Tips for Business Continuity & Disaster Recovery
Updated: Oct 25
Many companies who we speak to for the first time have a very limited (or non-existent) Business Continuity & Disaster Recovery plan (BCDR). They are often just advised that backups are being taken by their existing IT Support provider and trust that whatever is being done is sufficient – until a critical system event occurs and it is discovered that they are not as protected as they thought.
All too often too – backups simply are not always created successfully and a failure to monitor and test backups means they are useless in a time of need.
These basic mistakes aside though, we wanted to delve a little deeper on two specific considerations which should define a good BCDR plan and which your IT Support or Managed Services provider should be discussing with you:
Recovery Point Objective (RPO) defines the maximum permitted amount of lost data in the event of a system issue.
Recovery Time Objective (RTO) defines how quickly a business can restore their data or systems and become fully operational again.
For both RPO and RTO, many businesses would love to define both values as zero. No data would ever be lost when performing a recovery and recoveries are instant. However, different solutions are required to achieve different RPO & RTO goals. The cost of these solutions increases the closer to zero a company sets these objectives. Your IT services provider should work with you to find the perfect solution for your specific needs and budget.
To begin to define the RPO for your business, you need to determine how much data your business can feasibly lose before the impact to the business is too severe. This will vary greatly from business to business. A company handling thousands of transactions every hour – which cannot be resubmitted – would find the potential of up to 1 hour of data loss to be devastating. Another company, who may only save a small number of documents throughout a 3 hour period, would find the same 1 hour RPO to be more than adequate.
With regards to RTO, certain businesses may be able to carry on without much impairment to their main businesses operations for a number of hours in the event of a system failure. In which case, a longer RTO, or time to recover, would be far more acceptable for them than it would be to the likes of a law firm, who require systems and data access at all times to be productive and serve their clients.
Naturally, different systems and data have varied business impact in the event of a failure. Some businesses would benefit from differing Recovery Time and Point Objectives (RTPO) for each those systems. An effective means of handling such scenarios would be to carve the business systems, data and applications into different tiers, each with their own RTPO.
Ultimately, a business should be able to depend on guidance provided by their IT Support and Managed Services provider to help them to first determine their Business Continuity & Disaster Recovery plans and then execute it, using the right solutions, to ensure your business is always protected and able to continue operations in the event of a major system issue.
If you would like to discuss your unique Business Continuity & Disaster Recovery needs, please get in touch with our team here at Firaya and we would be happy to get you started on your journey to fortified IT.