A disaster can strike any business, large or small, and they come in many shapes and sizes. The most commonly thought-of risks to a business are:
- Hardware failure
Plus there are a range of other smaller but possibly more common items to consider:
- Employee hardware theft, or data sabotage
- Lengthy power failures preventing access to systems
- Inability to access your office building
A good disaster recovery plan will assess the importance of your business’s assets against these risks and will document, point-by-point, how to recover from the disaster.
Begin by listing all of the possible scenarios that you can consider that would disrupt your business. Take the list above, and expand on it. Do you have branch offices? Do you have interconnected systems? What about a failure of a supplier that you depend on for day-to-day services?
Of each scenario, identify the likelihood of the scenario occurring versus the impact it would have on your business. If the power goes off, people cannot access their computers, and your servers will run on battery. But what about the cooling systems? Would you be better off with a generator, or a one-hour response agreement for a generator? And what’s your testing plan for this?
Risk Management & Reduction
Of each risk, decide, as a company, what you are going to do about it. If you have identified that your business is extremely vulnerable to flooding due to there being a nearby river, for example, what is the cost of insuring against this each year plus the cost and time associated with rebuilding your business elsewhere, versus just moving to the first or second floor of that building (if that is deemed sufficient), or moving entirely to new premises?
In addition, consider technology advantages when managing and reducing risk. Services such as online backup and cloud computing mean that your business could potentially operate from anywhere on the planet; this means that, should the worst happen, as a business all you would need to source is desk space, power, telephony and staff, and your business would resume where you left off.
Other questions your business should consider:
- How long can we afford to have no telephones for?
- How do we re-route our phone number?
- Do we have an up-to-date list of all of the contacts we would need?
- Have we got all the usernames, passwords and security details ready?
There will be more items to consider; the above list is not exhaustive.
It is common for businesses to be held together by complex and lengthy procedures that only a few key people know. Information Technology systems are inherently complex and reconstructing a system in a disaster is a challenging task. This is why it is important that as well as the risks being identified, the solutions should also be documented.
If it is critical that the telephone system is updated or re-routed to a bank of phones within an hour of a disaster occurring, your Business Continuity plan should detail exactly how to do this with step-by-step procedures and any supporting documentation.
Testing & Reporting
No plan is complete without regular testing. It is up to the business to regularly review this document and, as the business changes, ensure the plan meets and exceeds the business’s requirements. Your Business Continuity Plan should be regularly tested and updated, passwords and procedures checked, and a testing report completed at the end of each test cycle.
The success of your business in the event of a disaster, no matter how big or small, depends on this document. Update it frequently and ensure that it is distributed (in paper form!) to the people who will need to execute it.
We can help
Disaster Recovery analysis and Business Continuity planning is a risky area and requires specialist analysis. If you are unsure about how to analyse your business’s weak spots and plan for the success of your business should a disaster occur, contact Kamazoy for expert advice.