Key Takeaways
- Disaster plans for websites are crucial to ensure business continuity under various stressful situations including natural disasters, malicious actions, hacking, user errors, and dependency failures. These plans detail the steps that all employees will take in such situations to ensure that the business can still function as close to normally as possible.
- Key considerations for disaster planning include determining how long your website or application can be down, planning for potential disasters of varying scales, conducting mental exercises with key personnel, creating robust backup systems, and developing and sharing processes for disaster response. Non-IT personnel who may be involved in the disaster response should also be aware of the plan.
- The most important aspect is creating a comprehensive disaster plan, understanding it, and keeping it up-to-date. This includes taking advantage of tools offered by your host for daily backups, monitoring, secure account isolation, and technical support. Regular testing of the disaster recovery plan is recommended to ensure its effectiveness.
This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
When business managers, team leaders, and others plan for business continuity, they’re being forward thinkers. Plans are created to ensure that the business continues to operate under a variety of stressful situations – natural disasters, deaths, malicious actions, and more. Businesses create disaster plans for websites, buildings, human resources, financial transactions, relocation of assets, replacement of equipment – anything and everything.
When considering disaster plans for websites, you have to consider a lot of those things, but you also have to consider things like hacking, user errors, and dependency failures (Looking to learn how to better manage dependencies? Take a look at the Managing Dependencies course on SitePoint Premium).
The key elements of these business continuity and disaster plans are often the processes. These detail the steps that all of the company’s employees, whether there is only one employee, dozens, or even thousands, will take in these types of situations to ensure that the business can still function as close to normally as possible. If the business cannot weather such storms, they may not have a company to return to when the crisis is over.
For maintainers of websites and web applications, disaster plans can be crucial, but are often overlooked for the same reason that business continuity plans as a whole are – they are only useful when something bad happens, and while normal day-to-day operations occur, they seem like a waste.
Disaster Plans for Websites
One of the first things that you should ask yourself (or your team) when considering what you’d like to do about disaster planning for websites that you maintain, is this:
How long can your website or web application be down?
How long can you go without customers visiting, interacting, and purchasing things? How much money will you lose per minute or hour that your site is down, or how many leads may be lost? Do you have service level agreements with your customers, and if so, are they guaranteed a certain percentage of uptime? When will you reach that limit?
Planning for Disasters
Some disasters for your business are epic and regional or even global in proportion, while others might not even make the local news. Here are a few examples of situations that may need planning and forethought:
- Natural disasters such as earthquakes, tornados, hurricanes, or fires. What will happen if your datacenter(s) are damaged or destroyed?
- Shutdown of critical services or products that are integral to your business such as customer relationship management software, accounting software, social media, version control repositories, hosting services, and more.
- Revoked access to a resource. What if a security issue of some kind, or a human error by someone working at a service used by your website or application prevents your site from accessing that service? If you use a mail-sending service, do you have a fallback if your API requests suddenly start failing? How long will it take to change services or troubleshoot and resolve the issue?
- Hacking. You hopefully have security measures in place, yes, but do you have a plan for when those measures fail? Backups to revert to, or methods to detect and remove intruders, to patch vulnerabilities quickly, to revoke compromised user credentials?
- Loss of key personnel (the bus test). Can your website survive the loss of one key engineer, devops person, designer, or support specialist?
Conducting Exercises
Once you’ve brainstormed about the above scenarios, and others you can think of, you may also want to bring together key personnel from your various teams (if you have them) and conduct some mental exercises. Put yourselves into the situation. If X happened, and then Y happened, what would we do? Brainstorm. You may come up with more deficiencies in your plan, ideas for new processes that are required.
Backup Systems
Backups are a key consideration. Not only backups of data such as files, databases, media, etc, but also of credentials (are they stored somewhere besides the mind of a single user?). Services are another consideration. Do you have backup CDNs, mail services, NPM packages for various purposes? Do they have implementation plans? Licenses for any paid software or services?
It’s better to consider the backup strategy for your website before you even launch it. Check your hosting company’s backup policies. Some provide extra backup solutions along with their hosting services. Our hosting partner SiteGround offers a powerful in-house tool for daily backups and fast data recovery.
Developing and Sharing Processes and Access
Developing processes and sharing them is also a key feature of disaster planning. Creating processes for recovering data from a backup, troubleshooting procedures for responding to an outage, and other similar situations is certainly important, but documenting those processes and sharing them with relevant personnel is the other half of the battle. Moving through troubleshooting or disaster response processes quickly and efficiently can mean the difference between the end of a business and a minor public relations bump in the road.
Sharing the Disaster Plan
Non-IT personnel who need to be involved should be aware of the situation and the plan. For instance, HR may have to be involved in hiring key replacement personnel, or consultants may need to step in to assist while the company does that replacing. An accounting department may need to be aware of services that are being paid for recovery purposes, and so on.
Conclusion
The most important thing is that you and your colleagues create a disaster plan, understand it, and keep it up to date. You should take advantage of the tools offered by your host. SitePoint’s hosting partner, SiteGround, not only offers daily backups, but also monitoring, secure account isolation and expert technical support. Do you have any experiences you’d like to share about disaster planning or about situations in which you’ve faced disaster response? Share them in the comments below!
Frequently Asked Questions (FAQs) on Creating Disaster Plans for Websites
What are the key elements of a website disaster recovery plan?
A comprehensive website disaster recovery plan should include the following key elements: a detailed inventory of all hardware, software, and data; a clear understanding of the business processes and priorities; a strategy for data backup and restoration; a plan for hardware and software replacement; a communication plan for informing stakeholders about the disaster and recovery process; and a testing and maintenance schedule to ensure the plan remains effective and up-to-date.
How often should I test my website disaster recovery plan?
It’s recommended to test your website disaster recovery plan at least once a year. However, if your website undergoes significant changes, such as a major redesign or the addition of new features, it’s advisable to conduct additional tests to ensure the plan remains effective.
What is the role of a disaster recovery team in a website disaster recovery plan?
A disaster recovery team is responsible for implementing the disaster recovery plan in the event of a disaster. This includes tasks such as restoring data from backups, replacing damaged hardware and software, and communicating with stakeholders. The team should include individuals with a range of skills, including technical expertise and project management.
How can I ensure my data backups are secure?
Data backups should be encrypted to protect against unauthorized access. Additionally, backups should be stored in a secure location, such as a fireproof safe or an off-site data center. Regular testing of backups is also important to ensure data can be successfully restored when needed.
What should I include in my communication plan for a website disaster recovery?
A communication plan should outline who needs to be informed in the event of a disaster, what information they need to receive, and how this information will be communicated. This may include employees, customers, suppliers, and other stakeholders. The plan should also specify who is responsible for communicating this information.
How can I minimize downtime during a website disaster recovery?
Minimizing downtime during a website disaster recovery can be achieved through a combination of proactive measures, such as regular data backups and hardware redundancy, and reactive measures, such as a well-practiced disaster recovery plan and a skilled disaster recovery team.
What is the difference between a disaster recovery plan and a business continuity plan?
While both plans aim to ensure an organization can continue to operate in the event of a disaster, a disaster recovery plan focuses specifically on restoring IT and data capabilities, while a business continuity plan covers all aspects of the business, including operations, staffing, and supply chains.
How can I assess the effectiveness of my website disaster recovery plan?
The effectiveness of a website disaster recovery plan can be assessed through regular testing, which should include a full simulation of a disaster scenario. The results of these tests can be used to identify any weaknesses in the plan and make necessary improvements.
What are the potential consequences of not having a website disaster recovery plan?
Without a website disaster recovery plan, an organization may experience extended downtime, data loss, reputational damage, and financial loss in the event of a disaster. Additionally, the lack of a plan may result in a slower and less efficient recovery process.
How can I ensure my website disaster recovery plan remains up-to-date?
A website disaster recovery plan should be reviewed and updated regularly to account for changes in the website’s infrastructure, technology, and business processes. Additionally, any lessons learned from testing or actual disaster scenarios should be incorporated into the plan.
Jeff works for a startup as a technical writer, does contract writing and web development, and loves tinkering with new projects and ideas. In addition to being glued to a computer for a good part of his day, Jeff is also a husband, father, tech nerd, book nerd, and gamer.