Nobody likes a setback. Nobody likes having to rebuild something that was already built. Even if that rebuild is just a workflow, or even if it just means pressing a few buttons, entering passwords, and…
Who are we kidding? Nobody really likes disaster recovery prep.
But it can be made easier. It can be done faster, and with less effort, and with less head scratching. Just as with any exercise, it stops being quite the burden that it was at the start.
So, how can your credit union improve its disaster recovery?
That all starts with the business impact analysis (BIA).
What IS a Business Impact Analysis?
In short, a BIA is a concentrated look at your credit union’s infrastructure, systems, and processes. It studies what happens if one, several, or all of them are shut down.
Who is affected? Which other systems are affected? What impact does it all have on your credit union?
And, of course, for how long?
A good BIA provides a comprehensive evaluation of credit union operations—which are critical, which are vital, which are important, and which are just handy. Analyzing these systems and their importance to your credit union offers a rough look at your priorities: where do you start rebuilding in the event of a disaster or malfunction?
What Is a Recovery Time Objective?
A recovery time objective (RTO) is the stated amount of time it should take to restore a system or process to its fully functional state.
RTOs are not time estimates pulled out of thin air, either. They’re determined by necessity. If an end user needs a process running four hours after a disruptive event, then four hours is the starting RTO.
However, there are times when an end user’s timetable and reality don’t align. Sometimes pure logistics get in the way. It’s not uncommon that an IT department can’t hit a four-hour RTO because a system takes a full six or eight hours to recover. When this incongruity occurs, then it’s time to find out what must be done.
Can you change your RTO? Can systems be upgraded to reach that initial RTO timetable? What would it take to meet your objectives, and what happens—or what else is affected—if you don’t?
The Role of Disaster Recovery Testing
It’s quite possible that a credit union BIA will have several unattainable RTOs. Those RTOs may be incorrect because the estimated time to recovery wasn’t completely accurate—estimates are, after all, only estimates. It’s also possible that end users may realize that their projected recovery timetable wasn’t right.
There’s only one way to know these things for sure:
Disaster recovery testing.
Sure, nobody really likes rebuilding things that are already built, but practice makes perfect. Practice shows you where your flaws are. It guides you through various scenarios and lets you adjust your approach so you can improve.
During disaster recovery testing, try to hit your RTOs. After disaster recovery testing, you’ll know what needs to change.
You can better understand your disaster RTOs by doing a complete BIA. Then, you should update your BIA to reflect what you learned by disaster recovery testing.
Having a clearer picture of which systems are important—and how long they take to recover—will help you in the event of a disaster, malfunction, or system failure. You’ll have a better idea of what you need to do, by what time, and why.
As a bonus, you’ll have experience when it really happens. That means less time spent rebuilding something that was already built before. You’ll thank yourself when the stakes are higher.
If you’d like to read more about how to keep your credit union safe and operational no matter what the world throws at you, subscribe to our blog! Or, if you really like the topics at hand and don’t want to wait for the next blog post to come out, follow the links below.