How To Test Your IT Systems The Right Way Before Disaster Strikes
From tornadoes and floods to security breaches and employee error, unexpected catastrophes can befall any type of business.
While you may not be able to prevent or even anticipate disaster, you can be well-prepared before it strikes in order to minimize the impact and downtime. The importance of testing your plans for disaster recovery and business continuity can’t be understated.
In this article, we’ll offer insights on how to test your IT systems in the face of potential disaster, breaking it down into four key facets to work on.
How Do You Prepare for a Potential Disaster?
The first step in disaster preparation for many businesses is to conduct a business impact analysis (BIA). The BIA is a document with multiple goals, such as:
Identify potential events that could negatively impact your normal business operations.
Evaluate the possibility of each event occurring (no matter how unlikely it might seem), and develop a feel for the chance that it occurs.
Consider things that have previously broken or gone wrong. These events can supply clues about what could happen in the future.
Quantify the impact that each event could have on your business.
Ensure that the BIA outlines the connection between your operations and the IT systems, infrastructure, and environments that you depend on for these operations. Create a map between your business, the IT systems it depends on, and the technical foundations of those systems.
If you aren’t able to run payroll during a disaster, for example, your employees will be very upset and perhaps stop coming to work. Since payroll is a critical process, think about what it depends on. Does your payroll software run on-premises or in the cloud? If the latter, how can you guarantee access during and after a disaster?
Once you have a clearer picture of your situation, you can begin to craft specific plans for risk mitigation, disaster response, and business continuity.
What Are the Key Areas To Look At When Preparing for Disaster?
Your employees are the first line of defense during and immediately after a disaster. As such, it’s critical to have a working employee safety and communication plan. Maintain an up-to-date list of employee contact information and host it in the cloud where it can be easily accessed (e.g. Sharepoint or OneDrive).
Next, think about how your employees will be able to access your IT systems after a disaster. Can they be used over the internet, or do you need to plan for a temporary office space?
Test and update the communications plan at regular intervals. This will identify gaps such as out-of-date contact information and departed employees.
After your employees, your second most valuable resource is your IT infrastructure. Understand the most important IT assets that you need to recover, and how you plan on doing so.
You should keep backups and snapshots on a virtual server, so that users can run tests without the risk of interrupting production systems. Look for a solution that allows recovery-in-place: the ability to temporarily run virtual machine snapshots on a backup server while the primary hardware is down. This dramatically improves your recovery time objective (RTO), because operations can continue while you work on restoring behind the scenes.
Some solutions look great on paper, but are nearly impossible to verify. Make sure that you have a plan for testing and validation when you put a solution together, before you’ll actually need it.
Disaster recovery and business continuity are two distinct yet closely related concepts. While disaster recovery is about getting your operations back up and running to the fullest extent, business continuity is about maintaining critical functionality during and after a catastrophe.
Ask yourself: how can I get my business back to normal after a disaster event is over (and how quickly can I do it)? Without access to essential data and applications, your employees and customers will suffer, directly impacting your productivity and revenue.
To test your business continuity plans, simulate a catastrophe and make sure that you can still maintain your essential functions as an organization. Backups and redundant IT systems will be essential for both disaster recovery and business continuity, so that you can keep operating without a hitch if your primary systems go down.
According to the research and advisory firm Gartner, IT downtime has a very real cost for businesses, averaging $5,600 per minute. Want to know what downtime could cost your specific business? Kelser's Recovery Time (RTO) and Downtime Cost Calculator helps you estimate the total cost of recovery to your organization. You'll need to consider factors such as the amount of critical data you use, the frequency of your backups, and the number of employees who would be affected by a disruption.
In the wake of a disaster, your ability to respond to customer needs and complaints will directly impact your reputation. All customer-facing employees should be briefed on the need to deliver a clear and consistent message during and after a disaster.
Understand how information flows between you and your customers. Do you communicate through email, phone calls, social media posts, or text messages? How will you respond if these lines of communication are disrupted, and how will you keep customers in the loop about what’s going on?
You’ll also need to ensure reliable access to telecommunications infrastructure (such as telephone and internet). It’s highly likely that you’ll see an increased volume of support requests, email and phone traffic, and frustrated social media posts.
Like the other parts of your BIA, testing and rehearsing your customer communications plan is a must. This is the best way to identify and resolve potential weaknesses with your customer support and communication infrastructure.
Consider bringing a few important customers into the testing process. They’ll be impressed by your foresight and your choice to include them.
Disaster planning is a skill that can’t be taught—it’s learned over time through repetition and experience. Testing is the only way to reveal the gaps in your plan and address them proactively.
While disaster planning can seem overwhelming at first, it’s far preferable than to be left without a plan when catastrophe strikes. The best way to start is to take small, simple, low-risk actions and build them up over time. One good place to start is Kelser's eBook "Natural Disaster Survival Guide for Businesses: A Quick Reference Guide for Business Leaders," where we discuss the risk factors and preparations for the most common natural disasters.