Questions? Contact Us

 

Latest News

Featured News & Events

Five must-haves in any disaster recovery plan

In January the United States saw some of the coldest temperatures on record, an earthquake outside of San Francisco, and mudslides in California. Those Mother Nature events probably didn't affect anyone's computer up time, but they could have. Cold temps produce ice which can break trees and cause damage to equipment; earthquakes can topple buildings; and mudslides can destroy everything in its path. These are just a few reasons why every business needs a disaster recovery plan.

You may say, "but I back up my data and I already have a business continuity plan." 

A disaster recovery plan (DRP) works with backed up data and is typically part of a business continuity plan. A DRP is a business plan that outlines how an organization can resume work quickly after a disaster.

While a lot can go into a DRP, there are several key elements that are must-haves if a company is to succeed in quickly getting back to business after a debilitating incident. Those include:

  • A Business Impact Assessment (including recovery point objective and recovery time objective). The best way to prepare for a disaster is to understand the effect it might have on your business. An assessment includes concrete items such as loss of sales and income, increased expenses, lowered customer satisfaction and delayed business plan execution. When assessing the impact, you also need to consider elements outside your control that will affect how quickly you are functioning again, such as your supply chain, utility and telecommunications interruption, or restricted building access. As you do your impact assessment, you also need to identify a point of recovery and how long it will take to get there. In IT, this could be the last time the server was backed up. How long it takes will depend. For example, an IT system may be back up and running in a short period of time compared to the physical re-opening of a building if there is damage.
  • Knowing vendor policies. Be aware and understand what any of your service provides have in their contracts regarding up-time and response time. It may seem like you're the only one affected in the time of disaster, but we all know that's never the case. As noted above, vendors and partners that help make your business run also could be affected. Make sure you understand your contracted up-time and the response time of your service providers. This will directly play into your own DRP.
  • Clear step-by-step instruction. A DRP is not a document that should leave any questions or room for interpretation. It should be painstakingly detailed and very clear. Testing the plan (see below) will help to determine if you have accounted for the clarity required so that everyone knows his or her responsibility and expected action or reaction to the situation.
  • Outlining communications processes. Knowing how and to whom to communicate should be clearly outlined in a DRP. Being proactive here can help. For example, if there is a storm coming, you could advise employees and customers a day or two before the storm hits that the office will be open or closed. For disasters where there is no warning, there should be clear instructions in the DRP for what employees should. The guidance could be to meet at a predetermined spot. If it's to check in on Facebook or dial a hotline, it will require employees to get connected electronically as soon as possible. Company websites also should be updated (potentially on the backup servers) to reflect the status of the office. When communicating with the media in a disaster situation, limit your spokespeople to just one or two executives. No one else should be speaking publicly about the company during a disaster scenario.
  • Testing your plan. A disaster is not the time to see if your DRP works. Organizations must regularly and fully test their plan end-to-end to ensure recovery operations are fulfilled and everyone knows his or her role and responsibility.

Finally, review the plan often. The corporate pace of change is rapid and it's easy to outgrow a DRP within a year or less. As your organization changes, you must update your DRP to reflect the changes to your business.

As a service provider, ZZ Servers does everything possible to keep its customers up and running in times of disaster. From backup generators to cots and MREs for employees who might have to support the operation 24x7, ZZ Servers is committed to your business during normal operations and when there are emergencies. 

Can your business pass the data privacy test?
Tips for Optimizing PCI Compliance

Related Posts

 

Tag Cloud

credit cards stolen computer networks Credit Card Security computing in the cloud data privacy shared server IT Solutions business solutions trends safe computing IT Services cloud windows 7 shared secure hosting Cybersecurity Business Solutions HIPAA Solutions SSL BSides qsa support exchange Internet Debian businesses Credit Cards security Accountability Act email accounts Control Panel credit card PCI Audit activesync assesment business community IT PCI Email eCommerce IT security OSSEC shared hosting iphone Business Planning GDPR Server Mangement log files spam Medical Records black friday health care providers DEF CON PCI Solutions openssl change sender policy infrastructure IT solutions information technology anti virus compliance data protection Reports hosting control panel HIPPA Domani Names Health Care Cybersecurity Healthcare Records bash cli spoofing Firetalk vps vulnerability scanning PCI compliance cybersecurity Security Cybersecurity passwords IT services command line ICANN business cyber protection PCI DSS 3.2 Internet Corporation Geekend Presentation TLS Health Insurance Portability Small Business members area Windows credit card payment eCommerce Solutions PCI Compliance mail server Las Vegas business solitions cell phone email Cloud Computing phishing HIPAA Business Solutions physical ZZ Servers Hosting Web Hosting INFOSEC Announcement password lamp CentOs PCI Data Security Standards Information Technology Assigned Names motivation Hackers video cyber security Internet infrastructure World Backup Day pci complliant hosting vyatta router firewall filter security PCI HIPAA InterWorx education follow.The HIPAA Privacy Rule Ubuntu backup solutions cyber liability insurance shared folders protect data compliant hosting data breach Positive Customer Impact small business HIDS ZZ Servers Co-Founder intrusion detection Shmoocon ipad amazon ec2 permissions caller-id Interworx-CP Linux management VPS Servers dsbl cyber monday Xen Vulnerability apache smartphone cyber spf search National Cyber Security Awareness Month personal information healthcare solutions Scalable Redundant Cloud Infrastructure PCI Hosting logical security two factor authentication dss Sysadmin QSA phishing attacks Charleston kerio David Zendzian PCI Service Provider DRP Compliance blackberry cloud infrastructure teensy computer security Alarm arduino TiaraCon physical security Online Business security circles Payment Card Industry social engineering Car Hacking Medical Solutions embedded Disaster Recovery Plan malicious software recovering data HIPAA solutions Home Depot Breach Continuous Monitoring network Zendzian employee training cyber monitoring multi-factor authentication