7 Questions to Ask When Creating A Disaster Recovery Plan
  1. What is the likely cost of downtime and data loss to my company?
    • The cost of downtime varies per industry and the specific applications that go offline.
    • To accurately determine cost of downtime, conduct a business impact analysis and a risk assessment for each business-critical application.
  2. What are my recovery objectives?
    • Recovery Point Objective (RPO): How much time can I afford to lose?
    • Recovery Time Objective (RTO): How quickly do I need this application to be back up and running post the disaster?
    • Recovery Capacity Objective (RCO): How much computing capacity do I need to recover and by when?
  3. What are my application and system dependencies?
    • Most applications rely on many other applications and services, within and beyond IT infrastructure, and an application cannot be recovered without recovering all that it depends on.
    • These dependencies must be understood and included in the disaster recovery plan to know exactly what has to be recovered and in what order to meet RPOs and RTOs.
  4. Where should my disaster recovery site be located?
    • Out of range of the same disaster
    • Within reach of recovery staff
    • Close enough to meet RPOs
  5. What connection size (bandwidth) do I need between my product and disaster recovery sites?
    • It’s likely that connection size will need to be varied depending on what is being done:
      • Seeding
      • Transmitting/Replicating Changes
      • Reseeding
      • Failing Over
      • Coming Back
  6. What compliance and security measures have to be in place at my disaster recovery site?
    • Disaster does not excuse from HIPAA, Sarbanes-Oxley, or other regulatory compliance requirements.
    • Disaster recovery sites may also  need to meet security, data privacy, or monitoring standards or requirements specific to each industry.
  7. How often do we need to exercise our disaster recovery strategy?
    • Exercise twice per year at a minimum to ensure recovery strategy accounts for likely changes such as changed infrastructure or different staff.

Source: Disaster Recovery Journal, Summer 2016, pages 42-44.