Add new comment

How and why to set up a Disaster Recovery Plan ?


1. DRP: Definition

BRP stands for Disaster Recovery Plan. It designates all the procedure for restarting and rebuild an information system in case of a failure. As its name suggests, DRP allows a company to continue its activity by relying on a temporary procedure.

By convention, DRP includes :
- Identification of the most critical services and their prioritization by criticality level
- Markup and inventory of available resources
- The implementation of solutions for the continuity of the activities
As an insurance, the DRP protects you (and your information system) from a potential failure. It is possible and even desirable that your DRP is never used, but it remains essential..

2. DRP: From theory to practice

a) Why to setup a DRP?

Whether it is a simple unavailability of a real data loss, a failure on your information system often causes significant costs. Those consequences vary regarding the length of unavailability or the business sector of the company, but they remain highly damaging in all cases. Indeed, added to the loss of turnover, your company may suffer from a deterioration of its image or other related costs.

Generally, the cost of unavailability is calculated with:
Cost of downtime = Loss of SA + Loss of productivity + Cost of restoration + Indirect costs + Impact on brand image

b) What are the main risks for your information system

The risks are obviously extremely varied, here is a non-exhaustive list of possible causes of failure:
- Natural disasters - Non-accessibility to premises - Claims on installations - Cyber-criminality - Human errors

c) What are the main benefices of setting up a DRP?

The benefits are also varied and it is complicated to list them all exhaustively. However, here are a few points that we think are important to highlight.
First, the DRP helps ensure business continuity in the event of IS unavailability.
Then, it provides a guarantee and peace of mind for all stakeholders.
The implementation of a DRP also makes it possible to identify the weaknesses of an information system, the PRA is therefore part of a continuous improvement process.
Establishing rules and procedures in advance provides a framework for a company's employees in the event of a default. The teams are not on their own and can follow a runbook set up in advance.
Finally, and this is not negligible, the rapid recovery in activity makes it possible to limit the loss of income to a minimum threshold.

3. For each company, a different DRP

It is important to understand that every company has a different information system. Indeed, each has different strengths and weaknesses. It will therefore be necessary to assess in advance and as precisely as possible the aspects to be prioritized. On the other hand, information system are different regarding the sector of activity. Take the case for example of an e-commerce company, for which a failure of the IS means direct losses of turnover, will not have the same requirements as a service company (building for example) for which the losses will be less direct although still significant.

Thus, it should be noted that each company has a different level of resilience regarding the unavailability of data or services. In addition, a DRP is often a costly solution to set up and we know that not all companies have the same financial leeway.
Plus, the creation of a DRP will strongly depend on the level of maturity of an information system. Here again, not all companies are created equal.

Finally, to exploit a DRP to its full potential, it is necessary to test it regularly in real conditions.


4. Differences between DRP and BCP

BCP (Business Continuity Plan) brings guarantee regarding critical application accessibility in case of failure of the IS. BCP guarantees high availability mandatory for a company.
Unlike the DRP, the BCP helps prevent a business shutdown. DRP and BCP can obviously be complementary even if the PCA offers a broader framework but is, by definition, more expensive. In fact, in addition to the technical aspects (included in a DRP), the BCP also includes availability of the HR and administrative part.

In conclusion, we will build on the adage "Prevention is better than cure". This is because the DRP acts much like your vehicle insurance. It is possible that this one will never be "useful" to you but it remains however essential. Today, companies are more dependent than ever on their information system, the consequences of its unavailability can be dramatic, so investing in a DRP appears to be more than the most prudent and judicious choice.

To find out more, contact our teams or visit our website