It has been a real reality check in 2020 when it comes to disaster preparedness. With a global pandemic raging across the world, it’s hard to see past the fact that a disaster recovery plan (DRP) is the right choice for your business. If you live in the Atlantic and Gulf Coast or California, you better be thinking how a DRP can be integrated into your day to day business.

There are many things that go into the DRP but first is actually knowing the vulnerability is to the business and in that case, you need a Business Impact Analysis (BIA) completed. This provides the basis for your DRP. Lets now discuss high level what you will need to look at for a BIA.

A BIA is a report that gives you an idea of what would happen if your business suffers a catastrophic event. So in simple terms, it exposes your business vulnerability. It allows you to understand the impact of an event and what it means for the delivery of goods and services. Some questions to consider are:

  1. What happens when there is a loss or delay of income and revenue generation?
  2. What are the regulatory consequences?
  3. Are there any contractual obligations to your customers or supply chain?
  4. What is the exposure to the loss of customers?
  5. How will my employees get paid?

Notice that I haven’t even mentioned IT yet. That’s because all these are the top level issues that have a profound impact on your IT systems and eventual recovery.

The next questions to ask are what can disrupt your business. This is where you need to be thinking out of the box. As you need to think of all the ways your business could be possibly impacted. This is more than just identifying events, its identifying what those events will do to your business. For example:

  1. Loss of computer equipment and critical IT systems
  2. Destroyed production machinery
  3. Unable to access offices or data centers
  4. Loss of suppliers (local supply chain that could also be impacted by the event)
  5. Loss utilities (electric, water, sewage)
  6. Total or severe loss of personnel

Assuming you have the BIA completed, you now understand the extent of your exposure. So lets now talk about a DRP as it pertains to IT that will mitigate your vulnerability via the BIA.

Clearly, IT being recovered efficiently isn’t any good unless you have people to use it. So first you will need a plan for your employees. Remember, they will quite possibly be impacted also by the event. So first order is making sure your employees are secure. If your in an area where there is potential for widespread destruction, it could be beneficial to have a plan to get your essential employees out of the disaster zone. If they are worried about their families safety, they are not going to worry about business restoration. So first step is having a plan for ensuring the safe relocation of your employees. If it is possible to factor this in, you probably should at least for essential personnel.

What goes into a DRP? There are several key questions that you have to ask yourself. These are in direct correlation with the high level questions above in the BIA. For example:

  1. What are the Systems that need to be Protected?
  2. Are There Any Dependencies on The Protected Systems?
  3. What’s RPO/RTO for These Systems?
  4. What Are Essential Personal Required for Recovery and Operations of These Systems?
  5. Where Will They be Recovered?
  6. Does the Recovery Site have the Resources for a Sustained Outage? (Days, Weeks,  Permanent)
  7. How do I Replace Destroyed IT Systems?
  8. How Will Those Compute Resources Be Restored Back to the Premise? (Back to The Original Systems)
  9. How Often Do I Test The Procedure?
  10. How Much Will It Cost Me in Terms of People, Processes, and Products (Software and Services)?
  11. Will You Need People to Assist with the Recovery?
  12. Who will require access and how will they access these systems once restored?

IBM has a great Disaster Recovery Plan but there are several DRP’s available online in Word format. A simple google search on “Disaster Recovery Plans” returns several options. Any will work, the important thing is that one be adapted.

Finally, realize no DRP will be successful without testing and validation. This is THE most important step in the process once a plan is put together. It also has to be exercised on a periodic basis to ensure the plan is still relevant. Otherwise, your risk will again increase over time because your business constantly changes and thus requires adjustments to the recovery plan.

Whether 2021 is another record year for disasters remains to be seen, however, with proper planning, there should not be undue anxiety over whether your business will survive the inevitable.

Comments are closed.