The Importance of Disaster Recovery Planning

The Importance of Disaster Recovery Planning

Every few months, it seems, a major natural disaster strikes somewhere in the world — reminding everyone how vulnerable we can be to the whims of Mother Nature. Most recently, it was super storm Sandy, which paralyzed much of the northeastern U.S. for weeks. And here in California, of course, we live under the ever-present threat of the Big One — a severe earthquake that could cause catastrophic damage stretching from Los Angeles to San Francisco.

As a business leader or executive, one of your most important responsibilities is to make sure your company is well prepared for a disaster. This includes not only huge natural disasters like earthquakes and storms, but also relatively small but just as potentially damaging disruptions like power outages, computer and server crashes, burst pipes leading to floods, and security breaches.

Creating a DRP

The best way to prepare your business for such disasters and disruptions is to create a detailed disaster recovery plan, or DRP. Such a plan usually consists of two main components:

1. Emergency response procedures in the immediate aftermath of the disaster.

Your goal should be to get critical infrastructure, networks and systems back up and running quickly so you can resume normal business operations as soon as possible. This starts with your physical facility, including IT and communication systems, software applications, and hardware components and equipment that are vital to your critical operations.

It’s important to create a list of all the things you would need to restart your business operations quickly and then store this list in a safe location away from your business facilities — perhaps in a bank safe deposit box. These items may include client files, financial records, laptops, PDAs, servers, computer disks, ledgers, work in progress, etc. On your retrieval list, indicate specifically where these items are located in your facilities so you can hopefully locate them quickly, if necessary, and rank them in order of their importance to restarting your operations.

2. Plans to keep the business going in the longer term (weeks or months) after the disaster.

Here, your goal is to minimize the potential long-term impact of the disaster or disruption by getting production and/or service back up to pre-disaster levels as quickly as possible, and then maintaining these levels going forward. The Gartner Group reports that 40 percent of businesses that go through a disaster are no longer in business five years later — this underscores the importance of long-term disaster recovery planning.

Gauging Your Vulnerability

It’s also important to determine where your business is most vulnerable to a disaster or disruption by identifying risks that are specific to your company and then quantifying their potential impact on your operations. Then you can prioritize the various steps in your disaster recovery plan so that the most important functions are brought back up to speed first.

The best way to do this is to conduct a business impact analysis. Such an analysis places all systems and functions into one of four categories of importance:

1. Critical — Systems and functions without which your business cannot operate. Disruptions = low tolerance + high cost.

2. Vital — Systems and functions that could temporarily be performed manually, if necessary. However, they should be fully restored as soon as possible — typically within one to two weeks. Disruptions = moderate tolerance and cost.

3. Sensitive — Systems and functions that could be interrupted for a longer period of time without serious business impact, other than possibly having to hire additional staff. Disruptions = minimal tolerance + moderate cost.

4. Non-critical — Systems and functions that could be interrupted for an extended period of time with little or no impact on your business. Disruptions = minimal tolerance + minimal cost.

Designating Your Team

Your business impact analysis should also designate a disaster recovery team that will be responsible for managing all post-disaster recovery efforts. The team should include key employees who are vital to communications and restoring critical systems and functions. Their tasks may include:

§  Notifying employees about when and where to report for work.

§  Making sure that critical data is retrieved from an off-site storage location.

§  Handling public relations and media communications.

Concluding Thoughts

Los Angeles and Southern California business leaders and financial executives cannot afford to neglect the critical task of disaster recovery planning. It’s easy to think that disasters always happen somewhere else, to someone else, but the reality is that they could strike any company, anywhere, at any time — so the time to prepare is before a disaster strikes your business. An outsourced CFO services provider can help you identify where your business is the most vulnerable and then create a disaster recovery plan that addresses your specific vulnerabilities.

No Comments

Post A Comment