When was the last time you reviewed your DR plan? Posted on February 27, 2013 by Tim Burke Last year, disasters in the United States caused more than $60 billion in damage. And the future promises plenty more of the same, says a recent report from Swiss reinsurer Munich Re — especially in North America, where weather-related loss events have quintupled in the last 30 years. Now add in concerns about inadequate backup of the data on employees’ smartphones and tablets, wayward virtual machines, cyberattacks and other security incidents … The challenge: Protect your essential business resources It all makes now a good time to take another look at your company’s business continuity/disaster recovery plan, which ought to be reviewed and updated at least annually to keep your risk assessment current. To get your entire business back on track as fast as possible and with minimal disruption to the activities that pay your bills and generate your profits (the goal of business continuity), you must protect resources essential to your business, all seven categories of them — facilities, staff, technology, machinery, transportation, critical data, and supply chain. And much of what’s essential to your business involves restoring functionality to the technology capabilities your business depends on (the goal of disaster recovery). It’s an effort that begins with a business impact analysis, which identifies and ranks the criticality of your organization’s business functions so you know which ones are essential, what other assets they depend on, and what resources you’ll have to marshal for their continuance/resumption. Enter RTO and RPO Two measures are key to the business impact analysis at the heart of your recovery plan: RTO (Recovery Time Objective) describes how long your recovery takes, and RPO (Recovery Point Objective) describes the maximum allowed time gap between the last data backup and the moment a disruption occurs — and it’s the point in time to which data is restored following a disruption. It’s important to pay particularly close attention to RPOs. If you back up all your data in real time or near-real time so you can recover it in the most up-to-date way, you’ll pay plenty in storage and network costs. But if you back up data less frequently, what you recover may be so outdated that you’ll pay in other ways — lost transactions, ruined productivity, angry customers. The trade-offs — and data recovery options — look like this: Quest CTO Mike Dillon will be exploring this (and much more) in far greater detail in a webinar called Master Your Disaster (on March 20 at 10 AM PDT). In the meantime, look for my next post, where I’ll lay out 12 key questions — what I call the Disruption Dirty Dozen — that you need to ask and answer to protect your business processes.