You’d think that by now, in a time of inevitable power outages, cyber attacks, global crises and ever-present human error, organizations would have fortified their technology by developing solid IT Disaster Recovery plans. But the reality is, nearly half of them still don’t have a companywide ITDR policy in place, which can expose business operations to serious risks.
And those that do have ITDR plans in place may be overestimating their effectiveness. According to a Recovery Point article, a recent Gartner survey found that while 86% of information and operations leaders said their recovery capabilities met or exceeded CIO expectations, “only 27% of that group consistently undertook three of the most basic elements expected of a [disaster recovery] program — formalizing scope, performing a [business impact analysis] … and creating detailed recovery procedures.”
Walking blindly through IT disaster recovery tests
Another issue that fuels overconfidence in ITDR plans is too much faith in testing. In a Cutover discussion entitled “Have we been fooling ourselves about testing?” at DRJ’s March conference, Northpointe Bank CTO Michael Gibeaut recalled drawbacks he encountered with traditional, time-consuming testing: “We walk through these exercises blindly … we check the boxes we worked with risk, we work with our compliance partners but [the test] truly isn’t what would happen in an actual event,” he says. “So, we have to change the way we think.”
The need for new ways of thinking about ITDR planning and testing is growing more urgent. Data breach costs reached $4.24 million, the highest average total cost in 17 years, power supply threats surged, and software issues caused major disruptions and recalls.
“Technology is now at the center of company operations,” says Darren Lea, Cutover Product Manager for Operational Resilience. “Along with that increased focus and attention on having the right technology, should come an equivalent focus and attention on ensuring those technology services are resilient. That starts with a plan to recover if things go wrong.”
We’ve gathered insights from Lea and other experts to help you create a resilient, realistic and effective IT Disaster Recovery plan.
These 5 steps to creating an ITDR plan can set companies on a course to:
- Prepare more effectively for increased regulatory scrutiny
- Define and prioritize risks properly
- Better meet customer expectations
- Help trim costs and save time
1. First step: Know thy organization
To begin your IT DR plan, confirm the technology services and infrastructure that underpins the services you provide to customers. Take a frank look at gaps in your current ability to handle a crisis and consider different scenarios you might face. Examine the risk vs reward of testing your plan, create a plan that everyone can see and understand and make sure every person involved in your plan embraces it. You also need to be able to understand when you should and shouldn’t be flexible about your plan.
2. Testing your IT DR plan: Practice how you play
Next, determine when and how often you need to test your IT DR plans and work to make your tests as realistic as possible. Evaluate how much time you currently need but aim to reduce planning time to better reflect how you would react in a real crisis, and involve stakeholders at all levels in test activity to more accurately replicate what would happen in an actual incident.
Most importantly, practice how you play.
3. It's go time: Executing an IT DR plan
Communications and transparency are key to making your disaster recovery process run smoothly, so make sure you have an effective communications strategy in place. This includes clearly outlining priorities to ensure that the most critical business operations are prioritized.
4. After the disaster: Learn from your mistakes and successes
Once your recovery is complete, revisit your IT DR plans, dig into the details of timing, look at how both your people and your technology performed, and get feedback so you know how you can improve for next time.
5. Summary and silver linings
IT Disaster Recovery incidents are inevitable — it’s never a question of if — it’s always one of when. But with solid IT DR plans and a platform like Cutover, you can minimize outages and save on the costs associated with them.
There are also many intangible benefits to creating IT DR plans using runbooks. Both the testing time and actual incident recovery time can be greatly reduced — and that can give employees their weekends back. In an era where companies are struggling to retain IT talent, The right IT DR strategy and platform can provide an environment where people can do more high-value tasks, have more free time and can empower you to let your tech team do what they are most motivated to do.
“We still come across firms that don’t have adequate IT DR plans,” Lea says, “But they get that they should have plans. And that their spreadsheet-based planning isn’t enough. When you have many people doing many things in a time-pressured and time-precious scenario, Cutover is a highly effective way to sequence and orchestrate your activities.”
Ready to see how Cutover can help your organization plan, test, and execute a successful IT DR plan? Schedule a demo now.