7 Tips for a Disaster Recovery Plan

Superstorm Sandy, which wreaked havoc for thousands of people up and down the east coast in October 2012, taught us many things. Most notably, the importance of emergency preparedness and the necessity for government agencies to invest in a disaster recovery plan. For many, Superstorm Sandy was a worst case scenario:

• 130- deaths in the U.S.
• 8,100,000- homes lost power across 17 states
• 25,000,000,000- Estimated dollar value of the lost business activity as a result of Sandy, according to IHS Global Insight.
• 465,000- FEMA applications filed in N.Y. and N.J
• 380,000- Homes damaged or destroyed between NY, NJ and Connecticut
• 2 days- The New York Stock Exchange was closed for 2 consecutive days- the first time in 100 years

In addition, many state and local government agencies were shut down for days, even weeks in some areas. With these agencies shut down, employees unable to go to work, and communications between various departments cut off, many government services that people rely on were unable to proceed. Moreover, with the volume of data agencies are not collecting, agencies are at a higher risk for losing important information.

Disasters happen. Sometimes we can see them coming, other times there is very little warning. These crises often do, disrupt government and organizational functions and services and impact personnel and resources. For this reason, Continuity of Operations Plans (COOP) are essential for ensuring government agencies at all levels can continue to provide essential functions to constituents. That is why preparing and investing in a recovery plan is so important. Although government agencies know this, many key components are often either overlooked or not fully tested. For example, according to a MeriTalk survey from December 2012, government agencies haven’t done enough to prepare for disasters when it comes to mission-critical data:

70% of the MeriTalk survey respondents gave their agency’s “complete data backup and disaster recovery preparedness (including people, processes and technology)” an A or B grade. But, that doesn’t explain the whole picture. According to the survey, only 54% of agencies have tested their disaster recovery plan in the last 12 months. Furthermore, only 8% of respondents are “completely confident” they could recover all their data required by their SLAs in the event of a disaster.

Developing a disaster preparedness plan is essential to ensuring your data remains safe and operations run as smoothly as possible during an emergency. The below checklist can help state and local agencies take the first steps to avoid costly shut downs and reduce inconvenience to constituents as much as possible. I encourage you to check out the full list here.

• Assess your current plan and prioritize essential services. Agencies should conduct a business impact assessment that prioritizes critical processes for the entire organization. Agencies should “tier services” in order of the time they must resume operations to minimize impact. For example, processes that need to continue immediately should receive an “A” rating. Processes that can be continued within 24 hours could receive a “B” rating etc.
• Take steps to protect data and enable access. Aside from people, information is the most critical asset for almost every organization. Just as agencies should set a recovery time objective for mission critical services, they should rank the impact of lost data. Agencies might even consider upgrading backup equipment to a faster version to reduce the time required to complete a backup cycle, and they might even back up continuously for mission critical data.
• Review power and cooling systems. Agencies should add uninterrupted power supply (UPS) to keep the most essential applications running. A UPS battery backup unit serves as a bridge to keep IT systems running until main power is restored, a secondary power source is deployed, or until the IT system can seamlessly be shut down.
• Identify and appoint a cross-functional preparedness team. Agencies should create a team from various departments to identify and prioritize critical processes, design and test the disaster recovery plan, and select an outside service provider. A recovery team, which will participate in recovery activities after any declared disaster, should also be developed.
• Document, test, and update. The cross-functional preparedness team should develop a disaster preparedness plan that includes logistical details, including directions to backup sites and a list of people who have spending authority for emergency needs. The plan should clearly identify the role of each individual on the cross-functional preparedness and recovery teams and be tested in an environment that simulates an actual emergency.
• Consider telecommunications alternatives. Essential to any agency’s disaster preparedness plan is a contingency plan for telecommunications. Agencies should become familiar with their telephone service provider’s emergency power capabilities. Agencies should also consider call forwarding and establishing an 800 number to improve accessibility during a disaster.
• Form tight relationships with vendors. Hardware, software, network, and service vendors can help expedite recovery, as these contacts often can ensure priority replacement of telecommunications equipment, personal computers, servers, and network hardware. Strong vendor relationships are especially important for small agencies, which may lack the resources that larger organizations can tap in an emergency.

What else would you add to the list? What lessons learned and best practices have storms like SuperStorm Sandy taught your agency about preparing for emergencies and potential agency shut downs?

HP’s mission is to invent technologies and services that drive business value, create social benefit and improve the lives of customers — with a focus on affecting the greatest number of people possible.