Disaster Recovery Planning

Nobody wants to think about the possibility of tornados, hurricanes, floods or any other act that could possibly ruin a company’s data. Although the above aren’t as common in some areas, certainly everybody has experienced some form of power outage. Whatever the cause, the loss of critical data from your electronic sources can ruin your business. So how does one protect themselves? By simply creating a disaster recovery plan and then implementing it.

Surprisingly, statistics show many businesses are unprepared when it comes to creating a disaster plan. It is said that 40 percent of all small businesses will go out of business if they cannot get their data in the first 24 hours after a crisis while 43 percent of companies never resume business following a major fire.

To protect yourself, the first thing you should do in building your disaster recover plan is to obtain top management commitment. Management should be responsible for coordinating the disaster recovery plan and ensuring its effectiveness within the organization. Adequate time and resources must be committed to the development of an effective plan as well. These resources could include both financial considerations and the effort of all personnel involved.

Second, establish a planning committee. A planning committee should be appointed to oversee the development and implementation of the plan. The planning committee should include representatives from all functional areas of the organization. Key committee members should include the operations manager and the data processing manager. The committee also should define the scope of the plan.

Third, perform a risk assessment, The planning committee should prepare a risk analysis and business impact analysis that includes a range of possible disasters, including natural, technical and human threats. Each functional area of the organization should be analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk assessment process should also evaluate the safety of critical documents and vital records.

Traditionally, fire has posed the greatest threat to an organization. Intentional human destruction, however, should also be considered. The plan should provide for the “worst case” situation. It is important to assess the impacts and consequences resulting from loss of information and services. The planning committee should also analyze the costs related to minimizing the potential exposures.

Fourth, establish priorities for processing and operations. Evaluate critical needs of each department including functional operations, key personnel, information, processing systems, service, documentation, vital records and policies and procedures. When prioritizing, analyze and determine the maximum amount of time that the department and organization can operate without each critical system.

Critical needs are defined as the necessary procedures and equipment required to continue operations should a department, computer center, main facility or a combination of these be destroyed or become inaccessible.

A method of determining the critical needs of a department is to document all the functions performed by each department. Once the primary functions have been identified, the operations and processes should be ranked in order of priority: essential, important and non-essential.

Create a written plan and test this plan once the above is considered. And of course get approval for the plan.

Last, consider data recovery strategies. The quickest and easiest way to help ensure that the business can be recovered should it suffer a loss is to get copies of your data out of the building into a second location.

Whether your business is small or large, practicing the above will keep you from being another closed business statistic.