For the past few weeks, we have taken a look at disaster planning and recovery and this week, to wrap things up, we are presenting a “checklist” of best practices for your consideration.
The value of daily continuity, the ability to recover quickly from minor outages, must be taken into consideration when you quantify the cost of business continuity in general. Businesses that experience frequent downtime know that it can be expensive. If yours is a company that has seen repeated short-term downtimes, you are probably very well aware of this. If this is the case, you need to re-evaluate your RTO and RPO to ensure you are adequately recovering your business following events like this. Of course, you also need to look into why these events are repeating.
RTO: Recovery Time Objective – the amount of time it will take to restore lost or corrupted data.
RPO: Recovery Point Objective – the point in time to which you can afford to lose some data. In other words, can you afford to lose a week’s worth of data (not many companies can), a day’s worth, an hour, or none at all.
For companies whose goals are zero to very short recovery periods, they should be evaluating a move to managed IT service providers who will work under service-level agreements guaranteeing acceptable RPOs and RTOs for their critical applications. Under service-level agreements, you can even specify zero downtime for those critical applications.
It is probably not necessary for all your business applications to have the same RTO and RPO. Typically, you will want your email and business contacts to be recovered almost immediately, but some areas, such as accounting and inventory, can generally tolerate being down for several days. To recover quickly, this type of data can actually be stored in smartphones and other remote devices as alternate back-up solutions.
Included in recovery time must be the time required to upload data along with the application itself. Two examples:
1) a CPA firm may have to upload hundreds of complex accounting documents
2) an architect may have to upload a terabyte or two of blueprints and other drawings for his people to work with before they can be fully functional.
When all your research and calculations have been completed and plans for upgrading your disaster prevention and recovery strategy have been completed, make sure all your work is fully documented and stored. This information can be critical in resolving issues in the event of such a disaster, and for future upgrades, as well. No sense ever having to go back to “square one”.
Your backup and recovery process should be tested at least once a year. If this is beyond the technical capabilities of your in-house staff, a qualified managed IT support company should be hired to accomplish this.
A rule of thumb in the industry is this: the total cost of your disaster prevention and recovery program should not exceed the losses it is designed to prevent. You don’t spend $2 to save $1. But it does make sense to spend $.50 to save $1.
If disaster recovery and prevention is an area you would like to explore, give us a call. We have been providing managed IT support services to small to mid-sized businesses in the Atlanta metro area since 1992, and we would welcome the opportunity to answer your questions. Call us at 770-629-9615 or contact us online.