What is Business continuity and disaster recovery?
BCDR represents a set of approaches or processes that helps a company to recover from a disaster so company can resume its routine business operations. Disasters includes hardware failure, natural calamities (earthquake or flood), network failure, employee negligence, outages or disruption due to power failure, cyberattacks etc.
A BCDR plan ensures that businesses operate as close to normal as possible after an unexpected interruption, with minimal loss of data.
Having a proper BCDR plan in place enables businesses to minimize both the downtime and the cost of a disruption.
Credit: enterprisestorageforum.com
What Are the Objectives of a BCDR Plan?
A BCDR plan aims to protect a company from financial loss in case of a event. Data losses and downtime can lead to businesses being shut down. A robust BCDR plan:
- Reduces the overall financial risk to the company.
- Enables the company to comply with industry regulations with regards to data management.
- Prepares the organization to respond adequately and resume operations as quickly as possible in the aftermath of a crisis.
Let’s see what is RPO and RTO.
What is Recovery Point Objective? (RPO) HHH:MM
RPO is the data recovery point objective that defines the maximum acceptable (and achievable) data loss recovery point for the service.
What is Recovery Time Objective(s)? (RTO) HHH:MM
RTO is the committed measure of time objective to recover the service before detrimental impact occurs and to meet the goals of the business and/or customer. Impact is up to the service owner to define based on knowledge of the service users/customers.
What is Service Level Agreement? (SLA) %
Service-level agreements (SLAs) describe company’s commitments for uptime and connectivity. A service-level agreement (SLA) is a commitment between a service provider and a client. Particular aspects of the service – quality, availability, responsibilities – are agreed between the service provider and the service user. The most common component of an SLA is that the services should be provided to the customer as agreed upon in the contract.
See the summary of all Azure services SLA: Service Level Agreements Summary | Microsoft Azure
Dependencies
Identify service-level dependencies that if unavailable, would stop your service from running/recovering.
- All services must have at least one dependency defined. There are 3 primary types of dependencies that you should map:
- Critical Dependencies: If stopped or unavailable, these dependencies will cause your service to fail. By default, they are also needed for recovery.
- Critical for Recovery: These are non-critical during run-time but become critical for recovery usage (ex. Azure Backup, deployment services etc.).
- Non critical: These are service dependencies that will not “stop” your service but may degrade function, limit content, etc.
Recovery team
We should record the location and personnel that can recover the service in the event of an outage. For each facility where the staff is present, mention record the number of personnel that can restore the service.
Like: Building name, Full time employees etc.
Recovery plan and test
- Records the location of the BCP (Business Continuity Plan) for manual processes or the DRP (Disaster Recovery Plan) for technology services.
- The data for a valid “failover” test must also be recorded.
- A failover is defined as an out of region/out of data center test of the service proving recoverability in the event of catastrophic loss of a site.
- Evidence must show the service running in its primary location, fail (down for that service) in the primary location and operation in the backup location.