Every year businesses close their doors in the wake of a disaster. We’ve seen numerous warnings from industry groups, government agencies, and the business press about the need to plan ahead. While the oft quoted statistics regarding business failures after a disaster are up for debate, it is clear that many businesses have significant challenges following a disaster, and for some, those challenges are fatal. Any organization that doesn’t have a realistic and robust plan is likely to be in dire straits when the worst happens.
Disaster Recovery (DR) and Business Continuity (BC) are two areas that every organization needs to be concerned with. Understanding the two topics and how they relate is critical not just for IT staff but for leadership throughout the organization.
Disaster Recovery typically refers to the actions taken immediately after an event. This could be as small as a server crashing or as significant as a major natural disaster. Regardless of the event itself, a DR plan consists of immediate actions to be taken to restore critical services to normal operation as quickly as possible. DR is often seen as an exclusive domain of the IT department, but without involvement from outside stakeholders, the priorities for restoration determined by IT may not match the needs of the business. IT may own the execution of the plan but they should not be the only ones writing it.
Business Continuity is a much broader process that needs to include more than IT. This is the planning process that will determine how your organization will continue to operate under different kinds of adverse circumstances. This is where thinking about dealing with worst case scenarios really becomes important. While your IT systems should and must be included in BC, there’s a lot more to the subject than just computers and networks. After all, how would you operate if you lose a facility or if your workforce cannot reach the office? What about a major issue that leaves you unaffected but impacts your customers or suppliers? These types of scenarios need to be considered when discussing BC plans.
If you’re wondering where you stack up as far as BC and DR planning are concerned, consider the following checklist:
1. Does Business Continuity and Disaster Recovery readiness have support of top management in your organization?
- Are executives outside of IT aware of the plans?
- Do they understand what impacts they can expect?
- Are other folks engaged in the planning process?
2. Have you conducted a business impact analysis (BIA) to quantify and rank the business and financial risk of disruptions to all vital functions and related systems?
- Who wrote the BIA and how often is it updated?
- Do your DR and BC plans mirror the priorities in the BIA?
3. Do you have written plans and a process that includes back-up and archive procedures?
- How are backups performed?
- What types of backups are being done?
- Are backups regularly tested?
4. Have you tested your Disaster Recovery Process using a worst case scenario (i.e. loss of facility)?
- How often is testing done?
- Is the testing realistic?
- Can you meet all recovery time requirements?
5. Have you taken action to mitigate known risks and single points of failure (e.g. power loss, physical access, etc.)?
- What are your organizational weak points?
- Are there new weak points that have developed over time?
6. Do you understand the available Disaster Recovery and Business Continuity options and their related costs?
- DR and BC can be expensive – what tradeoffs are you willing to make?
- Do you have an adequate budget to support your Disaster Recovery Plan
7. Do key employees know what their roles are in the event of a disaster?
- Communications may be severely disrupted. Who has decision making authority?
- Do you know how to reach all of those key players?
8. Are your plans updated regularly to keep it current with business needs?
- Have you changed service providers, added capabilities, expanded the organization, or engaged in any significant changes since the plan was written?
Now that you’ve thought your way through the checklist, hopefully you have a warm fuzzy feeling that even if the worst happens, you’ll be okay. If on the other hand, you aren’t sure about your plans, there’s no time like the present to get out ahead of the problem. Download a PDF version to bring to your next meeting and share the checklist with your team.
SAI’s IT Strategy and Operations practice has extensive experience around DR and BC planning. We’d like to hear about your concerns and challenges, and could provide insightful knowledge around gaps that may exist. Reach out at the link above or send me an email at email@example.com to learn more.