Disaster recovery planning is a very large topic, with just one part being about backing up and recovering your data. To give you a real life example of what I mean by saying that data backup and recovery is just part of an overall disaster recovery plan, I will refer to a recent posting on Reddit. The post talks about how the System Admin gets a ticket saying that the power is out in their office in Kiev and that the UPS battery is down to 13%. In response, the technician at the office simply shuts down the gear. The next day they received a news report that basically stated that the entire building, that was once their Kiev office, was no longer functional as fire and collapsed floors had completely devastated it. The System Admin ends his post by asking how is your disaster recovery plan, and have you tested it.
When you start thinking about planning out your disaster recovery plan, you need to think about completely unrealistic disasters, along with the normal types of disaster crisis scenarios. If you have a disaster recovery plan already in place, does it take into account what happens if the office is completely destroyed or is inaccessible? How about multiple points of connectivity? When was the last time that your disaster recovery plan was actually tested?
It is a good practice to update and test your disaster recovery plan whenever large changes are made. What happens when you have everything set the way you want it and nothing huge has changed? My suggestion is to treat it like your smoke detector; twice a year when the time changes and you change the batteries in your smoke detectors, test your entire disaster recovery plan. Testing that plan should include asking yourself questions and exploring "what if" scenarios like: what happens if Bob, the main System Admin goes missing or dies by the proverbial bus that hunts down System Admins, or what happens if the building is on fire and everything inside is gone, or what happens if the cloud service you rely on for production/backup/disaster recovery suddenly closes its doors. All of these things needs to be accounted for along with many other scenarios in order to be able to recover from a disaster and continue running your business.
It seems like one of the hardest things to do is to make the time to either create or test your disaster recovery plan. Most of the time it seems like it comes down to time, and not having enough time is the biggest excuse given for not creating or testing a disaster recovery plan. This issue of time almost always comes down to priorities. When creating or testing your disaster recovery plan is too low on your priority list, it simply never gets done.
One of the best ways to go about pushing up the priority of disaster recovery is simply to think about how much each minute, hour, day, and week of downtime will cost the company. For instance, say an hour of downtime on the company website costs the company $3000 in lost e-commerce revenue. Now multiply that over hours or even days and your talking about huge potential losses that could have been avoided. Plus, that is not even factoring in the potential revenue loss of new customers who may not even consider your company after not being able to read about your company/products or the negative affect it has on the company image. The costs, even in this small scale disaster scenery, add up quickly.
The reality is, if you think data loss won't happen to your company think again. 74% of companies have experienced data loss at the workplace and 32% of companies take several days to recover from the loss of data. The scary truth is 16% of companies that experience data loss never recover. When you think in terms of the potential cost to the company, it should help you prioritize your disaster recovery planning and testing along with justifying the costs of both the planning, infrastructure, and testing.
I think Benjamin Franklin said it best when he stated "If you fail to plan, you plan to fail." When it comes to disaster recovery, failing to have a plan is a sure-fire way to set the company up for failure in the event of a disaster, and it could cost the company everything.