Disaster and Business Continuity Planning

Do you have a disaster recovery plan that would adequately protect your organization? Just ask any of the hundreds of firms and businesses affected by disasters, whether they are natural or man-made and they will tell you all about the perils of not having a continuity plan. No one can ever predict when or even […]

Written By Stephen Balzan

On April 18, 2017
"

Read more

Do you have a disaster recovery plan that would adequately protect your organization? Just ask any of the hundreds of firms and businesses affected by disasters, whether they are natural or man-made and they will tell you all about the perils of not having a continuity plan.

No one can ever predict when or even if a disaster will strike an organization. There is no way to tell when one will feel the impact caused by a natural disaster, a disgruntled employee, faulty hardware or virus. The only thing we can do is to plan.

By following these steps, any organization can prepare an effective disaster recovery plan:

1. Assign the Team

To design a disaster plan, one needs a team. Creating the plan should not be left up to any one member of the organisation. The project requires a team leader, representatives from each department, a list of individual responsibilities, and a fixed due date. The team should meet regularly during the plan development process and then present the final plan to management.

2. Understand the Risks

A properly written disaster plan will help one’s organization recover from potential disasters, so it is very important that the disaster plan focuses on specific issues that may become reality.

For example, a business organization located on a sunny island will not plan for the impact of floods caused by a heavy rainfall. The team should determine all potential dangers and rate their potential impact on the company or firm.

Disasters also encompass technology-related incidents, including viruses, failed hardware and unapproved network access. In addition, one should also consider the disaster that could happen if the company or firm were to lose a key executive.

Whether natural or man-made, the team should focus on worst-case scenarios. Questions include, “How would we continue to operate if we had no access to the building, the computers, and company records for a period of several days?”

3. Develop the Plan

In the event of an emergency or disaster, an effective recovery plan should document what will be done, by whom, and in what order.   The plan should clearly define who is in charge of the disaster recovery before the disaster strikes.

The plan should include all documentation needed by the disaster team in the event of an emergency. The plan and related documentation must be maintained at an off-site location.

For example, the first priority after a disaster is to locate all firm/company employees. Depending on the size of one’s organization, this would be done by a single person or by a call team. In order to call everyone in response to an emergency, the call team must have access to telephones, a current list of employees and their contact information.

Other documentation might include network documentation, an inventory of all software, a list of customers, and a vendor listing. All documentation must be updated on a regular basis to ensure that the correct information is available from an off-site location during a disaster.

4. Involve Everyone

The development of the disaster recovery plan is a team effort; so it is important that everyone at the company understand his/her responsibilities if a disaster strikes. However, since most employees’ only responsibility might be to alert the disaster coordinator, the staff would simply need training and the required resources.

The success of the firm’s response is clearly tied to the amount of training that was provided to the employees, they should know who to call and must also have access to the resources, phone numbers, or e-mail addresses with them to instantly respond.

5. Test the Plan

A well-designed disaster plan is only a plan and nothing more. Testing the plan will help one learn if it is complete and effective, and will give one the chance to improve the plan in a non-crisis timeframe.

6. Mitigate the Risks

Although a tested, informative, and practical plan helps a company recover in the event of a disaster, there are several actions an organization can take to avoid a disaster:

  • Keep off-site documents up-to-date
  • Invest in quality computers and technology professionals
  • Diligently defend the security of the network
  • Back up every file, every day
  • Write and maintain a disaster recovery plan
  • Train employees
  • Test the disaster recovery plan

In the ideal world, writing disaster plans would be unnecessary and considered to be a waste of time. However, life has taught us the importance of being well prepared for the potential impact of a disaster. No one knows when disaster will strike. Our best, and sometimes only defense, is to be prepared.

How can we help?  

For further information, please contact one of the firm’s tax partners, Stephen Balzan on [email protected] or Elaine Camilleri [email protected]. ACT can help you understand the changes to the tax rules and how these can impact your business.  

Apart from its offices in St. Julian’s Malta, ACT operates from a second office in Gozo, which is situated in the capital city of Victoria.  For an appointment in our Gozo office, please call on 00356 21378672 or send us an email on [email protected]. 

Disclaimer: This article contains general information only and is not intended to address the circumstances of any particular individual or entity. ACT, by means of this article is not rendering any accounting, business, financial, investment, legal, tax, or other professional advice or service. This article is not a substitute for such professional advice, nor should it be used as a basis for any decision or action that may affect your finances or your business. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. Before making any decisions or before taking any action that may affect your finances or your business, you should consult a qualified professional adviser. ACT shall not be responsible for any loss whatsoever sustained by any person who relies on this article.