6. Disaster Recovery Plan

We should never act surprised when a crisis looms. For the correct continuity, we need to be prepared. Although we continue to hope for the best, we have all come to expect the worst, which is where having a disaster recovery plan ready to roll is crucial.

A comprehensive recovery plan will minimize the effect of a natural disaster on business continuity, compliance, and data loss. A good plan also helps speed up recovery from cyberattacks. Not only having a plan is enough. Sana Commerce needs to make sure that the plan never is out of date, insufficient, or worse, nonexistent.

Below are the steps Sana Commerce has taken, and still to this day, take to have a disaster recovery plan that will help prevent data loss, facilitate business continuity, and ensure our customers' regulated data and SLAs remain in compliance.

6.1 Disaster Response Team

With our three lines of support in place, we assign them as our “disaster response team”. They spearhead the recovery efforts and share information with employees, customers, and or partners during a crisis.

We have assigned each support line with specific tasks during the response and documented them, so everyone knows who oversees what.

6.2 RTO and RPO

Recovery time objective (RTO) is the length of time an application can be down before the business is negatively impacted. RTO varies widely among applications because some can be down for only a few seconds before the business, customers, or users are impacted, whereas others can be down for hours, days, or even weeks. RTOs are calculated based on application importance.

Recovery point objective (RPO) is the maximum amount of data that can be lost before the business is significantly harmed, for example, how much buffer you need between an outage and the most recent working backup. RPO is based on how much you are willing to spend to back up a particular application because it can get expensive quickly.

RTO

RPO

Shortest amount of time: Mission-critical applications that must failover

Use continuous replication (mission-critical data)

Medium amount of time: Less critical, so there is time for on-site recovery from bare metal

Use scheduled snapshot replication

Longest amount of time: Nonessential applications that can be down indefinitely

Use existing backup solution (data that can potentially be recreated from other repositories)

6.3 Blueprint of the Network Infrastructure

Sana Commerce keeps a blueprint of the network infrastructure. By having this blueprint, it will be much easier to rebuild the system after a disaster, especially if the network was corrupted by a cyberattack.

6.4 Disaster Recovery Solution

Our backup plans are created in a way that the data is stored for recovery in a different network location than the production customer environment is hosted. In case of a disaster in one network location, the backups are made available to our disposal for direct recovery or can be used as a new production environment.

Sana Commerce creates backups daily, weekly, and monthly for:

  • The content: product images, installed add-ons, and other files uploaded via the file manager.
  • The database and settings: webstore configuration and installation-specific configuration.

The application is deployed automatically by our orchestrator. This allows automated deployment recovery in case something goes wrong.

When there is a disaster situation, for example where the customer's data center is no longer available, we are forced to deploy the Sana Commerce Cloud version to a different cluster location, preferably, geographically, as close to the ERP system as possible.

When Sana Commerce Cloud installation needs to be moved to a geographically different location, we must request from the DNS owner and administrator to change the IP address destination. This is because the IP address of the cluster is different in another location.

6.5 Checklist of Criteria for Initiating the Disaster Response Plan

Disasters are serious disruptions to the functioning of our hosting landscape that exceed its capacity to cope using its own resources. Disasters can be caused by natural, man-made, and technological hazards, as well as various factors that influence the exposure and vulnerability of a community.

Within Sana Commerce, we have identified what the recovery strategy should be per network location, and per resource element within the network architecture.

6.6 Disaster Recovery Process

To ensure data and operations are restored quickly after a disaster, Sana Commerce has created a full step-by-step documentation with instructions so our teams can start the disaster recovery efforts immediately. Sana Commerce also stores a copy of the disaster recovery plan away from our network, to protect it from corruption during a ransomware attack. This plan cannot be shared with any of our customers or partners, due to security concerns.

6.7 Testing of the Disaster Recovery Plan

Sana Commerce conducts regular tests of the disaster recovery plan to ensure it will work when it is required. We run a partial recovery test every quarter and a full recovery simulation annually.