Do you have a data disaster recovery (DR) plan?

Have you conducted a disaster recovery drill to make sure your DR plan is effective?

Whether it’s sophisticated cybercrime, such as ransomware attempting to steal data, or natural disasters that halt emergency management systems – it’s more urgent than ever for municipalities to protect their IT infrastructures and data.

Today, many government organizations are responding to IT threats by putting plans in place that will guide them in time of emergencies. In the state of Connecticut, a report on cybersecurity  stipulated “…from utilities to key industries …critical systems are vulnerable to computer hacking and data theft …that could lead to financial reversals, fines and penalties and major distractions from conducting business.”

Create a Disaster Recovery Plan:   

Whether it’s a power outage at the utility plant or a massive hurricane or storm ravaging the area – or even a ransomware attack halting systems, an effective DR plan will include processes and procedures to recover mission critical data.  The prime objective:  minimize downtime after an emergency so that your department can be up and running as soon as possible.

A DR plan will help your organization take stock of your IT infrastructure and ensure the proper hardware and software and redundant back-up systems are in place to help minimize damage/downtime.

Your organization should work with your IT team and/or solution provider to build a DR plan that includes the following:

  • Recovery Time Objective or RTO: The RTO asks, how long can your organization or department withstand an outage due to a crisis before there are negative consequences?  According to Continuity Central.com, “…defining the RTOs is to define the ‘maximum tolerable period of disruption’ (MTPD) for the activity in question. … the time it would take for adverse impacts, which might arise as a result of not providing a …service…”

Working with a solution provider, your DR plan can outline the proper IT technologies your department needs to have in place “…to recover or restore critical and less critical business functions that fail…”.

Recovery Point Objective: TechTarget defines RPO as the “…age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down. Once the RPO for a given computer, system, or network has been defined, it determines the minimum frequency with which backups must be made.”

Business Continuity Plan: An organization should also have a business continuity (BC) plan that outlines the processes/procedures to be implemented “…to ensure that mission-critical functions can be up and running after a disaster,” writes TechTarget.

ReadyGov.com specifies that the BC plan requires a “business continuity team” that will be on the front lines to manage an emergency.  As such, the plan should outline the trainings/drills that must take place so the team knows how to implement data/systems recovery strategies.

According to TechTarget,  the following are primary elements of a Business Continuity Plan:

  • Emergency team names and contact details
  • Lists of mission-critical equipment
  • Lists of vendors and suppliers
  • Lists of vital records and critical business documents
  • Organization charts
  • Lists of minimal operational requirements to resume business
  • Lists of emergency supplies, such as medical supplies, flashlights, and radios

 

An emergency or crisis leaving critical services down can occur at any time.  At DiamondIT, we have the professional staff to help your organization create and execute disaster recovery plans and drills.  Contact us at www.diamondit.pro or for more information.