Do you have a disaster recovery plan that would adequately protect your organization? Just ask any of the hundreds of firms and businesses affected by disasters, whether they are natural or man-made and they will tell you all about the perils of not having a continuity plan.
No one can ever predict when or even if a disaster will strike an organization. There is no way to tell when one will feel the impact caused by a natural disaster, a disgruntled employee, faulty hardware or virus. The only thing we can do is to plan.
By following these steps, any organization can prepare an effective disaster recovery plan:
1. Assign the Team
To design a disaster plan, one needs a team. Creating the plan should not be left up to any one member of the organisation. The project requires a team leader, representatives from each department, a list of individual responsibilities, and a fixed due date. The team should meet regularly during the plan development process and then present the final plan to management.
2. Understand the Risks
A properly written disaster plan will help one’s organization recover from potential disasters, so it is very important that the disaster plan focuses on specific issues that may become reality.
For example, a business organization located on a sunny island will not plan for the impact of floods caused by a heavy rainfall. The team should determine all potential dangers and rate their potential impact on the company or firm.
Disasters also encompass technology-related incidents, including viruses, failed hardware and unapproved network access. In addition, one should also consider the disaster that could happen if the company or firm were to lose a key executive.
Whether natural or man-made, the team should focus on worst-case scenarios. Questions include, “How would we continue to operate if we had no access to the building, the computers, and company records for a period of several days?”
3. Develop the Plan
In the event of an emergency or disaster, an effective recovery plan should document what will be done, by whom, and in what order. The plan should clearly define who is in charge of the disaster recovery before the disaster strikes.
The plan should include all documentation needed by the disaster team in the event of an emergency. The plan and related documentation must be maintained at an off-site location.
For example, the first priority after a disaster is to locate all firm/company employees. Depending on the size of one’s organization, this would be done by a single person or by a call team. In order to call everyone in response to an emergency, the call team must have access to telephones, a current list of employees and their contact information.
Other documentation might include network documentation, an inventory of all software, a list of customers, and a vendor listing. All documentation must be updated on a regular basis to ensure that the correct information is available from an off-site location during a disaster.
4. Involve Everyone
The development of the disaster recovery plan is a team effort; so it is important that everyone at the company understand his/her responsibilities if a disaster strikes. However, since most employees’ only responsibility might be to alert the disaster coordinator, the staff would simply need training and the required resources.
The success of the firm’s response is clearly tied to the amount of training that was provided to the employees, they should know who to call and must also have access to the resources, phone numbers, or e-mail addresses with them to instantly respond.
5. Test the Plan
A well-designed disaster plan is only a plan and nothing more. Testing the plan will help one learn if it is complete and effective, and will give one the chance to improve the plan in a non-crisis timeframe.
6. Mitigate the Risks
Although a tested, informative, and practical plan helps a company recover in the event of a disaster, there are several actions an organization can take to avoid a disaster:
- Keep off-site documents up-to-date
- Invest in quality computers and technology professionals
- Diligently defend the security of the network
- Back up every file, every day
- Write and maintain a disaster recovery plan
- Train employees
- Test the disaster recovery plan
In the ideal world, writing disaster plans would be unnecessary and considered to be a waste of time. However, life has taught us the importance of being well prepared for the potential impact of a disaster. No one knows when disaster will strike. Our best, and sometimes only defense, is to be prepared.