5 Steps to a Resilient Organizatiion March 14 2019 According to Gartner, 1 hour of downtime costs an organization $336,000 on average. Imagine what an entire day would cost. Data is the most valuable asset your organization holds. Without access to data and the systems it runs on, no organization can survive. Thankfully, taking these five steps will help ensure your organization can survive unexpected downtime due to a security breach, flood, tornado, or more likely—an employee error. Determine your Recovery Point Objective (RPO): The amount of data loss your organization is comfortable losing due to downtime. Could you afford to lose data that was created in the past 15 minutes, 1 hour, 24 hours, data that could include client, accounting, and operational records? Determine your Recovery Time Objective (RTO): The amount of time your organization can afford to be non-operational. This metric takes into account the cost per minute or hour of downtime for the organization. If it costs the organization $100,000 per hour of downtime, how many minutes or hours could your organization withstand? Also, what level or service loss is acceptable? If a hospital can’t access patient records, how long is it acceptable to serve patients without that information? Develop a Business Continuity (BC) Strategy: This strategy and plan focuses on how to recover and maintain business operations during and after a crisis or downtime has occurred. A BC strategy is essential to keeping “business as usual” during a time of uncertainty. It includes all essential facets of the business, operations, accounting, communications, sales, technology, etc. Develop a Disaster Recovery (DR) Plan: A DR plan is similar to a BC strategy but focuses more specifically on the recovery and maintenance of the organization’s technology and data. A DR plan should include the availability of consistent backups of critical data and applications, redundant software and hardware for the organization to recover to, and a clearly defined and outlined set of instructions for the recovery of systems and data. Testing: Once a BC strategy and DR plan have been developed and implemented to achieve the organization’s desired RPO and RTO a test must be performed to ensure their effectiveness and reliability. A DR test involves purposefully shutting down all technology systems to simulate a system failure. Once the system has “failed” the BC strategy and DR plan are enacted as if it were a true emergency. The test provides the opportunity to practice the recovery steps and test the reliability of the systems and recovery process in a controlled environment. It is the only way to ensure the plans are effective and the organization can achieve the desired RTO and RPO without issue. Adjustments should be made to the systems and plan if the organization is unable to successfully restore the systems to business as usual. Testing should occur at a minimum of an annual basis, if not more often due to changes in the business or criticality of the RPO and RTO. Taking these steps will build resiliency into your organization so that when an incident does occur, you can get back to business as normal quickly and efficiently. Discover how much downtime could cost your organization with this downtime calculator.