You are in charge of your firm’s computer operations. It is your responsibility to keep things operational 24×7. But have you adequately addressed your disaster recovery needs? In my previous post “Disasters from A to Z“, I discuss types of disasters that might affect your operations. Disasters come without warning and with different degrees of severity, so it is best to be prepared and have a plan.
In analyzing your level of disaster recovery preparedness you should ask yourself these questions:
- My firm understands disaster recovery preparedness and we are prepared to recover
- My firm understands disaster recovery preparedness and we are not prepared to recover
- My firm understands disaster recovery preparedness but we do not want recovery planning
- My firm does not understand recovery planning
These are important questions to ask yourself because knowing which category you fall into is the first step to recovering from a disaster.
It can be argued that you can live without disaster recovery planning. This is true. In addition, disaster recovery planning varies from firm to firm, industry-to-industry, and level of technology dependence. So there is no one solution. You will have to develop a plan to meet the needs of your business.
Here is a quick model that might help. Ask yourself what are the key business functions in your company. Now list the IT and business resources that support these functions. Next, assume that you are no longer able to maintain the continuity of one of these functions because of a disruption (see “Disaster Recovery-A Beginners’ Guide“).
Now estimate the financial impact to this loss based on the length of the disruption- one-minute, one-hour, one day. Multiply this number for every business function you cannot maintain. You can now see the costs of a disruption to your operations.
So where do you start?
- Conduct a business impact analysis (BIA) to develop a “what if” scenario. This will help focus on areas that are critical.
- Get management approval and buy in.
- Define your minimum acceptable recovery configuration for your environment.
- Be detailed in your recovery steps. Everyone and anyone should be able to follow the plan.
- Cover all critical business units and their dependents.
- Ensure there is adequate staff to back those that are affected by a disruption including yourself.
- Keep the plan current. As changes to your environment occur, update your plan accordingly.
Finally, the most important part of disaster recovery planning is testing. This is where you can address deficiencies in your plan. Initial, the more testing you do the better. Once the bugs are worked out of your plan, future testing will go smoothly. Test Test Test. Have business units test and have your auditors review and provide comments.
An effective disaster recovery plan can ensure your business operations can continue with minimal zero interruptions.