We see that a large number of companies experience problems with the availability of their information system. This can cause significant disruption for the business of the company with major financial repercussions.
To be effective, a PRA must therefore be adapted to the crisis, operational and used as an escalation towards exceptional means.
For the CIO, choosing a disaster recovery plan is often complex. It is important to take into account 3 major criteria.
The 1st criterion is the “criticality” of applications and data. It must be defined according to two business requirements, namely:
- The Recovery Time Objective (RTO), i.e. the time between the start of a disaster and the effective recovery of the application.
- And the Recovery Point Objective (RPO), which indicates the time between the last usable backup and the disaster.
The second criterion concerns the repeat tests. This is important because good test campaigns give the company the confidence that in the event of a disaster its protective device will work as intended. These are tests that detect and correct any inconsistencies between the nominal site and the backup site.
The third criterion is the level of autonomy. Does the IT department want to:
- Have full control of the switch from nominal IS to secondary IS by relying on your own tools in the event of a computer failure.
- Have a personalized autonomy where the IT department will give the order to switch to PRA ON and the service provider will perform the switchover.
Or entrust the total delegation to the provider who will make the right decision to trigger the PRA.