It is important that if a company suffers from a disaster that they can be up and running as soon as possible. Disasters range from natural disasters such as hurricanes or floods, hardware failure, malicious insider attack, or accidental deletion of data. The main aim of a disaster recovery plan is to get the company back up and running so that it can generate income. Let's look at the different aspects of disaster recovery:

• Business Impact Analysis (BIA): BIA looks at the monetary loss if a company is not up and running, coupled with the purchase of new equipment so that the business can continue to operate.
• Recovery sites: There are three main types of recovery sites and these are hot, cold, and warm sites. Let's look at each of them:
  • Hot site: This site is up and running with staff loading the data into live systems on an hourly basis. This makes it the most expensive to maintain, but it has the fastest recovery. We may also use a cloud provider to host our hot site as it would allow us to be back up and running immediately.
  • Warm site: A warm site is similar to the hot site but data is backed up on a daily basis so it will take a little bit longer to get up and running than a hot site.
  • Cold site: A cold site is the cheapest to maintain as it has power and water but no staff or equipment, making this the slowest site to get up and running.
• Order of restoration: Once a disaster has happened, it is important that we look at the services needed to get a company back up and running. We would rank them as critical, essential, or non-essential, and we would work on getting the most crucial service up and running first. However, if you are restoring from a differential or incremental backup, you would have to restore the full backup first and then the differential/incremental tapes required.

• Geographic considerations: Where your data is located has a major impact on the restoration phase following a disaster, and we need to look at the impact of each of these. We will look at distance, off-site backups, and location selection:
  • Distance: We know that the fastest site to restore is a hot site, but if the hot site is 200 miles away, think of the logistics in getting the company personnel to that site. This may take a few days to organize.
  • Location selection: The location of the hot site is critical in how fast we can recover our data and systems. We need to ensure if it is far enough away and if one region suffers power failure or is hit by a hurricane, can we get it back up and running? This is why the cloud would be a good choice.
  • Off-site backups: When we back up our data, we should be storing backup tapes in a fire-proof safe and keeping our latest copy off-site, in case we suffer from a natural disaster such as a flood, fire, or hurricane.
• Data sovereignty: Data that has been created and turned into digital data is subject to the laws and regulations of the company that created it. It cannot be moved to another region – even for a backup reason. This affects both cloud providers and multinational corporations, as they cannot just simply move data where they want to.
• Legal implications: Digital data is subject to the laws and regulations of the company in which it is created. The company creating the data must be compliant, for example, they may need to hold medical data for 25 years, financial data for 5 years, and normal data for 2 years.
• Continuity of operations planning: Companies need to look at each type of disaster and put processes in-place for the company to keep running as quickly as possible. For example, your hot site could be in the cloud or you may have two different sites, and when the disaster happens, you would failover to the other site, keeping the business running.
• Disaster recovery exercises: There are two types of exercises that you can carry out to ensure that your company is ready for any disaster; these are structured walkthrough and tabletop exercises. Let's look at both of these:
  • Tabletop exercise: A tabletop exercise is paper-based, where all parties meet around a table and discuss how they would deal with a disaster scenario.
  • Structured walkthrough: A structured walkthrough is where a disaster is carried out physically with all parties involved. The military would call this a mission where they would go to a training area and carry out manoeuvres.
• After-action reports: Once a company has suffered a disaster, the management of the company needs to review all of the information so that they can reduce the impact or prevent the disaster from re-occurring – this is known as lessons learned.
• Failover: Failover can be measured in two different ways. You may set up servers in a cluster where the passive server will take over when the active server fails. Another method of failover is where the company has two or more different sites so that when one site fails, the other site takes over and keeps the business functioning.
• Alternate processing sites: There are two main alternate processing sites that you could use following a disaster. You could use a mobile site or you could use a cloud provider to provide the infrastructure that you need.
• Alternate business practices: You may adopt an alternate business practice to ensure that you can keep the business going, or you may need to purchase services from another company.