Disaster Recovery Planning for the Developer, Part 3
Making a Disaster Recovery Plan for Don's Web DesignWhen we last left off, we had discussed the creation and planning of a BCP, Business Continuity Plan, and a DCP, Disaster Recovery Plan, for your business. In this 3rd part of our series, we'll walk you through the steps it takes to create a DRP for our fictitious business, "Don's Web Design".
Mission Critical Aspects for DonAs we discussed previously, the first step in creating the DRP is to decide which aspects of Don's Web Design are the most critical to keeping his business up and running after a disaster. Don's office is located in his home, along with the most critical aspects of his business. Essentials that he needs in order to keep his business running include access to:
- his business data (records, tax documents, invoices, etc.)
- his client's website data (the actual files that make up their sites, including images, web pages, scripts, etc.)
- the databases that are the backend of those sites
- a working computer/server or servers
- a laptop
- 24/365 access to the internet, either via cable modem, cell phone or dialup
- contact information for his clients, vendors, ISP, etc.
- emergency services contact info (Police, Fire Department, Ambulance, Hospital, Utilities, Phone Companies, etc.)
- items needed for personal survival (food, water, medical equipment, prescriptions, etc.)
- means of communicating (i.e. cell phone, land line, radio, IM, fax, etc.)
- an alternate means of powering his computer/laptop, router, cable modem, etc.
Likely Threats That Don FacesNext in Don's planning is the task of deciding what types of disasters that he should plan for. Don's home is located in North Carolina close to the east coast, so he's got to plan for, among other things, in order of likelyhood of happening:
- computer failure (whether caused by virus, spyware, corrupt data, hard drive failure, etc.)
- power outages
- hurricanes, flooding and other natural disasters
Now that he's got a list of potential disasters for which he must prepare, he'll need to define how they would each affect his business.
Computer FailureFor Don's business, a computer failure would cause his business to come crashing down. It's imperative for Don to ensure that he has at least one working computer at all times. Having a backup computer on hand, cloned from his main computer, would come in very handy in the case of a computer failure.
Obviously it should be a priority for Don to make sure he routinely backs up his data, uses anti-virus software, has a firewall in place to keep out hackers, runs anti-spyware software and keeps his computer up to date with the latest patches and updates. Although these practices fall outside of DRP, the failure to keep his computer up-to-date and safe from outside factors can often be worse than many of the disasters that he may otherwise plan for.
Don should keep all of his client's contact information, important documents, vendor and emergency contact info on a storage device that can be taken anywhere, such as a USB "thumbdrive", just in case Don needs access to it while his main computer is down.
Power OutagesLet's say that Don's computer is fine--he's working away on a client's project and all of a sudden his area has a blackout and the power goes down. It may be down anywhere from a few minutes to a few hours to several days in a serious emergency. His client is in a different area of the country and is unaffected. It's important that Don be able to continue his work in order to finish the project in time. In short, Don needs a way to power his computer, monitor, etc. While there are many options for backup power, the first item he should have would be a Universal Power Supply (UPS)--this would allow him to save his work, shut down his programs and turn off his computer without losing any data. Next Don must have a way to power his computers while the power is out. This may just involve powering his laptop during an emergency by plugging it into his car's 12v outlet, or he could use a small inverter that's connected to his car battery.
If possible, Don should have a backup pure-sine generator that he can use to power small appliances, his computer system, phones, radio, etc. during a long term outage.
Hurricanes, Flooding and Other Natural DisastersNext in Don's list is a scenario in which his location is flooded for one reason or other, similar to the periodic flooding that happens in low lying areas and flood plains during the rainy season. Even if the power is still on and Don's computers are functional, it's unsafe to use them in a flooded environment. In this instance it's time for Don to gather his essentials and get to higher ground. This may be at a local shelter, a hotel room, relative's house--anywhere that isn't affected by the flooding. Once he is safely out of harm's way, he can rely on his laptop (or main machines if he's managed to bring them along) to get back to business. Preparation for this disaster may also include locating his computers and other equipment off the ground in flood-prone areas.
Since Don's already been preparing for flooding and power outages, he's halfway done with hurricane preparedness. Along with those previous measures, he needs to add enough food and water to last himself and his staff and/or family for several days, flashlights and batteries, a blanket, clothes for several days, prescription medication to last several days--in general whatever it will take for him, his family and/or staff to live for several days without any help from anyone--he should also have all of these supplies ready to move in case he has to evactuate from the area, preferably all located in a central location in labled plastic boxes--his "Go Boxes".
Preparing for an ice storm is essentially very similar to preparing for flooding, hurricanes and power outages. If Don's prepared for those disasters, then he's ready to handle an ice storm, or almost any other "natural" disaster as well.
TheftWhile it's difficult to prepare for a break-in or theft, there are some basic things Don can do to make the situation easier to deal with, should it happen. These measures include making an inventory of all of his equipment, taking digital photos of said equipment, and storing this data in a safe location, away from his primary business location, perhaps at a bank deposit box, off site storage center or even the home of a relative that is located in a different part of the country.
Terrorism/PandemicAgain--it's hard to prepare in advance for a terrorism attack or global pandemic. Some of the largest corporations in the world aren't prepared for such occurances, but Don can certainly learn about the preparations needed for such emergencies and start planning in advance. These are the least likely disasters that Don will face, however, he'll be much better off if he's at least taken the time to think about what such a disaster would mean to his business. Communication could be down, travel could be curtailed, the local stores could be out of food, the water in the area could be unsuitable for drinking, power could be out--in short, Don and his family/staff could be on their own for an extended period before normal business and life was restored to the affected area. Don should create a list of priorities to be dealt with in order of importance should such a scenario present itself, and he should work towards the goal of being able to keep his business up and running during such an event.
ConclusionNow Don knows the essentials that are needed to keep his business up and running, and he has an idea of what disasters he could face in his area. As a result of his planning, he also knows the effects those disasters would have on his business. The next step is to put all of this information together in his Disaster Recovery Plan. He should then print it out, and provide a copy to each member of his family/staff so they can read through and become familiar with it.
Once everyone is familiar with the scenarios, he needs to formulate a plan to handle each scenario, add it to the DRP, and practice it! Each scenario needs to be acted out as if it is happening, and he needs to go through the drill with his employess/family to see if his plan is successful. If he doesn't practice it until an event occurs, he'll never be confident that his DRP will work. In short, come up with a DRP, test it, and test it again!
In our next installment we'll discuss various software, hardware, tools and resources that you can use to create, test and enhance your own DRP. See you then!