It’s wintertime in the US. You and your staff are likely planning some well-earned time off over the holiday season. Before you put the champagne on ice, however, it must be remembered that winter can bring some brutal storms – putting your business’s data center at risk of damage.
As such, it’s time to review your data disaster recovery plan to make sure your business-critical data survives the winter.
What Is Data Recovery Planning?
All it takes is one big storm to wreak havoc with your business. Power outages in winter are common - and the fact is the US has more power outages than any other developed country.
It's crucial, therefore, if you want to relax at all over the holiday season, that you have disaster recovery strategies in place to protect your business from data loss and security breaches in the event of a disaster. But what are your backup systems and disaster recovery plan? Put simply, a disaster recovery plan (or DR plan for short) is a plan to ensure business continuity in the event of a data disaster.
It is a disaster recovery plan that defines your organization's processes, policies and procedures for protecting and recovering your data files should a natural disaster or maybe other threats, such as when a data breach disaster strikes your organization!
For HIPAA compliant businesses, a disaster recovery plan is a requirement, not an option! The HIPAA Security Rule clearly stipulates that covered entities (healthcare providers, plans and clearinghouses) must implement technical, administrative and physical safeguards to ensure the confidentiality, integrity and availability of electronically protected health information (ePHI) at all times.
Specifically, the legislation states that covered entities must have the following disaster recovery plan in place to protect ePHI in the event of a disaster:
Specifically, the legislation states that covered entities must have the following plans in place to protect ePHI in the event of a disaster:
- Data Backup Plan: Establish and implement procedures to create and maintain retrievable exact copies of ePHI.
- Disaster Recovery Plan: Establish and implement as needed procedures to restore any loss of data.
- Emergency Mode Operation Plan: Establish and implement as needed procedures to enable continuation of critical business processes for protection of the security of ePHI while operating in emergency mode.
Failure to comply with the HIPAA Security Rule can result in huge fines for your business - and that's before any additional losses are accounted for in terms of damaged reputation, lost customers and business downtime.
To ensure you're in full compliance, it's helpful to have a disaster recovery checklist to guide you through what you need to do to make sure you're protected during the winter storm season we're facing now - plus the hurricane season next year, as well as the perpetual threat of cyberattacks.
Forming Your Data Recovery Plan
The first step of the process is to catalogue your business's crucial data, so you know what you need to protect. The likelihood is that your business uses multiple devices and services - from laptops and smartphones to internal servers and cloud storage.
The question you need to ask yourself is, should a natural disaster strike and render any of these devices useless, would you be able to recover the data?
What you need to know is:
- What data you have stored?
- Where it's stored?
- How costly it would be to lose it?
RPOs and RTOs
Understanding your hardware and software configurations and what data backups you have in place will help you prioritize your normal business operations and disaster recovery planning.
For all your data, you need to determine a recovery point objective (RPO). This describes the amount of data that can be lost before significant harm to your business occurs.
It is essentially a measure of how frequently you create backups for your storage media. For example, if you back up your data once every 24 hours, then you must be able to accept a maximum of 24 hours' worth of data loss should a disaster strike.
Recovery time objectives (RTOs) are similar though distinct from RPOs. The RTO describes how much time can pass before the disruption begins to seriously impact business operations. Put simply the RTO dictates how long you have to recover your data following a disaster.
HIPAA Compliant Remote Data Backup
When a snowstorm is raging outside, it’s too late to start backing up your files. You need to be prepared beforehand.
When a snowstorm is raging outside, it's too late to start backing up your files. You need to be prepared beforehand. Best practices dictate that you keep two backups of your critical business data onsite - one at the source on the device and a second on an external drive or network-attached server.
However, onsite backups don't protect your data from a localized disaster. As such a third copy of your data should be maintained via an online backup service to an offsite data center. For HIPAA covered entities, this means seeking a HIPAA-compliant data backup and recovery provider that can meet your RPOs and RTOs.
Altogether, this is known as the 3-2-1 backup method, whereby you have three (3) copies of your data, two (2) of which are onsite on different types of storage devices and one (1) of them offsite with a HIPAA-compliant provider of cloud-based backup and recovery solutions.
Your Disaster Recovery Planning Checklist
To ensure all bases are covered for all your disaster recovery sites, it helps to have a disaster recovery planning checklist to work through. There are four essential steps you should take to build a robust data storage and disaster recovery plan checklist. These are:
- Assign Responsibility: Assign specific roles and responsibilities within your organization as to who will protect critical data and sensitive data by managing both your primary data storage and your data backup procedures with disaster recovery processes.
- Seek a Data Backup and Recovery Cloud Services Provider to Automate Your Backups.
- Document Key Contacts and Information: Create a contact list of all critical vendors, suppliers, partners, clients and employees you will need to notify should a disaster strike.
- Create a Recovery Procedure with Clear Steps to Remedy Data Disruption: Key points in this step include:
- Back up data to a secure, HIPAA compliant data center.
- Create a plan to restore data in a timeframe that meets your RTO.
- Set regular backup times that meet your RPO.
- Test your backup regularly.
Central Data Storage offers UnisonBDR, a fully supported cloud backup and recovery solution for HIPAA compliant businesses.
With automated backups, you can relax knowing that your data recovery time objective will always be safe in our highly secure data center over the winter (you don't even need to think about them).
UnisonBDR is also designed to get your business back up and running in two hours, with a full data restoration complete within 24 hours should a disaster strike. We make sure your business functions no matter what!
Download your free Disaster Recovery Planning Checklist from Central Data Storage today.
Call 1-888-907-1227 or email firstname.lastname@example.org to learn more about our disaster recovery solutions.