Don’t wait till disaster strikes – best practices when implementing DR
As more companies migrate their data to the cloud, disaster recovery becomes critical to ensure their operations are not disrupted by unforeseen events.
Companies are becoming increasingly digital, and with that comes the expectation from customers for them to be “always on”.
Organisations that fail to meet this expectation risk the loss of goodwill and trust from their customers on top of the negative impact on their bottom line. Additionally, organisations can be severely handicapped through the accidental loss of business-critical data, whether through a natural disaster or a malicious cyber attack.
Here are some best practices for companies considering disaster recovery (DR) and compliance strategies.
Differences between data privacy and data protection
It is crucial that privacy and protection are addressed separately with different policies and processes.
If a company doesn’t have security of that data in place to protect personal data, then its privacy policies will be meaningless because it won’t be able to prevent the unauthorised access to data.
Conversely, if a company doesn’t have a clear understanding of what data it collects and how it will use it, then it will be impossible to provide true security.
Evaluate the different industry standards relevant to your business and how they comply to demonstrate commitment to risk management
Different industries are held to different regulations and levels of compliance.
For example, the banking sector is held to a much higher regulatory standard than most other industries.
When implementing a DR strategy, organisations must ensure their strategy is compliant with the industry they operate in and has the relevant certifications.
The banking industry in New Zealand, for example, needs to be especially vigilant about complying with anti-money laundering legislation, or they could be subject to large fines, as Australia’s Commonwealth Bank was last year.
Does your DR strategy take GDPR compliance into account?
Privacy legislation is different across international borders, with the US, EU and Australia all having different laws that govern the collection and use of private information.
In today’s global economy, it is important to be compliant with the laws of the country in which an organisation is conducting business.
The recent provision of the Australian Privacy Principles and European Privacy Shield demonstrates how serious the lawmakers are about defending privacy.
Companies need to enact a data security policy for the sole purpose of ensuring data privacy of their consumers’ information.
How important is it for your organisation to have a contingency plan?
No one is exempt from disasters.
Being prepared for a major disruption to the business is essential, and establishing processes and plans to limit the impact is the key to success or in some cases, survival.
Interactive has helped Australian companies put business continuity plans in place for the last 12 years, providing services not only for data recovery, but also helping customers with physical business recovery.
Interactive Director of Data Centre & Business Continuity Clint Seagrave says, "The cost of a single hour of downtime has risen between 25 and 30 per cent annually since 2008.
"With many organisations failing to prepare for a disaster with an easily implemented recovery plan, this cost is likely to continue to climb."
To continue operations, organisations need to ensure their critical business functions can continue, and as the first step of preparation, they need to ensure they have a business continuity plan in place.
This helps to define clear business objectives, identify areas of business vulnerability, find the best resources for implementing a plan, find recovery solutions for every potential business threat and outlines the key contact go-to list for when business interruptions arise.
Organisations that do this will be in the best position to implement a successful Business Continuity Plan and to ensure it is effective and relevant in the event of a disaster is regular testing and continuous reviews.