How to Build a Disaster Recovery Team Full of the Right People
By: Blair Felter on March 4, 2021
Disaster can have a number of meanings for today’s companies. It could include a natural disaster that disrupts power and infrastructure, or a cyberattack that cripples their network systems. Whether a disaster is natural or man-made, it can threaten an organization’s ability to access and utilize the data and network systems that make its business possible. For this reason, it’s critical that companies confront the risk of disaster by formulating a disaster recovery plan and assembling a disaster recovery team.
Disaster recovery is a comprehensive plan that includes the strategies, people, tools, and processes a business will need to implement should there be a disaster of any kind. Disasters can include natural disasters or those created by people such as cyberattacks. Plans may need to be enacted any time there is a threat to business continuity. In fact, during the onset and throughout the duration of Covid-19, companies may have initiated elements of their plan, while others realized they didn’t have the necessary resources in place.
The Importance of Disaster Recovery Planning
Being able to continue critical business during a disaster is pivotal. Whether it's services that provide relief or assistance in natural disaster response, or a need to conduct business in the face of an ongoing cyberattack, or protecting and securing data to ensure business continuity, having a detailed and robust disaster recovery plan is essential.
If a disaster is unavoidable, limiting the damage with disaster recovery plan implementation is important. Similarly, a thoughtful and strategic plan may limit delays and speed up a business’s return to normal functioning. And, if disaster strikes, a plan in place gives a team a playbook to follow rather than relying on decisions which may need to be made quickly under significant stress.
However, disaster recovery planning is more than response. In part, it’s about risk mitigation as well. A business should include preventative measures it can take to ensure the resources, tools, and data needed to continue business are protected, backed-up, and recoverable.
What Should Be Included in a Disaster Recovery Plan?
To be clear, for the purposes of this section, the plan refers to the actual procedures and strategies to include in a plan. A fully realized disaster recovery plan should also include a disaster recovery team and all of the additional resources you will need to put this plan into action (such as IT hardware etc.). A comprehensive disaster recovery plan includes three primary strategies: prevent, monitor, and correct.
Perhaps the most important element of your plan, prevention enables you and your team to address issues and concerns before they become disasters. This is why your disaster recovery team is so important as they can help you identify vulnerabilities across an organization. Often, departments and teams exist in silos, focusing on their essential functions, the input from across an organization allows you to build a fully-developed preventative strategy that includes your entire company rather than focusing on IT alone. Preventative measures include:
Monitoring is an ongoing process. This means monitoring not just your security processes, but also monitoring your plan. The landscape is constantly changing. Climate change creates unpredictable weather patterns and hackers are regularly adjusting their strategies and honing their skills. Staying active and alert and monitoring evolving situations is important. Monitoring measures include:
The correction strategy is really dependent upon how well a company has followed the prevention and monitoring strategies. Ideally, in a perfect world, all data has been backed up, systems are utilizing N+1 redundancies, and any servers impacted by a virus or a hack can be isolated to protect further loss. Corrective measures essentially include:
Isolate the problem and identify the cause
Communicate with internal teams and vendors and service providers (insurance)
Communicate with other stakeholders
Communicate with necessary authorities
Implement restoration processes for data, applications, and network environments
In case of virus or cyberattack, review existing policies, procedures, and prevention methods
Keep communication open, report successes (mitigation) and reassure all stakeholders regarding plans to prevent similar events
What is a Disaster Recovery Team?
Every organization should have a group of individuals dedicated to developing and documenting a plan for disaster recovery to ensure data availability and business continuity. This disaster recovery team not only creates the disaster recovery plan, but also is responsible for building and implementing the processes and procedures that will facilitate data recovery and integrity. An effective disaster recovery plan will need to be updated frequently and tested to ensure its effectiveness, so the team will be responsible for these tasks as well.
Who Should Be on the Disaster Recovery Team?
Since disaster recovery can impact all levels of an organization, a disaster recovery team should ideally be a cross-functional group capable or leveraging expertise from multiple departments and addressing a variety of system availability and business needs. While every organization may look different, there are several broad categories of people who should be involved in planning and executing disaster recovery efforts.
The company’s senior leadership may not need to be involved in all aspects of disaster recovery planning, but they need to participate in all discussions about all disaster mitigation efforts because they will ultimately be the ones signing off on budget proposals and broader policies. Some executives may lack the technical expertise necessary for detailed disaster planning, but their position of authority allows them to help the team overcome obstacles and secure organizational buy-in.
Most of the highly-technical aspects of the disaster recovery plan will be executed by members of the organization’s IT department. They have the clearest idea of what the existing network and computing infrastructure requirements are and understand how to best ensure system availability in the event of a disaster. Senior IT managers with knowledge of the organization’s storage and database systems, networking, and applications should be heavily involved in any disaster recovery planning process.
Critical Business Unit Advisors
Although IT personnel know the ins and outs of the company’s systems, they might not have an intimate knowledge of how critical they are to other departments. By involving representatives from those departments in the planning process, the team can evaluate downtime tolerance more accurately. It may be possible for some departments to implement workarounds that give the recovery team more time to get systems up and running, which can help reduce the overall disaster recovery budget. On the other hand, the team might learn that even a few minutes of downtime could result in unacceptable costs for some business units.
Security and Compliance Management
A disaster event has the potential to impact data availability and security, which could expose the organization to costly legal liabilities. Compliance requirements are often quite complex, and the team needs to make sure that the processes it puts in place to mitigate a disaster are in accordance with those standards. This is especially important if the organization is bound by SLAs that stipulate their responsibilities to their customers. When it comes to data integrity and security, it’s not worth taking chances.
Disaster Recovery Team Roles and Responsibilities
Identifying who should be part of the team is only the first step. Once the disaster recovery plan is developed, it needs to be implemented. While many people will be involved with carrying out the plan when an emergency does occur, there are two specific team leadership roles worth pointing out to ensure success.
Disaster Recovery Coordinator
This person is responsible for overseeing every aspect of data recovery when a disaster occurs. They initiate recovery plans and facilitate all team efforts from the beginning of a disaster to the resumption of normal operations. Most of their work will be on the IT side, where they address problems that emerge and identify factors that could delay any aspects of recovery. They will most likely be responsible for assigning roles and responsibilities throughout the IT department for handling different aspects of disaster recovery.
Business Continuity Expert
Just because a disaster recovery plan is in place doesn’t mean the entire organization will know what to do when disaster strikes. The business continuity expert ensures that the non-IT aspects of the plan are implemented throughout the rest of the company. This could include clarifying reporting procedures or gathering critical contact information to facilitate smooth communication during a disaster.
Disaster Recovery Team Training
Training and testing is an essential aspect of any disaster recovery plan. Once the plan is implemented, the team will need to conduct ongoing evaluations to assess its effectiveness. There will be some challenges and problems that no one anticipated during the planning process or during the initial risk assessment. These issues need to be addressed well in advance of the moment the organization needs the disaster recovery plan most. Waiting until a hurricane is moving in on a data center is a bad time to discover that there’s a problem with switching operations over to a cold site recovery solution, for instance. By conducting routine testing, team members become more familiar with their responsibilities in the event of a disaster, which reduces the chances of human error or confusion when that moment arrives.
Your Checklist for Building a Strong Disaster Recovery Team
Obviously, building a strong disaster recovery team, one that is capable of understanding the full scope of your plan as well as implementing it is essential. Not only do you want to construct a team that represents the teams within your business, but you’ll want individuals who are capable of organizing and coordinating action steps in case you do need to implement the plan. When building your team, consider this checklist:
Do you have a project manager who can oversee each role and plan implementation?
Do you have a disaster recovery expert who can identify objectives, timelines and workflows?
Do you have a business continuity expert who can provide for continuity beyond IT needs?
Do you have an IT expert who can provide technical advice as well as oversee your technicians and technical team?
Do you have a communications strategist who can handle PR and communications?
Do you have representation from each team that will be part of implementation? IT? Customer service? Communications/PR? Executive?
Will you need outside contractors to assist in backup, monitoring, or security?
Looking for More Teammates?
Planning for a disaster is one of the most important things an organization can do to protect its operations and data from disruption. Given the high costs of system downtime and the extent to which companies rely upon data to guide decisions and strategy, every effort made to ensure business continuity is a worthwhile expense. By organizing and empowering a disaster recovery team, they can avoid suffering many of the negative outcomes that so often accompany a disaster event.
As the Marketing Director at vXchnge, Blair is responsible for managing every aspect of the growth marketing objective and inbound strategy to grow the brand. Her passion is to find the topics that generate the most conversations.
Subscribe to vXchnge Blog
Choose a Data Center Provider that Solves Problems and Adds Value.