If an unexpected, serious incident happened tonight, would your business be prepared? Every business needs to have a plan in place for protection from events that can prevent it from continuing normal operations. However, too often, many businesses choose to utilize an outdated plan in need of revisiting, or worse yet, choose to operate without a comprehensive recovery plan in place. Every business needs to take a series of straightforward steps in preparing for a potential disaster to reduce both the risk and impact should the worst scenario occur - it's a four letter word called PLAN.
Creating an effective disaster recovery plan involves determining the recovery point and recovery time objective for each aspect of your business, including assessing the potential risk for disaster. Once you have this information, you can easily create a protection plan that meets your company's needs and ensures security of your resources in the future.
Here are five basic steps that will make your disaster recovery planning process easier:
Perform an Operational Analysis
Reviewing the physical security, critical services, passwords and user accounts, and backups and data storage of your business will provide a clear map of where it currently stands and how it operates. This knowledge is important and plays a key role in determining what type of plan needs to be in place in the event of a disaster.
It is also recommended to perform a data access audit, explore existing anti-virus software, and monitor internet and email use. Once each of these factors is assessed, it is easy to create a roadmap for moving forward. Understanding these aspects of your business will help lay the foundation for your plan.
Conduct a Risk Analysis
Assessing potential risks to your business that could result in a disaster or emergency situation is a vital business practice. It is necessary to review all possible incident types, as well as the impact each may have on your business's ability to continue performing its normal business services. There are many potential events that may cause disruption and necessitate the use of a disaster recovery plan, including environmental disasters, loss of utilities and services, equipment or system failure and other similar emergency situations.
Evaluating all document, data and information systems and understanding your business's vulnerability to a threat and identifying alternatives to deal with these issues is essential. Performing these analysis techniques enables you to avert possible negative effects a disaster will have on your business.
Identify Tolerances for Downtime and Recovery Priority
The next step in preparing your plan is to understand the ability of your business to tolerate downtime in an effective manner. What length of down time merely registers as an interruption, and what length of time offline requires a full recovery effort?
Once you made this distinction, you should prioritize the aspects of your business which require immediate attention in the case of a disaster and determine which ones can go on the back burner -assess which business needs have to be up and running within minutes or hours of a disaster, and which ones can be down for 24 hours, for a week, or for two. Being aware this information will prove helpful when trying to calculate the amount of time the execution of your recovery plan is allowed to take in getting your business completely back up and running.
Generate and Command Recovery Teams
Before you can develop and delve out tasks to members of a disaster recovery team, it is necessary to create an organizational chart. This chart will ensure that all members of the team, once selected, clearly understand their roles and overall mission.
Once you have a detailed plan and organizational chart developed, establish your disaster recovery team. The selection of members for your disaster recovery team is very important. Individuals selected must have the ability to step in with technical and management skills and make the on-the-spot decisions required during a disaster.
Once chosen, meet with your team to define roles and responsibilities. Have each member build a customer and employee contact list identifying those individuals they will be responsible for should a disaster occur. This will prove to be beneficial in the event of a disaster as the members will need to remain in constant communication and work together to complete the recovery process as quickly as possible in the event of a disaster. Avoiding confusion as to which tasks are to be completed by who is vital.
The next step is to review all materials with the entire team before releasing it to the rest of your company. Review the plan step by step, develop scenario test plans, and evaluate those test results. Perform ample trials ahead of time to ensure the plan you publish is as tailored to your business as possible and has the lowest risk for error should the need to execute it occur.
Publish, Support and Maintain the Plan
Compile all of the information you have gathered, developed and tested in your Disaster Recovery Plan preparation and publish a comprehensive document for key staff members, clients and vendors. Develop a Disaster Recovery Plan communication chart, making sure to keep this document as current as your most current organizational chart.
Not only do your employees need to be prepared and understand their responsibilities in the event a disaster strikes your business, but you must communicate to your customers on how you plan to support them. Let them know what to expect from your business in the event of a disaster. Provide each with emergency contact information and alternate methods for placing orders and sending invoice payments if possible. Any service you provide your customers must be accounted for and planned out in your disaster recovery plan and then communicated appropriately.
Perhaps most important is to perform ongoing maintenance on your disaster recovery plan. Remember to constantly ask yourself, "Will yesterday's plan fit today's reality?" The needs of businesses change at an alarming rate and with continued technological advances it is critical to revisit your plan on a regular basis. As new applications, hardware and software are added to your infrastructure, they must be brought into the plan.
The Bottom Line
Having a Disaster Recovery Plan established provides protection for your business and all of its components. An updated and tested plan also provides assurance that systems will perform effectively in the event of a disaster occurring. Being able to follow a pre-planned disaster recovery plan will also minimize the need for crucial decision making during a disaster and make meeting short deadlines attainable.
While it is nearly impossible to have your business completely prepared for an unforeseen disaster, having a solid plan in place now will keep your business safe should one happen in the future.
Harry Stephens is President/CEO, and founder of DATAMATX, one of the nation's largest privately held, full-service providers of printed and electronic billing solutions. As an advocate for business mailers across the country, Stephens is actively involved in several postal trade associations. He serves on the Executive Board of the Greater Atlanta Postal Customer Council, Major Mailers Association (MMA), PCC Advisory Committee (PCCAC), and the board of the National Postal Policy Council (NPPC). He is also president of The Imaging Network Group (INg), an association for electronic service bureaus.
Creating an effective disaster recovery plan involves determining the recovery point and recovery time objective for each aspect of your business, including assessing the potential risk for disaster. Once you have this information, you can easily create a protection plan that meets your company's needs and ensures security of your resources in the future.
Here are five basic steps that will make your disaster recovery planning process easier:
Perform an Operational Analysis
Reviewing the physical security, critical services, passwords and user accounts, and backups and data storage of your business will provide a clear map of where it currently stands and how it operates. This knowledge is important and plays a key role in determining what type of plan needs to be in place in the event of a disaster.
It is also recommended to perform a data access audit, explore existing anti-virus software, and monitor internet and email use. Once each of these factors is assessed, it is easy to create a roadmap for moving forward. Understanding these aspects of your business will help lay the foundation for your plan.
Conduct a Risk Analysis
Assessing potential risks to your business that could result in a disaster or emergency situation is a vital business practice. It is necessary to review all possible incident types, as well as the impact each may have on your business's ability to continue performing its normal business services. There are many potential events that may cause disruption and necessitate the use of a disaster recovery plan, including environmental disasters, loss of utilities and services, equipment or system failure and other similar emergency situations.
Evaluating all document, data and information systems and understanding your business's vulnerability to a threat and identifying alternatives to deal with these issues is essential. Performing these analysis techniques enables you to avert possible negative effects a disaster will have on your business.
Identify Tolerances for Downtime and Recovery Priority
The next step in preparing your plan is to understand the ability of your business to tolerate downtime in an effective manner. What length of down time merely registers as an interruption, and what length of time offline requires a full recovery effort?
Once you made this distinction, you should prioritize the aspects of your business which require immediate attention in the case of a disaster and determine which ones can go on the back burner -assess which business needs have to be up and running within minutes or hours of a disaster, and which ones can be down for 24 hours, for a week, or for two. Being aware this information will prove helpful when trying to calculate the amount of time the execution of your recovery plan is allowed to take in getting your business completely back up and running.
Generate and Command Recovery Teams
Before you can develop and delve out tasks to members of a disaster recovery team, it is necessary to create an organizational chart. This chart will ensure that all members of the team, once selected, clearly understand their roles and overall mission.
Once you have a detailed plan and organizational chart developed, establish your disaster recovery team. The selection of members for your disaster recovery team is very important. Individuals selected must have the ability to step in with technical and management skills and make the on-the-spot decisions required during a disaster.
Once chosen, meet with your team to define roles and responsibilities. Have each member build a customer and employee contact list identifying those individuals they will be responsible for should a disaster occur. This will prove to be beneficial in the event of a disaster as the members will need to remain in constant communication and work together to complete the recovery process as quickly as possible in the event of a disaster. Avoiding confusion as to which tasks are to be completed by who is vital.
The next step is to review all materials with the entire team before releasing it to the rest of your company. Review the plan step by step, develop scenario test plans, and evaluate those test results. Perform ample trials ahead of time to ensure the plan you publish is as tailored to your business as possible and has the lowest risk for error should the need to execute it occur.
Publish, Support and Maintain the Plan
Compile all of the information you have gathered, developed and tested in your Disaster Recovery Plan preparation and publish a comprehensive document for key staff members, clients and vendors. Develop a Disaster Recovery Plan communication chart, making sure to keep this document as current as your most current organizational chart.
Not only do your employees need to be prepared and understand their responsibilities in the event a disaster strikes your business, but you must communicate to your customers on how you plan to support them. Let them know what to expect from your business in the event of a disaster. Provide each with emergency contact information and alternate methods for placing orders and sending invoice payments if possible. Any service you provide your customers must be accounted for and planned out in your disaster recovery plan and then communicated appropriately.
Perhaps most important is to perform ongoing maintenance on your disaster recovery plan. Remember to constantly ask yourself, "Will yesterday's plan fit today's reality?" The needs of businesses change at an alarming rate and with continued technological advances it is critical to revisit your plan on a regular basis. As new applications, hardware and software are added to your infrastructure, they must be brought into the plan.
The Bottom Line
Having a Disaster Recovery Plan established provides protection for your business and all of its components. An updated and tested plan also provides assurance that systems will perform effectively in the event of a disaster occurring. Being able to follow a pre-planned disaster recovery plan will also minimize the need for crucial decision making during a disaster and make meeting short deadlines attainable.
While it is nearly impossible to have your business completely prepared for an unforeseen disaster, having a solid plan in place now will keep your business safe should one happen in the future.
Harry Stephens is President/CEO, and founder of DATAMATX, one of the nation's largest privately held, full-service providers of printed and electronic billing solutions. As an advocate for business mailers across the country, Stephens is actively involved in several postal trade associations. He serves on the Executive Board of the Greater Atlanta Postal Customer Council, Major Mailers Association (MMA), PCC Advisory Committee (PCCAC), and the board of the National Postal Policy Council (NPPC). He is also president of The Imaging Network Group (INg), an association for electronic service bureaus.
