In terms of disasters, few people are prepared for the chaos that can come as a result of any type of disaster. Floods, fires, tornadoes, hurricanes, and even heavy rainstorms can damage structures and belongings beyond repair. Most times, there is little to no warning that a disaster will occur, and minimizing the damage becomes difficult without a disaster recovery plan in place. This precaution is especially important for a data center, where large amounts of expensive equipment and irreplaceable information may be stored. Creating a basic disaster plan for your data center is a simple process if you know where to start.
Assess The Risks
What types of risks does your data center face on a daily basis? A center in the middle of Arizona isn’t likely to deal with a hurricane, but a fire or monsoon is a likely possibility. California data centers may not see a heavy amount of snowfall, but must be prepared for floods and earthquakes. Before you can prepare for any disaster, you must determine which disasters your data center is at risk from.
Along with natural disasters, there are man made disasters that can happen with little warning. Fires may result from an electrical shortage, equipment may be damaged by a theft or burglary, and other number of man-made disasters may occur. Data centers in all parts of the world should be prepared for these untimely incidents.
Within an operational risk assessment, examine the following information:
• The location of the building
• Access routes to the building
• Proximity in relation to highways, airports, and rail lines
• Proximity to storage tanks for fuel
• How power to the data center is generated
• Details of the security system
• Any other critical systems that may shut down in the event of a disaster
Assessing the risks is the first step in creating a contingency plan that protects the building, the information, the equipment, and the employees when the unthinkable happens.
During the risk assessment, do the following things.
• Include all IT groups to guarantee that all departments have their needs met in the event of an emergency.
• Obtain a list of all data center assets, resources, suppliers and stakeholders.
• Create a file of all important documents regarding the infrastructure, such as floor plans, network diagrams, etc.
• Obtain a copy of any previous disaster plans used for the particular data center.
Once all relevant information has been gathered regarding the data center, the design process can begin.
Preliminary Steps For Disaster Planning
The first step in creating a disaster plan for a data center is to consult with all management within the center to flush out the threats that are most serious to the center. These can be human error, system failure, a security breach, fire, and many other things depending on the individual center.
The second step is to determine, with the help of other management professionals, where the most vulnerable areas of the data center are located.
Next, study the history of any malfunctions the data center has faced and how each disaster was handled.
It’s also important to determine exactly how much time the data center can handle being without power before the situation becomes critical.
Next, review the current procedures for how an interruption to the data center power supply should be handled, and obtain information regarding when these procedures were last tested by the appropriate individuals.
Single out emergency teams for the building, and review their training in regards to emergencies to determine if additional training or updates need to be implemented.
Finally, identify the response capabilities for emergencies for each of the center’s vendors.
Developing A Data Center Disaster Recovery Plan
When compiling information in regards to risk assessment, no stone should be left unturned. The more information, the more accurate and successful the disaster recovery plan will be. Disaster recovery plans cannot be created without a good level of organization and information, and will be extremely ineffective if information is inaccurate or incomplete.
The next part in a disaster recovery plan involves compiling a gap analysis report that determines the differences between the current emergency plan, and what the new emergency plan needs to be. During this process, all changes should be clearly identified and listed in order to more efficiently address potential problems. Include the total investment that is required to make the changes along with recommendations from the proper professionals on how to implement each change. Once the report is complete, have each member of management read the report and choose which recommended actions would be put into place. Each management member should have input into which changes are made, and coming to an agreement may require more time spent at the drawing board.
Once the recommendations are in place, and each member of management has agreed that the needs of their individual department are met, it’s time to implement each of your changes for your critical assets. Hardware and software, networks, and data storage should all be addressed within this step to ensure that equipment is protected and that information can be recovered in the case of a disaster. Once changes are implemented, tests should be run to determine if system recovery assets and plans are properly functioning.
If it is determined that the updates are functional and successful in recovering and saving equipment and data, it’s now time to update all documentation for disaster recovery in company handbooks or policy manuals. Because technology is constantly changing and the needs of data centers are always evolving, disaster plan updates should be made regularly. In order to do this successfully, there must be an accurate record kept of former procedures and how well they worked as intended.
The Next Disaster Recovery Plan Update
Once a new recovery plan is in place, there is no time to relax. Changes in the plan should constantly be on the minds of management personnel, and the next update to the system and process should be scheduled before the committee adjourns.
When designing a disaster recovery plan, keep the information as simple as possible in order to stay more organized, and to avoid going overboard and overlooking important minute details. It’s not necessary to completely overhaul a system to update a plan; constant changes should be made to protect the equipment and information housed by a data center.