A Business Continuity/Disaster Recovery (BCDR) plan provides processes for a business to resume operations in the event of an incident that affects productivity.
As an integral part of any ServerConsultant security management plan, a BCDR plan helps avoid unnecessary downtime and lost revenue.
If a major component of your vital infrastructure failed today, what would you do? Do you have a plan in place for your business to continue, or would you be out of luck until the issue is resolved and the servers are back online? Having a BC plan is an important part of any IT security management program. With a BC plan, operations can continue in the event of a failure — whether it be a failure of an individual component, a whole system, or your entire data center.
At ServerConsultant, we specialize in creating an effective and reliable Disaster Recovery plan.
When your systems and servers are evaluated, a key issue is to identify Single Points of Failure (SPOFs) in infrastructure. An SPOF is one individual system, component, or process that, if it fails, stops operations either in that particular container or halts operations of the entire network.
For example:
Please note that the same principles and dangers apply to the backup servers as well. At ServerConsultant, we take disaster planning seriously and plan to protect you against the worst case scenarios. We have a network of geo-redundant backup systems spread across America, Europe and Asia. Don't forget to ask our team about our 3-2-1+1 Backup policy and cold storage systems for maximum protection against data loss.
After every possible failure point has been identified, reviewed and documented, our team creates a backup plan for when those items fail. (After all, it's not a matter of if they fail, but when.) System redundancy is key when creating contingency plans, especially for critical IT systems. While it may seem like an unnecessary expense, having multiple backup servers is absolutely critical to ensure ongoing operations of the business in the event of a system failure. For example, if your website is running entirely off an individual web server, ServerConsultant still invests in a second server that could be brought online quickly if the primary one goes down.
Additionally, both servers should always be online and use a load balancer to distribute requests evenly across them. This reduces the likelihood of a failure in the first place.
Having a BCDR plan for IT systems is usually easier because most of the time it just involves having spare equipment to swap in. Traffic and operations can often be temporarily routed to a backup network or server if the primary system goes down. This allows a business to continue while any issues get resolved.
After identifying single points of failure and creating contingency plans for each one, it's time to test those plans. Realize that it's one thing to have a plan, but it's another thing to have actually tested your plan and made sure that it works. Our team sets aside some time outside of normal operations to simulate a failure and see whether your process goes according to plan.
Whether the test was successful or not, document your observations and bring them to the next committee meeting. You can discuss how the test went and what areas can be improved.
More often than not, the first test of the business continuity process results in a failure. This is fine because what is important is that problems are documented, reviewed, and corrected for the next test. We communicate with our clients and the staff who are in the field doing the actual testing so that issues can be accurately identified and resolved. Once problems have been identified, we treat them as high-priority issues and ask you to provide the appropriate funding for the effort to fix them. After all, a failure of the BCDR plan affects your business in the event of a real incident and potentially results in more lost revenue than it would have taken to fix the problem. After fixes have been implemented, we schedule a new test and see whether the fixes work as intended. Regular testing with multiple contingency plans are necessary.
A good BCDR plan is not a set-and-forget document. It must be continually updated and adjusted as new equipment, processes, or operating procedures are incorporated into the environment.
Perhaps you upgrade or replace part of the IT system. If so, you now need to create a plan for the new system, and then test it.
If a business process change results in your old recovery plan being obsolete, you need to update and test it as well.
Your account liasion/manager must be informed of changes affecting the BCDR plan. That person works with the client and other team members to keep the plans and documentation up to date.
A BCDR plan can seem like an unnecessary use of time and money to many organizations; however, no organization is immune to failures of their systems, facilities, or processes. Having a proper BCDR plan ensures that your company can recover from these inevitable failures in a timely and cost-effective manner.
With the experts at ServerConsultant by your side you can be confident that your organization will be prepared for whatever comes its way.
