Disaster recovery plan
NEXT has a structured disaster recovery plan that establishes procedures to recover service operations from a disruption resulting from a disaster. The types of disasters contemplated by this plan include natural disasters, political disturbances, man-man disasters, external human threats, and internal malicious activities.
Critical systems and services
From a disaster recovery perspective, NEXT defines two categories of systems:
These are all systems not considered critical by the definition below. These systems, while they may affect the performance and overall security of critical systems, do not prevent critical systems from functioning and being accessed appropriately. Non-critical systems are restored at a lower priority than critical systems.
These systems host application servers and database servers or are required for the functioning of systems that host application servers and database servers. These systems, if unavailable, affect the integrity of data and must be restored, or have a process begun to restore them, immediately upon becoming unavailable.
Recovery time and recovery point objectives
NEXT aims for zero data loss and high availability, however we also understand that systems can go wrong and that such targets usually unattainable or highly expensive. As a part of our business continuity plan, we set recovery time objectives (RTO) and recovery point objectives (RPO) that aim to strike a balance between cost and benefit.
RTO is the amount of time it takes to restore NEXT during a period of unavailability. While we aim to keep this period of time as minimal as possible, there might be anticipated scenarios where it may take longer that expected. As a result, we advise a RTO within than 24 hours of failure.
RPO is the amount of time that an organisation accepts it may lose in a recovery operation. At NEXT, we perform full database backups every 24 hours and we also keep the database transaction logs. This means in an ideal scenario we can restore our database to within minutes of when service is interrupted, resulting in minimal data loss if any. Failing that, we expect to be able to restore to a full database backup. As a result, we revise a RPO of 24 hours.
Testing and rehearsal
NEXT performs coordinated testing and rehearsals of the disaster recovery plan annually. This includes a retrospective and tabletop reenactment in order to identify lessons learned and improvements to playbooks and operating procedures.