Zetta Blog

How to Write Your First DR Plan

How To: Write Your First Disaster Recovery Plan

by Laura Knight

So the company needs a Disaster Recovery plan, and you’ve been tasked with getting it done.

Let’s start with some parameters: the requirements for creating a DR plan vary wildly depending on the size and breadth of an organization. If you’re in this situation, however, you’re probably not running IT at a major enterprise with a comprehensive budget and well-staffed department. More likely, you’re at a smaller business, and you ARE the IT department. This is the scenario we’ll be focused on in this blog.

So with that in mind, what happens when the business owner (/ sales manager / CFO) pops over to your desk, and tells you she needs you to put together a Disaster Recovery Plan?

Step 1: Determine the Goal

The first step is figuring out what your boss actually wants. In its most expansive sense, “Disaster Recovery Plan” can cover every facet of how your business will bounce back, including HR, facilities and financing concerns. If this is what the company is looking for, then it’s too big of a job for just IT to handle – you’ll need cooperation from everyone in the company who handles those issues (although depending on the size of the business, that may well just be you, the owner and the accountant that comes in on Thursdays).

On the other end of the spectrum, sometimes “we need a DR plan” just means “we need a piece of paper we can wave around to make our insurance happy.” It’s easy to come up with a “DR plan” that’s never meant to actually be used, but we’d strongly advise against it. If and when there actually IS a disaster, you’re going to need an actual plan designed to work in real life.

Often, however, “DR plan” means “plan for how IT will get our data back and our servers running again.” This brings us to the next step.

Step 2: Figure Out Your RTO/RPO

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are the cornerstone of your disaster recovery plan:

RTO is how long your company is OK with not having access to your data. If the business can go a week without data before it starts to suffer, your RTO might be a week. If business starts to hurt after an hour, then your RTO might be an hour. Once you know this, you know the timeframe you need to plan around.

RPO is how much data your company is OK with losing in a disaster. If your main server suddenly fails, you’ll lose any data that wasn’t included in your last backup, so RPO tells you how frequently you need to make backups. We strongly recommend backing up at least one a day.

Once you have your RTO and RPO, you have the parameters you need to start your plan. You know how often you need to back up, and how quickly you’ll need to get your data back after a disaster.

As part of this exercise, you’ll also need to evaluate your backup solution and its recovery times. If your current solution can’t meet your RTO/RPO requirements, you’ll need to start looking for one that can.

Step 3: Determine How to Get Backups Offsite

It bears repeating that the only real backup is offsite backup. While a big proportion of data loss is due to either hardware failure or employee mistakes, natural disasters can happen to anyone. If a faulty wire sparks a fire that destroys your building, or if a water pipe bursts and puts your office under several feet of water, any backups stored on-site could be destroyed along with your primary servers. In a serious disaster, the only data you can count on being recoverable is data stored away from your office.

There are several options for this, depending on the backup method your organization uses. Your offsite backup solution might be tapes stored by an external storage specialist, a removable hard drive taken to another location at the end of each day, an appliance that replicates data to offsite hardware or a direct-to-cloud software solution that transmits your data to a secure cloud for safekeeping (and if you’re looking for that last one, you should really check us out).

When choosing an offsite backup method, make sure it’s practical for meeting your RTO and RPO.

Step 4: Test, Test, Test

So you’ve got your objectives, your offsite backups, and your plan for what to do if everything goes sideways. Great! Now try it out in real life and make sure everything works the way you expect. If there are any surprises, refine your plan and try it again until you get the results you want.

Once you’ve got the plan ironed out, remember to run regular tests anyway, just to make sure everyone knows what to do. DR plan testing is a lot like fire drills – you don’t want your first time trying it out to be when there’s smoke pouring from somewhere.

Need a bit more to go on? Learn more about putting together a Disaster Recovery plan or get in touch.

Laura Knight
Laura Knight

As Content Marketing Manager, Laura writes, edits, designs and is always on the lookout for new ways to tell the Zetta story.