A Disaster Recovery (DR) Plan is the strategy an organization uses to recover business operations quickly in the event of a disaster.
To successfully recover from a disaster, businesses need to identify the types of disasters that could most impact the organization, and then build a DR plan around response to those events.
The 3 main types of disasters are: Natural Disasters, Physical Disasters & Technology-Based Disasters.
Coming up with a proper Disaster Recovery (DR) plan requires thought and creativity. Your team needs to be able to respond quickly to incidents, because the impact of any event is directly related to how decisively you act in the moment.
But how do you create a plan that is both reasonable to develop and maintain, while also dynamic enough to be effective under a variety of circumstances? One big step is to outline the types of disasters you could potentially face.
So, let’s review the different types of disasters that you should plan for to ensure your Disaster Recovery Plan is as effective as it can be.
Types of Disasters
There are three categories of disasters we’ll cover in this blog:
- Natural Disasters
- Physical Disasters
- Technology-Based Disasters
When people think of DR Plans, they often gravitate to Technology Related Disasters. However, as we have learned from the pandemic and even the power issues in Texas, DR plans need to be more fluid than just focusing on technology failure.
While this blog outlines certain types of disasters, your business might be faced with different incidents such as compliance/regulatory scenarios… or maybe some of these traditional disasters don’t have much meaning to your organization and can be cut from your plan.
The thing with DR planning is that no two organizations are ever exactly alike. Think specifically about what your organization might classify as a disaster.
Natural Disasters could include the following:
- Fire to one of your branches or offices
- Physical loss of a data center
- Flooding making working in an area potentially impossible
- Storms impacting infrastructure
- Pandemics or other health issues for your staff
What’s the impact of Natural Disasters to my organization?
Impact can vary significantly depending on your infrastructure and the extent of the incident.
How Will Your Physical Assets Be Impacted?
Think about what physical assets you have that could be impacted by a Natural Disaster. For instance, if you are leveraging a server closet in a main office, natural disasters will have a much more significant impact to the way you work than an organization where Cloud or Software-as-a-Service (SaaS) is utilized.
How Will Your Communication Methods Be Impacted?
Flooding or storms could also impact your ability to communicate, so you need to consider whether your phone systems, cell phones, power, and potentially even plumbing and fire control are viable in the event of a Natural Disaster.
How Will Your Workflow Be Impacted?
The COVID-19 pandemic is another type of natural disaster you should consider. The pandemic drastically changed how we work, and future public health concerns could once again force you to change your workflow significantly.
Ultimately, it will be up to you to understand the relationship between the assets you have, the technology you use, and the specific type of Natural Disaster to determine the impacts to your organization. However, these are the types of questions that must be asked when developing your DR plan.
How should I respond to Natural Disasters?
Establish New Ways of WorkingWith Natural Disasters the focus is often going to be on establishing new ways of working and communicating. The pandemic is a great example of this. For most organizations their routers, servers, workstations, and other technology didn’t just die one day. Rather, the impact led to people changing the way they worked, often utilizing different devices than before, connecting to servers and applications through remote means, and establishing new security procedures, among other things.
Plan Your Communication Strategy
For any type of disaster, it’s also important to plan your messaging and communication strategy to your staff and clients. What do you need to let your clients know because of the impact of this disaster? What should your staff’s expectations be for both temporary and permanent changes?
Physical Disasters could include the following:
- General infrastructure failures, such as loss of power or water
- A facility problem, such as a burst pipe or a collapsed roof
- Break-ins or physical security breaches
- Heating and cooling issues which could make a workplace unusable
What’s the impact of Physical Disasters to my organization?
Like Natural Disasters, Physical Disasters will also have an impact on where and how you work.
Sometimes a physical disaster such as a loss of power could simply require the organization to have people work from home for a short period of time. Other times, depending on your assets, you may have to relocate not only your people, but also your technology infrastructure. And in the case of heating/cooling issues, a Physical Disaster could lead to a Technology Disaster, so while people can still work, there could be a huge impact looming.
How should I respond to Physical Disasters?
Know How to Recreate Your Work for the Short and Long TermWith Physical Disasters, it’s important to understand not just how to recreate your work on a temporary basis, but for how long. If there is a major power grid failure, it’s likely that this kind of disaster will only last for a relatively short period of time, and your focus on recovery should be short term and temporary. But more significant physical disasters, such as a collapsed roof, may take months to resolve. Based on your impact analysis, you’ll want to determine both temporary and long-term adjustments.
Know What Third-Parties You'll Need to Interact With
You also need to be aware of the third parties you need to interact with in the event of one of these disasters. If your HVAC fails, making your server closet too hot for operation, it is critical that you know immediately who your HVAC vendor is and how to contact them. Furthermore, your service agreements with these third party providers need quality service level agreements that reflect your responsiveness needs in a disaster. These vendors can also provide input on expectations of what might happen in the event of a disaster.
Technology-Based Disasters could include the following:
- Ransomware and Malware incidents
- Server hardware failure
- Third party SaaS/Cloud failure
- Data and security breaches
- Loss of data through corruption, failure, or viruses
- Phishing incidents
- Network infrastructure failure
- Major ISP outages
Technology Disasters are probably the most likely disasters your organization will face. They can have different levels of impact and may require the most expertise to plan around.
Fortunately, Technology Disasters also have many solutions and vendors who can help support this effort. So while it may require significant investment to plan for, it should also be the most addressable of disasters.
Another thing to keep in mind is that some issues may be better defined as incidents rather than disasters based on the impact to the organization, and as such deserve a different kind of approach to resolution.
What’s the impact of Technology Disasters to my organization?
As you may be able to tell from the list above, there are many different incidents that can qualify as a disaster. Each of these incidents will impact organizations differently.
Think About the Work the Technology Supports
The way to approach planning around the impact of these disasters is to take a step back from the actual technology and understand more about the work function of the technology within your organization.
Determine What Types of Technology Incidents Would be Most Detrimental
Once you identify the different tasks that your technology is used for, you will be able to determine the types of incidents that your organization would consider full-fledged disasters.
Then you’ll know which events would require an all-hands-on-deck approach, and which events could be more easily managed while the business continues to operate fairly normally.
Protect Against Complete Data Loss
Regardless of your business, some of these technology-based disasters can have serious implications, particularly those related to data breaches and loss. Data is very hard to replicate when it is completely lost, and data that is breached may leave your organization open to potential civil liabilities. So no matter the case, make sure you have a solid plan to backup and recover your critical data.
How should I respond to Technology Disasters?
Develop Your Response Plan and Contingencies
Once you have identified the potential technology issues that could arise to the level of disaster, you should develop your response plan and contingencies specific to those items.
This includes knowing who is on your response team, including third party vendors and resources to help you procure any technology needed to resolve and restore systems to pre-disaster levels.
Create a Communications Plan for Staff & Vendors
Communications need to be put in place to your staff as well as other third parties when a technology disaster strikes.
Think about which of your customers, partners, lawyers, etc. may become a stakeholder, not just during the disaster, but also in the aftermath if there is liability involved.
It is very important that when a disaster occurs, you are transparent about:* What happened
* What steps are being taken to resolve the issue
* How you will determine the root cause
* How the business will adjust to avoid future incidents
Plan out Potential Limitations Caused by the Disaster
Your plan to respond to these Technology Disasters should also include expectations about restoration time for backup systems, limitations to your work due to technology failure, and details about any compliances or regulations by which your organization needs to abide.
Keep in mind, it may not be possible to make every disaster recovery situation a positive experience. Your goal is to minimize the impacts of a technology failure by being reasonably prepared to respond and limiting the consequences.
Disaster Recovery planning is tricky because it requires you to anticipate many events, most of which are unlikely to occur, but also some events that are inevitable.
Review, Re-Evaluate & Test
You will need to regularly re-evaluate the potential disasters that could impact your organization and determine if adjustments need to be made to your DR plan. With these best practices in mind, you'll ensure your plan stays current and relevant.
You'll also want to make sure you perform regular DR testing to make sure the plan you have put in place will actually work when a real disaster strikes. Disaster recovery planning is not a 'set it and forget it' item. It's a constant process that needs to be revisited often.
Keep these three main points in mind to prepare your organization to successfully recover from a disaster:
- Identify as many potential events as possible.
- Prioritize the events that could impact your organization the most.
- Build systems and procedures around minimizing serious impacts whenever possible.
For more information about effective IT Disaster Recovery Planning and the tools available to you, visit: https://www.dpsolutions.com/it-support-services/backup-disaster-recovery