors
While your advisors do not handle much of your disaster recovery planning, they will work as a committee to evaluate and determine strategy, budget, policy considerations and select members of the disaster recovery team. They’ll help oversee the process and planning and have key insight into knowing each department’s downtime tolerance.

These advisors would likely be: Heads of each department or C-level executives.

Business Continuity Expert
Business continuity is an integral part of your disaster recovery plan. This role considers the company-wide initiatives and strategy and ensures that non-IT recover aspects of your organization happen. This could include establishing temporary workplaces and telecommunications and resources so your organization can return to work as quickly as possible. Your business continuity expert acts as the main point of contact between the IT department and rest of the company to facilitate open communication throughout the organization.

Your business continuity expert could be: a Human Resources or PR manager.

Recovery Team
These are the men and women who have the most responsibility in the event of an actual recovery process. This team is your IT experts who are pulled from each unit of your IT infrastructure to cover your network, servers, databases and storage. They understand what is unique to your IT landscape and know how to implement strategies to uphold the integrity of your infrastructure.

Your recovery team members could be: managerial level experts from each division of your IT department.

Once you have you dream team created and plan developed, it’s crucial to make sure that your disaster recovery plan is tested, and your team is trained on the process. Running your disaster recovery plan the first time in an actual emergency event is not the time to discover you are unable to switch operations over to a recovery site or your communications system is not working. Conducting routine and ongoing testing helps members of your team to be more comfortable with their roles and responsibilities and learn to work more efficiently as a team. Don’t forget to make adjustments to your plan as needed, because you will never have a “final draft.” Make ongoing evaluations of your plan’s effectiveness part of your routine planning in conjunction with changes and updates to your operations, solutions, infrastructure and staff.

And if you don’t have IT experts on your staff? You can easily outsource to a managed services provider who have specialists that will work with you as an extension of your team. Give us a call to see how we can help.

2021 statistics reported by broadbandsearch.net show that there are currently 4.98 billion Internet users worldwide. The number of Zoom downloads, the most popular video calling app, jumped from just under 5 million downloads to 26.8 million downloads in March 2020. In 2020, consumers spent just under $3 trillion online shopping. And current social media statistics report that there are about 4.3 billion social media users across the globe. 

The primary aim of these statistics is to demonstrate that with the ever-increasing reliance on the Internet for business, social interactions, and shopping, global organizations must develop a robust, workable disaster recovery plan in the event of a disaster. 

Even though organizations might want to ignore the possibility of downtime due to a disaster occurring, the fact remains that disasters of all types occur, including natural disasters, human error, cyber-attacks, and even secondary disasters that can bring down the organization’s servers like power failures, data center cooling failures, and burst water pipes. 

Organizations across the world are relying more and more on technology and electronic data to operate. And the amount of data and IT infrastructure lost to disasters is increasing. While the cost of a single disaster is difficult to predict, cost estimates of the impact of natural disasters in February 2021 were expected to top $19 billion in insured losses in the state of Texas, USA, alone. 

Therefore, the possibility of a disaster occurring cannot be ignored, and it must be planned for in the form of a disaster recovery plan (DRP), including an off-site recovery solution.

By way of expanding on this statement, let’s consider 5 elements of a successful disaster recovery plan. 

1. Form a disaster recovery team

Because of the priority needed to be given to developing a disaster recovery plan and updating and testing it over time, it is imperative to form a dedicated disaster recovery team from employees and managers across all parts of the organization. This team will be responsible for developing, implementing, updating, and testing the plan to ensure that the company can quickly recover from a disaster. 

Secondly, the DRP should clearly state each team member’s role and contact details in the document containing the plan’s details. This plan should also identify who is the first contact point in the event of a disaster. And lastly, all company employees should have access to the completed DRP plan, be aware of what it contains, and understand their individual roles in the event of a disaster.

2. Identify disaster risks 

As natural disasters increase in frequency and cybercrime and security breaches become more sophisticated, organizations must identify and assess their disaster risks. Additionally, the ability to quickly handle incidents can reduce downtime and minimize financial and reputational damage, which is critical to organizational success. Succinctly stated, the ability to identify potential risks is integral to creating a data recovery and protection strategy.

The types of disasters that organizations must plan for include 

• Application and server failure
• Networking and communications failure
• A data center disaster
• Natural disasters such as hurricanes, typhoons, tornados, flash floods, severe thunderstorms, snowstorms, and cyclones. 
• Power failures 
• Citywide, regional, national, and multinational disasters

Not all of these possible disasters will apply to the individual organization. Therefore, it is essential to identify the potential risks applicable to the organization and work from there.

3. Identify critical applications, data, and resources 

The next step in the DRP development process is to identify the mission-critical software applications, documents, data, resources such as buildings, vehicles, machinery, on-premises IT infrastructure, human resources, and intellectual resources. 

The DRP must focus on short-term survivability, such as how to continue generating an income and ensuring cash flows remain optimal, while focusing on the medium- to the long-term goal of getting systems back up and running again.

4. Specify backup and off-site recovery 

It is a good idea to consider signing up with an IT DRaaS (Disaster Recovery-as-a-Service) provider as part of the DRP. An IT DRaaS solution focuses on how to restore IT functions and operations quickly and efficiently and includes elements such as off-site backups and recovery functions. 

Succinctly stated, a managed DRaaS will take responsibility for sourcing alternative data centers so that the IT systems that are down can be brought up again as fast as possible. The DRaaS service provider will also plan and execute IT DR rehearsals, ensuring that your company is always ready in the event of a disaster. 

Note: While the backup and off-site recovery of data and IT infrastructure is critical to the modern company, it is not the only risk. Recovery from other disasters like the loss of access to offices, factories, and warehouses, or the need to work from home because of a global pandemic the world is currently living through, must also be detailed in the DRP. 

5. Test and update the plan 

As the organization grows, it is vital to update the DRP to keep up with the organization’s ever-evolving risks. For instance, if the company opens up a new warehouse, office, or factory, the disaster recovery must update the DRP to reflect these changes. 

In summary, disaster recovery planning is a continual process as the risks of disasters and emergencies are constantly changing. Additionally, it is equally important to regularly test the DRP to ensure that everyone involved understands their role and can function together as a team. The organization needs to be continually ready in the event of an unexpected disaster.

Final thoughts 

Every organization, irrespective of size or industry, must develop a disaster recovery plan, including identifying and assessing risks, critical applications and business processes, and the specification of the off-site backup and recovery procedures. The disaster recovery team must ensure that the DRP is updated and tested regularly to make sure that the organization will be able to implement this DRP in the event of an unexpected disaster. Without an implementable DRP, the organization could lose substantial sums of money and even go bankrupt. Therefore, spending the time and money developing a DRP makes good business sense.

Who is involved in a disaster recovery plan?

What should be included in a disaster recovery plan?

Why is important for organizations to have a disaster recovery plan?

What are the 3 main components of disaster management?