Databack - Récupération de données
Request a quote
THE BLOG

Data recovery : PCA/PRA

pca-pra

BCP and DRP are the logical extensions of a sound risk anticipation and management policy. They largely involve Information Systems, as companies are increasingly dependent on IT tools.

PCA/PRA implementation

There is no such thing as a generic BCP or DRP. Business Continuity Plans and Dis aster Recovery Plans will depend on each company’s profile: business sector, size, infrastructure, etc. A BCP/DRP may even include a dedicated ICP (IT Continuity Plan) and IRP (IT Disaster Recovery Plan) if IT processes are distinct auxiliaries to business processes.

Drawing up a BCP/ERP is based onanalysis andanticipation:

  • Risk analysis: identify the risks, threats and disasters that could affect the company’s business, even considering extreme or unlikely scenarios.
  • BIA (Business Impact Assessment): assess their impact on business processes, identify critical activities and resources, and determine the maximum tolerable downtime.

The definition of risks and their impact enables the definition of prevention and continuity strategies adapted to the company:

  • The aim of preventive measures is to reduce the risk of discontinuity and to anticipate BCP/ERP requirements:
    • detection: computer security, control software, anti-virus…
    • risk mitigation: back-up systems, infrastructure redundancy…
    • data backup: frequency and nature of backups(mirroring, replication, etc.)
  • Remedial measures include all the operational solutions and procedures that will be implemented as part of the BCP/RAP:
    • Implementation of business and/or IT processes in downgraded mode (BCP).
    • Use of an in situ or remote backup site, immediately operational (hot site) or requiring a lead time for commissioning (cold site).
    • Planned resumption of normal activity, or operational service (PRA).

Integrating data recovery into BCP/ERP

A BCP/RAP must meet the requirements defined at the time of its creation:

  • The DMIA (Maximum Permissible Interruption Duration), which sets the RTO (Recovery Time Objective), i.e. the time by which the company’s activity must have resumed.
  • The PDMA (Maximum Allowable Data Loss) or RPO (Recovery Point Objective), conditioned by the freshness of the restored data (date of last backup).

DMIA and PDRA are notions of duration whose values distinguish PRA from PCA. There will be no DRP if the company guarantees uninterrupted, non-degraded service with no loss of data (DMIA and PDRA having a value of zero). However, such performance implies very costly solutions and infrastructures (remote hot site, real-time mirroring of data to a datacenter, etc.). Every company must therefore accept that reducing DMIA and PDRA to zero, while not economically viable, is not necessarily relevant.

Data recovery will therefore be a reasonable alternative in most scenarios. It can compensate for a non-zero PDMA involving a pre-incident backup. In more recent times, data successfully recovered from damaged storage media can be better restored.

Data recovery should be considered as a curative measure as soon as a BCP/ERP is drawn up. By planning it in advance, we can hope for a PDMA close to zero, and a better assessment of the DMIA.

Get a free quote

 

18 June 2018
Back to blog

list of latest articles

KEEP IN TOUCH

SUBSCRIBE TO OUR NEWSLETTER

By entering your email address, you agree to receive the Databack newsletter. You can unsubscribe at any time by clicking on the unsubscribe link at the bottom of the content. You can consult our privacy policy to find out more.
Databack Linkedin