Whether you’re managing disaster preparation activities for a small business or a large corporation, you need to plan for natural disasters because, as we all know, information technology and water don’t mix well. Let’s go over some basic steps you’ll need to take to ensure that your network and IT investments survive in the event of a disaster such as a flood or hurricane.
1. Develop a Disaster Recovery Plan
The key to successfully recovering from a natural disaster is to have a good disaster recovery plan in place before something bad happens.
This plan should be periodically tested to ensure that all parties involved know what they are supposed to do during a disaster event.
The National Institute of Standards and Technology (NIST) has excellent resources on how to develop disaster recovery plans. Check out NIST Special Publication 800-34 on Contingency Planning to find out how to get started developing a rock-solid disaster recovery plan.
2. Get Your Priorities Straight: Safety First.
Obviously, protecting your people is the most important thing. Never put your network and servers ahead of keeping your staff safe. Never operate in an unsafe environment. Always ensure that facilities and equipment have been deemed safe by the proper authorities before any recovery or salvage operations begin.
Once safety issues have been addressed, you should have a system restoration priority so you can focus on what it will take to stand up your critical infrastructure and servers at an alternate location.
Have management identify which business functions they want back online first and then focus planning on restoring what is needed to ensure safe recovery of mission critical systems.
3. Label and Document Your Network and Equipment.
Pretend that you just found out that a major storm is two days away and it is going to flood your building.
Most of your infrastructure is in the basement of the building which means you are going to have to relocate the equipment elsewhere. The tear down process will likely be rushed so you need to have your network well documented so that you can resume operations at an alternate location.
Accurate network diagrams are essential for guiding network technicians as they reconstruct your network at the alternate site. Label things as much as you can with straightforward naming conventions that everyone on your team understands. Keep a copy of all network diagram information at an offsite location.
4. Prepare to Move Your IT Investments to Higher Ground.
Since our friend gravity likes to keep water at the lowest point possible, you’ll want to plan to relocate your infrastructure equipment to higher ground in the event of a major flood. Make arrangements with your building manager to have a safe storage location on a non-flood prone floor where you can temporarily move network equipment that might be flooded in the event of a natural disaster.
If the entire building is likely to be trashed or flooded, find an alternate site that is not in a flood zone. You can visit the FloodSmart.gov website and enter in the address of your potential alternate site to see if it is located in a flood zone or not.
If it is in a high risk flood area, you may want to consider relocating your alternate site.
Make sure your disaster recovery plan covers the logistics of who’s going to move what, how they are going to do it, and when they are going to move operations to the alternate site..
Move the expensive stuff first (switches, routers, firewalls, servers) and least expensive stuff last (PCs and Printers).
If you’re designing a server room or data center, consider locating it in an area of your building that won’t be prone to flooding such as a non-ground level floor, this will save you the headache of relocating equipment during a flood.
5. Make Sure You Have Good Backups Before a Disaster Strikes.
If you don’t have good backups to restore from then it won’t matter if you have an alternate site because you won’t be able to restore anything of value. Check to make sure your scheduled backups are working and check backup media to make sure it is actually capturing data.
Be vigilant. Make sure that your administrators are reviewing backup logs and that backups are not silently failing.