Disaster Recovery Plan for ServiceNow Users
Disaster recovery is essential in supporting an organization’s overall business continuity strategy.
A well crafted and tested disaster recovery plan helps to minimize the impact of a disaster and ensure organizations can restore operations quickly.
It’s important for disaster recovery to encompass all business functions, solutions and infrastructure. However there are some elements of a disaster recovery that are particularly relevant to SaaS-based solutions such as ServiceNow.
For example, a disaster recovery plan should define and make the relevant employees aware of what the SaaS provider is responsible for, and what it can do in the event of a disaster.
Without this understanding, organizations might assume the SaaS provider is better able to support its customers requirements than they really are.
For example, ServiceNow’s backup and restore technology does not allow users to control the backup schedule, retains backups for a relatively short amount of time, and requires downtime during the recovery process.
Such limitations mean ServiceNow’s out of the box backups will not meet every organization’s requirements for disaster recovery, and they may need a purpose-built backup and restore solution for ServiceNow, like Snapshot.
Learn more about Snapshot and how it lets users take control of their ServiceNow backups.
Table of contents:
Defining a Disaster
In business, a disaster is considered to be an event that disrupts operations, whether natural, intentional or accidental. Example causes of disaster events include:
- Natural disasters (such as weather events or earthquakes)
- Malicious acts (including data breaches, ransomware and DDoS attacks)
- Human error
- System failure
- Political disruption, conflict, terrorism etc.
- Infrastructure breakdown (such as power outages, transportation disruption)
- Pandemics
What is Disaster Recovery?
Disaster recovery describes an organization’s plan and the various protocols and systems in place to resume “normal” operations following a disaster.
It includes the policies that help define what to do in the event of a disaster, and who is responsible for it.
It also describes the contingencies organizations have in place to support disaster recovery such as backup and restore solutions and the policies that define the backup schedule.
Disaster recovery may also extend to the construction, maintenance and/or use of a second, physical data center. However, this has been made less common due to the availability of cloud infrastructure.
Disaster Recovery vs. Incident Response
In enabling business continuity, both disaster recovery and incident response are essential. Where disaster recovery describes how things can be made better following a disaster, incident response describes the immediate actions taken that stop things getting worse.
In the event of a fire for example, incident response would describe the things that need to happen when a fire is detected.
I.e. smoke detectors or somebody discovering the fire triggers an alarm, trained employees attempt to suppress the fire, other employees evacuate to a defined point, etc.
These protocols are in place to limit the extent of disruption and damage, which in turn, makes the recovery process (in the fire analogy – repair, fumigation etc) easier to manage.
Why is Disaster Recovery Important to ServiceNow Users?
For many organizations using ServiceNow, the platform is central to their operations, supporting IT service delivery, customers and various employees in departments around the enterprise.
As such, a disaster event affecting the platform can have a significant impact on the wider organization.
Initially, the impact is felt in reduced productivity, downtime and data loss, and without a sufficient plan for disaster recovery, organizations also risk suffering reputational damage, lost customers/revenue, and even legal repercussions.
Having a carefully crafted and tested disaster recovery plan that encompasses ServiceNow helps organizations limit the fallout and recover quickly with less disruption.
Essential Components of Disaster Recovery for ServiceNow Users
As a SaaS provider, ServiceNow has its own contingencies in place that limit the potential disruption their customers could face, should ServiceNow itself be affected by a disaster.
However, this does not mean an organization can hand over complete responsibility to the SaaS provider.
An understanding of where ServiceNow’s liability and capabilities end, and where your organizations’ begins is a start. But organizations should also consider taking matters into their own hands, even when ServiceNow’s liability and capabilities cover an incident.
Having the ability to recover is one thing, but having the capacity and agency to recover on your terms is better still.
With this in mind, these components of disaster recovery are essential considerations for ServiceNow users …
Risk Control Measures
The requirements for a robust disaster recovery plan can be split into the three types of risk control measures.
Preventive measures: the things an organization can do to avoid disaster or limit its impact. This could be limiting the potential for human error through training and good observation of well-devised policy. It could also be ensuring backups are taken every X hours to limit the amount of data that may be more difficult, or even impossible to recover.
Detective measures: the things that allow an organization to identify a disaster event either ahead of time, or as quickly as possible after it begins. A typical example of a detective measure is system monitoring capabilities and/or solutions.
Corrective measures: the things that allow an organization to recover quickly following a disaster event. This includes measures such as an organization’s backup and restore solution(s) and the policies that support it.
Documenting and Testing the Disaster Recovery Plan
Having a formalized plan that employees are made aware of is critical. The plan should include policy outlining the employees that are responsible for undertaking/overseeing the aforementioned risk control measures, and detail what should be done to train such employees.
Where and how data is stored should be reviewed and anything requiring particular attention (such as sensitive data) should be identified in the policy and addressed in the plan, as well as the communication protocols to follow in the event of a disaster.
Finally, both the plan and the relevant solutions and protocols should be periodically tested.
Recovery Time Objective and Recovery Point Objective
Ideally, disaster recovery planning should outline and be shaped by a recovery time objective (RTO) and a recovery point objective (RPO).
RTO describes how quickly an organization is able to recover, with the objective being to recover before suffering significant disruption that may carry long-term consequences.
RPO describes the point in time that systems can be recovered to. For example, one regular daily backup could mean the organization may lose up to 24 hours of unrecoverable data.
Improving the RPO would require the creation of more regular backups, and/or a policy to initiate backups when certain, critical and/or substantial changes have been made.
Backup and Restore Solutions
Backup and restore is central to disaster recovery, so ServiceNow users should also understand what’s available to them. While ServiceNow does provide backup and restore capabilities, those capabilities have significant limitations, including:
- Full backup retention limited to 14 days
- No control over the backup schedule
- No ability to backup on-demand
- No control over what is included in a backup or restore
- Recovery requires instance downtime
Related post: The Full List of ServiceNow Backup and Restore Limitations to Watch Out For
How Perspectium Supports ServiceNow Disaster Recovery
By providing ServiceNow users with greater control over the backup and restore process, Perspectium improves organizations’ ability to recover from disaster.
Its Snapshot application is natively installed within ServiceNow, and allows users to:
- Backup to a user-defined schedule
- Create on-demand backups as and when required
- Create unlimited backups and retain them indefinitely
- Backup and restore quickly without affecting ServiceNow’s performance
- Restore without any ServiceNow downtime
- Granularly control what is backed up and restored with condition-based filtering
- Related resource: Get the Snapshot solution sheet.
Contact us today to learn more about how Perspectium’s Snapshot improves ServiceNow users disaster and recovery capabilities.