The ever increasing amount of data that companies are accumulating has become a huge challenge in the last couple of years. More and more data is now gathered, processed, transferred and stored in internal or external data centres. Since sophisticated software to accomplish such tasks is becoming increasingly affordable big data analysis is becoming a mainstream trend. But with rising in data also comes the rise in risk of becoming a victim of data loss.
What are the effects of data loss?
Data loss can have severe effects for a company or individual. When the data is used for business, a loss of frequently used data can – in the worst case – lead to bankruptcy, e.g. when deadlines can´t be met in an ongoing project or databases are not available anymore. Kroll Ontrack surveys show: Having backups doesn’t necessarily mean that they will work when disaster strikes. Therefore having a solid business continuity plan as well as a sound disaster recovery plan is more than a nice-to-have-item, it is a necessity!
What is a business continuity plan and what does it include?
A business continuity plan (BCP) should help a company in case a business is disrupted. When a business is disrupted it usually costs money. To keep these losses to a minimum a BCP document should cover all necessary steps and schedules to make the needed resources, processes and functions to run again.
What is a disaster recovery plan and what does it cover?
A disaster recovery plan (DRP) is a documented process to recover a business IT infrastructure in case of a disaster. A disaster could happen because of natural or man-made reasons. Blizzards, storms or floods are examples of a natural disaster. Terrorism or hacking attacks such as the recent ransomware cases are examples of man-made disasters. In many cases when disaster strikes, the IT environment has severe problems, data loss is a likely outcome.
What has to be considered when developing a BCP/DRP?
- A good BD/DR plan should not only cover the usual reasons for data loss like; hardware failure and natural causes. It should also cover incidents which are not so common like; data loss due to hackers, criminals or sabotage. Every company should adapt their BC/DR plans to new hazards which maybe now unknown.
- A good BC/DR plan should always be created with the participation of everybody involved in the process. It just does not make any sense to create a plan for one or two individuals then and execute it by management order. The more people who are involved in creating such a plan, the more likely you are to discover possible pitfalls. Additionally, employees can identify vulnerabilities and capacity planning requirements way in advance.
- IT consultants often state that a risk assessment analysis is necessary to create a decent BD/DR plan. This document lists all of the possible threats to a company and verifies if the company is in a position to protect itself against each treat. A Risk Assessment only defines what can cause a failure, not its
- Tests are necessary to make a BC/DR plan work efficiently when a disaster strikes. When developing your plan be sure to incorporate a planned test. Trying to cut costs and making only limited tests won’t ensure company security. When a disaster strikes, the cost will be much higher, in the end, be sure to get the needed budget in the first place.
- Frequent updates are not only necessary for the used software and hardware in your company, but also for your BC/DR plan. It is not so uncommon to have a BC/DR plan that comprises of 100 or more pages to cover every step in total detail. Since technologies change so often it is wise to divide the plan into several separate steps for a better overview and changes later on.
- One important question is often asked regarding the use of BC and DR plans: is it really necessary to develop a huge BC/DR plan with hundreds of pages long? The answer is: no. Sometimes a simple 2-10 page document with the needed information should be enough to cover all the necessary steps on how to react in case of a disaster or data loss. This, of course, depends on the structure of your company and its rules and regulations. When a huge document is necessary it is wise to create another shorter version of this plan to make the most needed steps available fast to the employee in charge.