It’s wintertime in the US. You and your staff are likely planning some well-earned time off over the holiday season. Before you put the champagne on ice, however, it must be remembered that winter can bring some brutal storms – putting your business’s data center at risk of damage.
As such, it’s time to review your disaster recovery planning checklist to make sure your business-critical data survives the winter.
What Is Disaster Recovery Planning?
All it takes is one big storm to wreak havoc with your business.
Power outages in winter are common – and the fact is the US has more power outages that any other developed country.
It’s crucial, therefore, if you want to relax at all over the holiday season, that you have a recovery strategy in place to protect your business from data loss in the event of a disaster.
But what is a backup and recovery plan?
Put simply, a disaster recovery plan (or DR plan for short) is a plan to ensure business continuity in the event of a data disaster.
It is a plan that defines your organization’s processes, policies and procedures for protecting and recovering your data should a natural disaster or other threat such as a data breach strike your organization.
For HIPAA compliant businesses, DR plans are a requirement – not an option.
The HIPAA Security Rule clearly stipulates that covered entities (healthcare providers, plans and clearinghouses) must implement technical, administrative and physical safeguards to ensure the confidentiality, integrity and availability of electronic protected health information (ePHI) at all times.
Specifically, the legislation states that covered entities must have the following plans in place to protect ePHI in the event of a disaster:
- Data Backup Plan: Establish and implement procedures to create and maintain retrievable exact copies of ePHI.
- Disaster Recovery Plan: Establish and implement as needed procedures to restore any loss of data.
- Emergency Mode Operation Plan: Establish and implement as needed procedures to enable continuation of critical business processes for protection of the security of ePHI while operating in emergency mode.
Failure to comply with the HIPAA Security Rule can result in huge fines for your business – and that’s before any additional losses are accounted for in terms of damaged reputation, lost customers and business downtime.
To ensure you’re in full compliance, it’s helpful to have a disaster recovery checklist to guide you through what you need to do to make sure you’re protected during the winter storm season we’re facing now – plus the hurricane season next year, as well as the perpetual threat of cyberattacks.
Disaster Recovery Planning
The first step of the process is to catalogue your business’s crucial data, so you know what you need to protect.
The likelihood is that your business uses multiple devices and services – from laptops and smartphones to internal servers and cloud storage.
The question you need to ask yourself is, should a natural disaster strike and render any of these devices useless, would you be able to recover the data?
What you need to know is:
- What data you have stored
- Where it’s stored
- How costly it would be to lose it
RPOs and RTOs
Understanding what data you have and where it is will help you prioritize your disaster recovery planning.
For all your data, you need to determine a recovery point objective (RPO). This describes the amount of data that can be lost before significant harm to your business occurs.
It is essentially a measure of how frequently you create backups. For example, if you back up your data once every 24 hours, then you must be able to accept a maximum of 24 hours’ worth of data loss should a disaster strike.
Recovery time objectives (RTOs) are similar though distinct from RPOs. The RTO describes how much time can pass before the disruption begins to seriously impact business operations.
Put simply the RTO dictates how long you have to recover your data following a disaster.
HIPAA Compliant Remote Data Backup
When a snowstorm is raging outside, it’s too late to start backing up your files. You need to be prepared beforehand.
Best practices dictate that you keep two backups of your critical business data onsite – one at the source on the device and a second on an external drive or network-attached server.
However, onsite backups don’t protect your data from a localized disaster. As such, a third copy of your data should be maintained via an online backup service to an offsite data center.
For HIPAA covered entities, this means seeking a HIPAA-compliant data backup and recovery provider that can meet your RPOs and RTOs.
Altogether, this is known as the 3-2-1 backup method, whereby you have three (3) copies of your data, two (2) of which are onsite on different types of storage devices and one (1) of them offsite with a HIPAA-compliant provider of cloud-based backup and recovery solutions.
Your Disaster Recovery Planning Checklist
To ensure all bases are covered for your DR plan, it helps to have a disaster recovery planning checklist to work through.
There are four essential steps you should take to build a robust disaster recovery planning checklist.
- Assign Responsibility: Assign specific roles and responsibilities within your organization as to who will manage both your primary data storage and your backups.
- Seek a Data backup and Recovery Cloud Services Provider to Automate Your Backups
- Document Key Contacts and Information: Create a contact list of all critical vendors, suppliers, partners, clients and employees you will need to notify should a disaster strike.
- Create a Recovery Procedure with Clear Steps to Remedy Data Disruption: Key points in this step include:
- Back up data to a secure, HIPAA compliant data center
- Create a plan to restore data in a timeframe that meets your RTO
- Set regular backup times that meet your RPO
- Test your backup regularly
Central Data Storage offers a fully supported cloud backup and recovery solution for HIPAA compliant businesses.
With automated backups, you can relax knowing that your data will always be backed up and safe in our highly secure data center over the winter (you don’t even need to think about them).
Our solution is designed to get your business back up and running in two hours, with a full data restore complete within 24 hours should a disaster strike. We make sure your business functions no matter what.
Download your free Disaster Recovery Planning Checklist from Central Data Storage today.
Call 1-888-907-1227 or email firstname.lastname@example.org to learn more about our disaster recovery solutions.