Prepare with Our Assessment Tool
Now that you have calculated your DR Readiness level, the following chart helps visualize your organization’s likely recoverability, along with other notes:
Almost nothing is being done to ensure readiness to recover from an outage. Occasional backups may be run by various folks, but recovery is completely ad hoc.
The absence of a recovery plan means any event causing downtime will trigger a scramble to try and figure out how to recover.
Most don’t aim for this level. However, in the fast-changing business world, time and budgets are short, and for some organizations, this is the result. Even documenting a few critical technical and business recovery procedures would be a big help, but are often overlooked.
At this level, there may be little or no senior management support for DR readiness, though the recent pandemic may help in changing minds.
Some protections are in place, including scheduled local backups, remote or cloud-based data copying for disaster recovery, and possibly a server failover process for business continuity. However, there’s no established budget or process for verifying if the DR plan is valid.
Your DR solution might be a set of disparate products instead of a unified solution, which makes its maintenance expensive and labor intensive.
For example, a crisis at Level 2 may involve trying to restore a corrupted database and finding no recent backup exists. After recovering an older version of the database, your team will need to manually reenter the lost data, reducing your overall productivity to a level where advanced DR planning becomes affordable.
Your documentation consists of loosely sketched guidelines or is completely reactive, making disaster recovery planning difficult to measure. You won’t know the cost of system downtime.
Some protections are in place, including scheduled local backups, remote or cloud-based data copying for disaster recovery, and possibly a server failover process for business continuity. However, there’s no established budget or process for verifying if the DR plan is valid.
Your DR solution might be a set of disparate products instead of a unified solution, which makes its maintenance expensive and labor intensive.
For example, a crisis at Level 2 may involve trying to restore a corrupted database and finding no recent backup exists. After recovering an older version of the database, your team will need to manually reenter the lost data, reducing your overall productivity to a level where advanced DR planning becomes affordable.
Your documentation consists of loosely sketched guidelines or is completely reactive, making disaster recovery planning difficult to measure. You won’t know the cost of system downtime.
Your DR program integrates detailed recovery procedures with your periodically reviewed business continuity plan. Senior management fully endorses the IT DR planning process, and senior managers periodically attend your DR tests as observers.
Not only have you implemented effective preventive measures to minimize threats, your organization has achieved a level of resilience by using a balanced configuration of resources that include on-site hardware and software, virtualized systems and storage, and either a cloud-based DR provider in concert with your inhouse IT team or an advanced third-party managed IT services provider like AllConnected. Your backups follow the 3-2-1 rule with an air gap. Learn more: DRaaS: Misconceptions of Data Backup and Data Recovery
You are confident that your organization can address virtually any incident quickly, with minimal data loss, and that your IT systems and business processes can be returned to normal production well within your established RTO and RPO limits.
So how well did you do? Did you come out better or worse than expected?
AllConnected would love the opportunity to review your IT resources and find ways to level-up your DR resilience. To request a customized DR Runbook, or to talk with a DRaaS specialist, please fill out the form below.
NIST Cybersecurity Framework is a set of standards, guidelines and practices for mitigating your organization’s cybersecurity risks, published by the US National Institute of Standards and Technology.
