A question you know you should be able to answer with “yes definitely”. But more often than not it’s a tentative “sure”. It is quite a tedious task, organizing backups, but the peace of mind that comes with having it sorted makes it well worth it.
Having a disaster recovery plan is a good idea for any business, however this will only be effective if you have something to recover with. Before we go any further, see if you can answer “yes” to all the questions on our backup checklist:
- Do you know where your backups are?
- Do you know how often they get backed up?
- Do you keep backups in multiple locations?
- Do you know how to recover them quickly?
Do you know where your backups are?
Having backups is great, but if you don’t know where they are you might as well not have any. Make sure you document the location of your backups, along with any passwords or keys you may need to access them.
Do you know how often they get backed up?
The frequency of your backups can be crucial. If you own a website where databases / files change frequently, you need to ask yourself the question: “If I restored my data now, would it be ok?” At Wordtracker we run a daily backup, which we keep for 30 days. We then have single monthly backups stored for a year.
Do you keep backups in multiple locations?
Storing backups requires you to be extra cautious. Keeping all your backups in one location is a bad idea; you should ensure you keep backups in different physical locations. For instance at Wordtracker we keep backups with Heroku and AWS in different datacenters.
Do you know how to recover them quickly?
Having backups you can’t access is pointless. Make sure you have a procedure in place so you know at 3am how you’d recover your data.
The plan basics
Like anything you should approach this exercise with a cost / benefit mindset. The more affected your business would be by an outage the more time you should invest in disaster recovery. Being able to get back up and running quickly is something that should be built into your infrastructure. Using services such as puppet and docker can allow for complex systems to be quickly re-deployed. But simply being prepared for the worst to happen will put you streets ahead of many businesses.
Who’s in charge of what
Creating your plan will prompt you to think about and identify the key people for each area. The people you need to contact to fill in the relevant sections will need to be included in the plan as the contact point for these areas.
Having a single person in charge of your technical infrastructure may be the case for many small businesses, but the problem starts if they are not available or are on holiday, or are indeed part of the disaster you are trying to recover from.
So the first part of the plan should be who to contact in the event of an emergency - and not just via email. You’ll need a way of contacting someone urgently, out of office hours. Disasters don’t always happen when everyone is at work. This is especially important where you have an international audience and you will be even more affected by an outage outside of your own office hours.
Have a proper systems / infrastructure diagram
Having your infrastructure properly documented and mapped out greatly helps to reduce these kinds of problems as it allows a third party to get things back up and running much more quickly.
As well as being written out with an explanation of what each aspect is and how it functions, a diagram giving a full overview in a single image is really vital. Having a diagram to point at, draw on and quickly share is really useful in these situations.
KISS - Keep It Simple Stupid
There is nothing like an emergency to bring out the stupid in all of us. If you’re using your recovery plan, you’re probably going to be a bit stressed out so making life as easy as possible for yourself is important.
Make sure you include links out to any services you might need to access, as well as where the login details for that service can be found - not the login details themselves though as this would not be secure. At Wordtracker we use an encrypted password manager with on and offline access which means we can include the entry name in our document making it very easy to find without any security concerns.
Practise and test
You’ll know your recovery plan is in good order if you can run through a mock emergency and find every piece of information or link to where to find it in the plan. It should be as frictionless as possible with as little thinking involved as possible.
Make sure that everyone who needs to, knows about the plan and how to access it. Remember you might not be there at the time or may be unreachable. It can be difficult in smaller organizations but try not to make any one person integral to the plan.
One final note… Don’t keep your recovery plan on your own infrastructure! It’s no good to you if you can’t access it incase of an emergency. A third party service such as Google Docs is a great option here.