Disaster Recovery Planning for the Developer, Part 2
What is a Business Continuity Plan?The first step in designing your Disaster Recovery Plan is to put together your Business Continuity Plan (BCP). According to Wikipedia, Business Continuity Planning is a "methodology used to create a plan for how an organization will resume partially or completely interrupted critical function(s) within a predetermined time after a disaster or disruption." This differs only slightly from the definition of Disaster Recovery Plan, which is defined by our own Webopedia as "a plan for business continuity in the event of a disaster that destroys part or all of a business's resources, including IT equipment, data records and the physical space of an organization." Generally, you first create your BCP, and then design your DRP to be able to support the BCP. Confused? Don't be--we'll explain it as we go along.
A BCP is a dynamic document that is constantly being revisited, revised and tested. This "manual" of sorts is usually kept in a safe location, one that is as far from your business' physical location as possible. It usually contains the contact information for critical staff members, along with the specific information that would be required to ensure the continuity or continuation of the business. This info could include contact info for key computer equipment suppliers, the location of your business' backup data, emergency service numbers, an employee phone tree, and any other information that could come in handy in order to restore the business to operational status.
Creating a Business Continuity Plan for Your BusinessCreating the BCP for your business, (and yes, that would even include a small web development company that is located in a home office), starts with an analysis of which aspects of your business are critical to keeping your business operational, along with a list of the specific threats that your business may face, and the impact of those threats to your business should they occur.
For many developers, the most critical aspects of their business are:
- their business data
- their client's website data
- the databases that are the backend of those sites
- a working computer/server or servers
- 24/365 access to the internet
- contact information for their clients, vendors, etc.
- emergency services contact info (Police, Fire Department, Ambulance, Hospital, Utilities, Phone Companies, etc.)
- items needed for personal survival (food, water, medical equipment, alternate power, etc.)
What are the Likely Threats that your Business Faces?Today's world has changed quite a bit from the world that our grandparents inhabited. While they had to deal with fires, tornadoes, flooding, hurricanes, ice storms, earthquakes, tsunamies, pandemics and other natural disasters just like we do, they didn't have to prepare for technological disasters that weren't around when they did business . Along with natural disasters, we have to also be prepared for internet outages, power outages, hacker attacks, virus attacks, physical terrorism, cyber terrorism, data corruption--the list goes on and on.
Which scenarios are the most likely to affect your business in your specific location (or locations if your business is located in different areas of the country or world)? A good way to decide what potential disasters your business may face is by looking into the past. Have there ever been devastating floods in your business' location? Hurricanes? Terrorism? Does your business have an increased chance of disaster due to your proximaty to other things in the area, such as power plants, the ocean, rivers, etc?
For developers, we need to know just how secure our website data is, as well as our client's data. Do you regularly make backups of all that data? Where is the physical location of that stored data? Do you have a plan in case the data in that location is destroyed? What is the disaster history for that location?
Define the Impact of Disasters On Your BusinessOnce you've defined the most likely disaster scenarios that could affect your business, you need to specify just how these scenarios would affect your business if they occured. A 2-day power outage would mean that you'd have to either be able to run your business from another location, or you'd have to be able to provide alternate power locally to run your business (assuming an internet connection was still available). This could be as simple as a backup generator and the fuel needed to run it for 2 days, or it could be as extensive as having a backup power system built into your location, such as solar or propane gas power. It could mean that you'd have to get by with fewer computers, etc. and run on a large backup Universal Power Supply (UPS). This would also be defined by those mission criticle specs that you will define in your BCP.
Another possible scenario could be a local weather phenomenon, such as an ice storm that takes out the power lines, a hurricane which physically destroys the building your business was located in, or a flood that destroys your computers and the paper documents in your business location (you did make digital backup copies of those documents, right?). How would this affect your ability to keep your business running? How long would it take you to get "back in business"?
Finally, you will need to have plans to deal with "worst case scenarios" such as a national terrorist attack, national power outage, a global pandemic, or something such as Y2K, (which thanks to foresight and a lot of work, didn't happen). Though disasters such as these are among the least likely to occur, they could be among the most devastating for small businesses.
ConclusionIn the next article in this series, we'll discuss the requirements that your business will need in order to recover from the disasters that we've discussed. We'll create a BCP for a fictitious business, "Don's Web Design", and we'll work through the process of creating his Disaster Recovery Plan. See you then!!
- Enterprise IT Planet's IT Disaster Recovery Special Report
- EIT Disaster Recovery Planning Forum
- Edwards Disaster Recovery Directory
- Disaster Recovery Journal
- Department of Homeland Security Emergency Plan Guidelines
- Contingency Planning World