In a perfect world, mid- to large-cap organizations can muster the money and people to protect their IT infrastructures from the worst kinds of unacceptable risk, but the fact is, it’s a rare accomplishment. That’s why implementing disaster recovery (DR) programs in stages could be the way to go for many organizations.
Operations that are most critical to your organization inform the level of risk you face — and whether you may choose to prioritize certain aspects of a DR plan to save time and resources. Here are four levels of a prioritized disaster recovery program:
Level 1: Back Up Your Most Important Data
To start, most organizations need to recognize that data is really their most important IT asset: it could be proprietary data or a crucial IT component that provides access to data such as storage or communications. Loss of data in some organizations may have an impact in mere seconds and could severely impair company operations.
To achieve the absolute minimum level of DR readiness, you must locate and identify the data for your top (three?) applications and copy that data to a safe location offsite. You will also need to identify key IT support staff for these applications in order to help recover when necessary.
To determine the top (three?) applications for your organization, you will need to assess which are the most immediately important for revenue generation and/or survival. For a service organization, it may be order processing, customer tracking, or email apps, while for products companies, it may be the procurement, production or financial systems that take the highest priority.
Level 2: Replicate Top (Three?) Application Systems
Going one step deeper into a DR program, the second-level plan would involve replicating the entire application “system” —not just the data—in a secondary, safe location and synchronizing it with your main site. This means not just knowing your top three applications, but understanding how they work, which IT resources support them, and safeguarding processing, storage, and communications.
A Level 2 plan requires the assignment of DR-specific accountability to key individuals, whether in-house or on a contract basis. Once the applications are cloned and a communications link has been created, you will need them to develop, document, test and maintain the backup systems to make sure they operate fully.
Level 3: Phase-in a Complete DR Program
Progressing to the next level, your organization may need to accommodate off-site a complete list of systems in order to ensure the highest level of continuity. You will need to evaluate your systems in terms of priority and divide them into tiers, with each tier having its own target recovery speed and strategy.
Organizations in the $50 to $500 million revenue range typically operate between 100 and 200 individual application systems. Wading through a planning and implementation process with these volumes of systems and data, and then assigning tiers of priorities, can be a contentious process that may be best achieved alongside accredited DR professionals.
Level 4: Fully Embed DR in a Business Continuity Program
Level 4 represents an organizational commitment to full operational crisis management, a top-down program created in response to severe risk exposure or following a real-world experience of event-driven loss. It is much easier to discuss an investment in DR when cash flow or revenues are at risk. A business impact analysis may reveal that partners, customers, and other stakeholders require your assurances that business operations will continue with minimal disruption.
The most important thing to remember when deciding what level of DR plan your organization should take is this: at what point is your solvency protected? If maintaining an acceptable cash flow can be guaranteed simply by making sure certain data is protected, then you will only need a Level 1 plan, but a high level of sensitivity between your application/production systems and your revenue stream means that your organization needs to develop a more comprehensive DR plan in order to recover faster to protect that revenue.
