Businesses and organisations rely on the smooth running of their IT systems. But what happens when something goes wrong? As we have discussed before, it is important that a comprehensive disaster recovery plan is put in place, to help avoid, mitigate and prepare for a disaster. But what happens when the theory becomes reality and disaster strikes? That’s when you need a clear and concise disaster recovery policy.
What is a Disaster Recovery Policy?
A disaster recovery policy is the distillation of the wider disaster recovery (DR) planning, into a single, concise, and clear document. The policy should identify critical business systems and data, defining the systematic approach required to recover and maintain their availability in the event of a disaster. The policy should cover any business-critical assets, including hardware, software, data, facilities, and key personnel.
Disaster Recovery Policy versus Disaster Recovery Plan
A disaster recovery policy should not be confused with the wider DR plan. The disaster recovery policy is a high-level statement that defines how an organisation will act when a disaster occurs. It will have buy-in from the highest level of an organisation. It will be written in plain English so that non-technical staff can understand it and act appropriately in the event of a disaster.
A Disaster recovery plan provides a wider detail of the many risk scenarios and recovery methodologies that apply. The plan will contain the step-by-step recovery process and will be a more technical and detailed document. The DR policy may refer to the DR plan.
Why is a Disaster Recovery Policy Important?
A well-considered and understood DR policy will help an organisation to understand which assets, systems and data are critical and need to be protected, and where priority should go for recovery. It helps reduce the financial and reputational damage caused by an unplanned outage. It allows the organisation to invest in the assets that most need protecting. It also provides peace of mind to employees and key stakeholders, that an incident does not necessarily mean a disaster!
What should a Disaster Recovery Policy include?
No two DR policies are the same, because each organisation and business is different. However, policies are likely to contain a common set of components.
Scope – definition of what is, and as importantly, is not included in the policy.
Objectives – the aim of the policy, for example, to establish a control centre, communicate to key stakeholders, activate specific recovery plans, and reinstate the affected systems.
Roles and responsibilities – a clear definition of who does what and of the organisational structure deemed appropriate for the recovery plan. This is likely to be different to BAU operations.
Communication plan – A clear definition of what information should be communicated, to whom, and the appropriate channels to use. Poor, or ad-hoc communications can make a bad situation worse.
Summary of the DR process – this may be an outline of the key milestones for recovery, or simply detailing where the recovery process is documented and how to access it.
Document version control – vital to ensure everyone has the latest documents!
As you can see, the policy is very much a summary document, but one which is vital to ensure that everyone understands the recovery plan, and can act accordingly when the time comes.
How can Mintivo help?
Mintivo has a wealth of experience in disaster recovery planning, including the creation of effective plans and policies. As an experienced third party, we help businesses identify which systems and assets need the most protection, and then design, implement, and test a watertight disaster recovery plan and policy to meet your business needs and budget.
To find out more, you can Email us at hello@mintivo.co.uk or call us on 03300 88 33 10 and a member of our friendly team will be happy to help you.
