A DRP is the English translation for Disaster Recovery Plan (or PRA).
The Disaster Recovery Implementation Plan or an IT Disaster Recovery Plan is a recorded policy and/or process designed to help an organization execute recovery processes in response to a disaster in order to protect the company’s IT infrastructure and more generally promote recovery.
What is the purpose of a DRP?
The aim of a Disaster Recovery Plan is to explain in detail the consistent actions that need to be taken before, during and after a natural or man-made disaster, so that the whole team can take these steps.
A Disaster Recovery Plan must address both man-made disasters that are intentional, such as the fallout from terrorism or hacking, and accidental, such as equipment failure.
Who needs a Disaster Recovery Plan or DRP?
Organizations of all sizes generate and manage huge quantities of data, much of it mission-critical.
The impact of data corruption or loss due to human error, hardware failure, malware or hacking can be considerable.
Therefore, it’s essential to create a disaster recovery plan for restoring your company’s data in Geneva or Lausanne, based on a data backup image.
What makes up a Disaster Recovery Plan?
A business continuity plan is a comprehensive organizational plan consisting of five elements :
- Business resumption plan
- Occupant Emergency Plan
- Business continuity plan
- Incident management plan (IMP)
- Disaster recovery plan
Generally, components one to three do not deal with IT infrastructure at all.
The Incident Management Plan generally establishes procedures and a structure for dealing with cyber-attacks on IT systems in normal times, so it doesn’t deal with IT infrastructure during disaster recovery.
For this reason, the disaster recovery plan is the only component of the BCP that concerns IT.
One of the first steps in developing such a strategy is a business impact analysis, during which the team must define IT priorities and recovery time targets.
The team must time technology recovery strategies to restore applications, hardware and data to meet business recovery needs.
Every situation is unique, and there is no one correct way to develop a disaster recovery plan.
However, three main disaster recovery objectives are at the heart of most DRPs:
- prevention, including appropriate backups, generators and surge protectors
- detection of potential new threats, a natural by-product of routine inspections
- correction, which could include brainstorming on “lessons learned” and obtaining appropriate insurance policies.
What should a DRP include?
Although specific formats for disaster recovery plans may vary, the structure of a disaster recovery plan should include several elements functionalities :
The objectives
A statement of objectives will describe what the organization wants to achieve during or after a disaster, including the recovery time objective (RTO) and the recovery point objective (RPO).
The recovery point objective refers to the amount of data (in terms of the most recent changes) that the company is prepared to lose after a disaster.
For example, an RPO might be to lose no more than one hour’s worth of data, meaning that data backups must take place at least every hour to achieve this objective.
The staff
Each disaster recovery plan must detail the personnel responsible for executing the disaster recovery plan, and make provision for the unavailability of certain people.
Computerized inventory
An updated IT inventory should list details of all hardware and software assets, as well as all cloud services needed to run the business, including whether they are critical or non-critical, and whether they are owned, leased or used as a service.
Safeguard procedures
The DRP must specify how each data resource is backed up – exactly where, on which devices and in which folders, and how the team is to recover each resource from the backup.
Disaster recovery procedures
These specific procedures, distinct from backup procedures, must detail all emergency responses, including last-minute backups, mitigation procedures, damage limitation and eradication of cybersecurity threats.
Disaster recovery sites
Any robust disaster recovery plan must designate a hot disaster recovery site.
Located remotely, all data can be frequently backed up or replicated to a hot site – an alternative data center containing all critical systems.
This way, in the event of a disaster, operations can be instantly transferred to the hot site.
Restoration procedures
Finally, follow best practice to ensure that a disaster recovery plan includes detailed restoration procedures for recovering from a loss of complete system operations.
In other words, every detail of bringing every aspect of the business back online must be included in the plan, even if you’re starting with a disaster recovery plan template.
Here are some procedures to consider at each stage.
What are the benefits of a Disaster Recovery Plan?
Clearly, a disaster recovery plan details scenarios for reducing disruption and quickly resuming operations after a disaster.
It is a central element of the business continuity plan, and must be designed to prevent data loss and enable sufficient IT recovery.
Beyond the obvious benefit of better business continuity in all circumstances, having a disaster recovery plan in place can help an organization in a number of other important ways, such as:
- increased productivity
- greater profitability
- improved customer loyalty
- compliance
DRP with Acronis, more than just a disaster recovery solution
With Acronis, it’s never been easier to guarantee business continuity.
That’s why Infologo works in partnership with Acronis in Switzerland and their DRP solution.
This is how we could sum up the Acronis solution in 3 words:
- simplicity: rapid deployment, ease of use and no training required
- efficiency: cost-effective solution with no infrastructure investment
- Security: Acronis Cloud-certified data centers and secure storage.
If you don’t yet have a solution to protect your data and limit incidents, let us know.
We’ll help you find the right solution for your needs.
The implementation of a DRP in Geneva or Lausanne is more than topical at a time when cyber-attacks are multiplying and targeting more and more SMEs in Switzerland and elsewhere.
