What to Include in a Disaster Recovery Plan, and How to Sell It
I get a lot of questions about providing a disaster recovery plan for our MSP clients. Today, I am going to discuss our approach.
I have been performing Business Continuity Assessments and writing Disaster Recovery Plans, for both SMB and Enterprise clients, since 1990. I have tried to take my formal training and experience with Enterprise BCA/DRP and streamlined it down for SMB use.
So, what is exactly meant by “disaster recovery”?
Wiki defines: “Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions.” —
I have 2 approaches to putting together a Disaster Recovery Plan – a full Business Continuity Assessment and Disaster Recovery Plan, and a Quick Plan, based on Best Practices for SMB companies. Note that in both cases, we are restricting ourselves to IT-related issues. A full Enterprise Business Continuity approach would deal with all aspects of the business, and we don’t want to go there.
Full Business Continuity Assessment and Disaster Recovery Plan
This is a multi-phase process:
Network Assessment – The first phase is a Network Assessment, which includes the documentation of the entire network, and recommendations on changes required for general network stability & reliability.
Security Assessment - The second phase will be a review of the current state of security. This phase includes remediation of highly critical issues that can be addressed in a simple and straightforward way. Deliverables will include a detailed Security Assessment Report, including recommendations.
Business Continuity Assessment – During this phase, we will determine the criticality of all components of the network, and interdependencies to uncover critical paths of continuity. Resources will be assigned to one of a number of criticality categories, and we will recommend changes to your environment to provide the determined availability of each resource on the network.
Disaster Recovery Plan – During this phase, we will document the procedures required to recover from a disaster scenario. This will give the client everything needed to recover from a major disaster, as well as more minor failures. Note that a Disaster Recovery Plan is a living, breathing document, which will need to be maintained on an ongoing basis to be of value.
Note that having a BDR-type backup system, with imaging and an offsite replica, dramatically simplifies the Disaster Recovery Plan’s implementation.
At this point, you’ve probably realized that this will take a LOT of time. It sure does! I’ve been paid up to $50,000 to perform a BCA/DRP for a company with about 300 users.
So here’s the shortcut, the Quick Plan, for SMB clients.
Disaster Recovery Quick Plan For SMB Clients
(Preparatory Step) Establish your best practices for network infrastructure, security, and server fault tolerance. Rather than figure out the specific requirements of each client, we will put together best practice/rules of thumb for equipment and software requirements for your SMB clients. For instance, I want a name brand server, with hot pluggable hard drives in a RAID array. Once I get to a certain size (let’s say, 20 users, for the sake of argument), I want to add redundant power supplies, and I want to make sure I’m using SAS drives rather than SATA for performance. For security, I want a firewall (we’ll accept Cisco or Sonicwall), patch management, a good Anti-Virus/Anti-Malware package, etc. I also want our BDR solution in place. Are you noticing that we’re addressing things that we’ve previously documented as best practice for your Managed Service program anyway? See how easy this is if you’ve standardized your client’s networks?
Phase 1 – Systems Assessment – how does the client’s existing network compare to your best practices? Give them letter grades and a list of recommendations to come into specification. By the way – you should be doing this when you board a new client ANYWAY. We provide a 27-point network assessment as part of our boarding process, and so should you.
Phase 2 – Disaster Recovery Plan – provide detailed instructions on how to recreate the client’s IT environment from your BDR’s offsite store.
Here’s what I’d make sure to include:
- Server specifications – brand, how much drive space and memory, volume info, etc. (this could be from your RMM tool, but should include ANY piece of information YOU would need to rebuild their environment, sight unseen). Software will be recovered from BDR, so don’t worry about that too much.
- Workstation specifications – typical workstation specifics, including needed software (boy, is this easier if you’re doing VDI).
- Phones – at least have an option to forward phone numbers to a cell phone or something.
- Email – do you have mail being stored by an offsite service? Do you have a business continuity email service (I recommend it highly)?
- Contact and account information for vendors.
- Contact information for employees.
- Contact information for customers.
How To Sell This
Here’s a surprise – don’t sell it! I would suggest doing the Quick Plan with all of your Platinum accounts (I require all Platinum accounts to get a BDR, so the process stays pretty basic). This will greatly enhance the value of your Platinum Plan, with little effort on your part – if you’ve done the network assessment already, you should be able to crank out a template-driven disaster recovery plan in 2-4 hours.
But, I would charge for it, for anyone else. If they’ve bought your BDR, but aren’t Platinum, offer it for $799 or so. If they don’t have a BDR, this could be dramatically more work, so I’d offer to do a Quick Plan for a non-BDR client for $2999 (I would then use this to get them to buy a BDR, they’ll save $2200 on their DR Plan if they buy your BDR!).
Comments