How to Prepare for an IT Disaster
What is a Disaster
A disaster is a catastrophic event occurring over a short period of time that results in widespread damage to your organisations ability to maintain operations, resulting in significant financial loss and potential business closure.
What is a Business Continuity Plan (BCP)
A BCP is a set of predetermined and documented steps to enable an organisation to recovery from a disaster, minimising the impact of the disaster end enabling continuity of Operations.
Creating a Business Continuity Plan
You should consider the following when creating a Business Continuity Plan.
What are your Businesses Critical Functions – What is the minimum required for the following.
- Deliver Services and Products that generate Sales and Services
- Procurement of Services and Supplies to Generate Sales and Services
- On Site Operations and Services to Create Saleable Products and Services
- What other essential Services should be provided for.
What functions is your organisation required to run as part of a Legal or Regulatory Requirement that should ne part of the BCP – Examples could include
- Air Quality Monitoring
- Humidity and Temperature Control and Monitoring
What business Functions can you delay recovery of. Examples Could include
- Research and development
Once the Business Critical Functions are defined to Continue Operations, Document what will be required to get the Functions Operational on an emergency Basis. Examples Could Include
- List of Suppliers / Equipment Rental Companies
- Replacement Equipment Rental
- Hire Temporary People
- Rebuild a Production System and Process,
Location of Business Continuity Plan Process Document
Physical Copies of the BCP Document should be stored Offsite in 2 separate Locations. In the case of a Disaster, the BCP Document should be retrieved and used to recover Critical Functions to an Operational State.
IT Disaster Recovery Plan
The IT disaster Recovery Plan must compliment the BCP in ensuring that IT processes, systems and Infrastructure is recovered to support and enable the systems being recovered by the BCP
An IT DRP Document must be developed that details the following.
- Location of Password List – should not be in DRP Document
- Details of all Subscription Software (Microsoft 365 etc)
- List of Hardware Configurations
- List of network configurations
- IP Address Schema
- VPN’s and VLANS
- Firewall Configurations
- Location of Configuration and Data Backups
- System Recovery Sequence
BCP and DRP review and Updates.
As an organisation changes and grows over time, the BCP and DRP will become outdated. When any major IT Changes are made, the BCP and DRP should be reviewed and updated to reflect the changes.
A Yearly review of the BCP and DRP should be done to ensure that it they are up to date, and no issues are experienced during a Disaster.