Unless you’ve been living under a rock, you’ve probably seen the images of Nashville, TN following the devastating flood of 2010. While the Corps of Engineers has dubbed this the 1000 year flood, that isn’t consoling business or home owners who’ve lost everything – or practically everything.
As is the case in these situations, many people are now wishing they had planned ahead for such a disaster.
Virtually every business today relies heavily on technology and automated systems to run effectively and efficiently; and disruption of those systems, even for a few days, could cause severe financial hardship and even threaten the business’ survival. Disaster planning is a necessary evil that you hope you never need to implement, but in the case of a catastrophe you need a comprehensive plan that will help you recover and get back on your feet quickly.
Continued viability of your business will depend on your leadership team’s awareness of potential disasters (who could have predicted a 1000 year flood in Nashville, TN?), their ability to develop and implement a plan to minimize disruptions of critical systems and their capability to quickly recover and get back in operation.
The primary objective of a disaster recovery/business continuity plan is to Be Prepared. Prepared to protect your assets in the event of a natural or man-made disaster that disables part or all of your operations and/or computer systems. I can’t tell you how many people here now wish they had been prepared. Other objectives include:
- Minimizing delays
- Providing a sense of security
- Ensuring reliability of standby systems
- Minimizing the risk of decision mistakes in the wake of a disaster
- Provide a standard for testing the plan and making necessary adjustments
So, how do you develop a disaster recovery plan? In this 3 part series, I will walk you through a simple process to help get you started on your own plan. But please note, while the process may be simple, actually developing the plan is anything but.
Ten Steps to creating a disaster recovery plan
1. Gain Top Management Support & Commitment – The first step in developing any plan is obtaining top management support and commitment for the program. Without their commitment, the plan may be written but it will never get off the ground. Management should be responsible for coordinating the plan, enlisting key stakeholders and establishing and communicating the vision within the organization.
2. Establish a planning committee – This committee should be responsible for defining the scope of the plan, and the development, coordination and implementation of the plan and should be comprised of representatives from all major functional departments within the organization, including the operations manager and IT manager.
3. Perform a risk analysis – The planning committee should spearhead a risk analysis to determine possible disasters to be covered by the plan, including natural disasters, technical and human threats and a business impact analysis (BIA) to determine the potential risks associated with a disaster. The BIA has two components: 1) exploratory – to determine vulnerabilities and 2) Planning to identify strategies to minimize risks.
4. Establish priorities – Each functional department should be evaluated to identify such areas as:
- Functional operations
- Key personnel
- Critical information to be protected
- Processing systems
- Service requirements
- Documentation needed
- Vital business records
- Key policies and procedures
Considered the following: how long could ___ department/organization function without each critical system. Critical needs are identified as the necessary procedures and equipment required to continue operations should a department, call center, headquarters or combination thereof be destroyed or become inaccessible. One method to consider when identifying the critical needs is to document all the functions performed by each department, highlight the primary functions and then rank the operations and processes in order of priority: critical, essential, important and non-essential.
5. Determine recovery strategies – Research and evaluate the most practical alternatives to recover operations and processing in the event of a disaster. Pay special attention to the following aspects of your organization:
- Hardware
- Software
- Facilities
- Communications
- Data files
- Customer services
- Operations
- Business Operating System
- End-user systems
- Other processing operations
6. Perform data collection – Develop pre-formatted forms that will help you gather critical information you’ll need such as:
- Critical phone numbers
- Master call list
- Master vendor list
- Computer hardware and software inventory list
- Notification checklist
- Office supply inventory
- Off-site storage location(s)
- Equipment inventory
- Inventory list
- Forms inventory
- Insurance policy information/inventory
- Data backup files/inventory
- Telephone inventory
- Temporary location specifications
- Other
7. Develop a written plan – Start with an outline of what needs to be included and get management approval before proceeding. Starting with an outline will help you visualize and develop a plan road map. It will also help the team organize their thoughts, identify critical procedures and major steps to be included, identify redundant procedures that need to be developed only once and utilized throughout the plan. Be sure to standardized the format you’ll use to assemble the information, especially if multiple department heads will be responsible for content. Be thorough and include all procedures to be used before, during and after the disaster, including methods for maintaining and updating the plan, who’s responsible for what etc.
8. Test the plan – thoroughly document, test and evaluate the effectiveness and practicality of the plan on a regular basis (at least annually). This step is critical to ensure that you’ve evaluated the feasibility of the plan, identified opportunities for improvement, demonstrated a reasonable ability to recover and provided motivation for maintaining and updating the plan on a regular basis.
9. Approve the plan – Following final testing, the management team should approve the plan for implementation. (Don’t forget to actually implement it!)
10. Communicate the plan to all employees and provide proper training to employees and managers
Disaster recovery/continuity planning is much more than off-site storage and data backup files; is a type of insurance for your business – it may not prevent the disaster, but it will help ensure you are not financially ruined if one comes your way. As a leader you should develop and implement a written, comprehensive plan that addresses the critical aspects of your business.
