If you look through any online bookstore, you are sure to find dozens of books on the topic of business continuity and IT disaster recovery. These books tend to go into great detail, and even those that are intended to be simple such as IT Disaster Recovery Planning for Dummies, is 360 pages long. For a small or medium sized business, this might be more information than you are looking for, especially if you are just getting started in the process.
Aside from paying an external consultant to come in and develop the plan for you, you also have the option of using a template or a software program to assist you in the process. Although there are no strict rules on what a disaster recovery plan should contain, here are some general guidelines:
- IT priorities should match business priorities 100%. In a hypothetical scenario where the entire IT infrastructure is destroyed, who in the business needs to be up and running the soonest? Some might say that the payroll department needs to be the first to be made operational again. Others might say that their building security system is #1. It’s important to list all major systems and create a review team to sort the list in order of priority.
- Establish expectations during the recovery process with an SLA chart. Determine an appropriate ratio of downtime/cost of fail-over and backup protection is right for your organization. Then list those in a simple chart. For example, you might have a high downtime tolerate for an intranet site that lets people schedule the use of a meeting room. However, you might have zero to no downtime tolerance for a system that has to do with safety or securing sensitive areas. This simple SLA template establishes expected availability of systems during the recovery process.
- Document requirements for insurance claims process. If safety is not an issue, this may be one of your first steps in the recovery process. If you have damaged equipment, you might need to initiate a claims process against your insurance policy so that you can start the process of obtaining replacement equipment as soon as possible.
- Establish a restoration procedure. For a basic recovery plan, the restoration plan does not need to go into intricate details. Some things that are worth putting into the procedure though, are software license keys, warranty information, backup location, administrative passwords, and temporary sites. A printed copy of important passwords should be kept in an off-site safe that is accessible by key management staff. Consider placing it in a bank safety deposit box if appropriate for your situation.
The above list is an overly simplified list of things that a technology recovery plan can include. If you would like to view a more comprehensive plan and then chose which areas you would like to include in your plan, try this template from riskmanagementtemplates.com.
There is also a company called Kingsbridge Disaster Recovery that has a simple software program that helps you create and maintain your recovery plan. Their website is disasterrecovery.com. Although outside of the scope of this article, I would also like to mention one other option for the sake of completeness. Companies that need to comply with IS0 27000 (27031) Series, COBIT, Sarbanes Oxley, PCI-DSS, and HIPAA compliant, can buy certified templates from Janco Associates.
Additional Templates and Resources:
- Disaster Recovery Journal – List of Sample Plans
- HP – How Planning for a Disaster Can Save Your Business
- Cisco – Disaster Recovery: Best Practices
- Microsoft – Software Recovery Plan
- MIT – Business Continuity Plan
- IBM – Planning and Recovery Consulting Services
If you know of any other useful templates or resources, feel free to leave a post in the comment section with the URL.