When you plan to build or implement an IT system (e.g hardware system, network infrastructure, cloud solutions, business software …), all the important aspects that need to be seriously prepared and executed to ensure the build/implementation is successfully (such as human resources, detailed activities plan, requirements, change management, monitoring …) there is still a last but not least item that you should also consider, it is a Disaster Recovery Plan (DRP).
So, what is a disaster recovery plan (DRP)?
A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP aims to help you to resolve data loss and recover system functionality so that it can perform in the aftermath of an incident, even if it operates at a minimal level.
What are the main steps and key areas that need to be covered in a DRP?
The disaster recovery plan process involves more than simply writing the document. Before writing the DRP, risk analysis and business impact analysis can help determine where to focus resources in the disaster recovery planning process.
A DRP checklist/ contents should include the following:
- Identify the scope of recovery, for example, HRMS application and database
- Gathering relevant network infrastructure documents; internal or VPN connection information.
- Identify the most serious threats and vulnerabilities (can review the history of unplanned incidents and outages, and how they were handled)
- Identify the backup resources (e.g. backup devices, backup locations …)
- Identify the expected recovered resources (e.g. latest application batch, last 1 day from incident happening day database ….)
- Identify the steps to work on the recovery activities, define clearly who is the in-charge person, what they will do, how long they need to complete the tasks.
- Identify what are the activities that need to perform by the relevant users after the system up and run and indicate an expected confirmation.
- Identify the management team who will review the DRP and approve it for execution.
The DRP should be tested to ensure all the steps, tasks, and resources are well prepared; any adjustment in the plan to make it more proper or suitable to the real environment should be done in this step.
Finally, the DRP should be reviewed at least yearly basis, to ensure it is still applicable to the operation or latest system delivery.