What would happen if your information systems went down right now? Is your business at risk if they come back up in one hour? Two hours? Eight hours? A day or two? Are you missing deadlines for bids? Would your employees and vendors be paid on time? Can your business run from an alternate location? Basically, just ask yourself this question: What can I afford to lose? These are all questions that the management team should answer.
In today’s IT-based culture, companies use network servers and SANs (Storage Area Network) to store and process large volumes of data. Employees use desktop computers, laptops, iPads and tablets to enter, import, process, and manage files and documents. Everyone uses email and smart phones to share information. So, what happens when those systems become unavailable or simply fail? By developing a well-structured disaster recovery plan, your company should be able to handle critical business processes during unforeseen IT outages.
Disasters typically fall into two main categories. The first is natural disasters such as fire, hurricanes, tornadoes, floods or earthquakes. The second category is manmade disasters, which include computer viruses, hardware failures, extended power outages, intentional employee misconduct, or failed implementations or upgrades. With proper planning some of these instances could be avoided altogether. So, how can you maintain business operations if your facility is lost or damaged? This requires thinking outside the box and asking questions. What is the worst thing that can happen - hurricane or tornado? What if the office is safe but the employees cannot get to work, or the building is damaged and there are no working computers? Even a lengthy power outage can disrupt your working environment. How long can your business survive and what is the cost of downtime?
The principal objective of a good disaster recovery plan is to develop, test, and document a well-structured and easily understood plan. This plan should assist a company to recover as quickly and effectively as possible from an unforeseen disaster or emergency that interrupts information systems and business operations in a cost effective manner.
Characteristics of a good disaster recovery plan should include:
All essential and critical infrastructure elements, systems and networks
Periodic testing to ensure that it can be implemented in an emergency situation
Training for management and employees so they understand how the plan will be used, when it will be used and their roles and responsibilities
If your company does not have a disaster recovery plan, where do you start?
Identify critical processes and backup strategy. What must happen to keep the business running? Pay employees, order materials, bid new work, communicate with existing jobs, etc.
Establish offsite facilities for an emergency level of service within a specified number of hours. Can you run your business from another location? Do you have all the equipment and materials needed to run the business at that location?
Decide what constitutes a condition for failover. Who pulls that trigger?
Create checklists of useful reminders and steps of what to do. These printouts should be given to the management team to be stored in their office and at home. These lists should include an updated key personnel contact list and notification calling tree. Also, a list of external contacts such as insurance companies, customers, vendors, suppliers and associated calling tree.
Identify key personnel and train them on their roles and responsibilities. Take payroll for example: how many employees have access to payroll and could run checks if needed? Is there check stock, envelopes, and other office supplies stored at an alternate location? If you have a Sage backup, what about 3rd party add-ins such as check writing software? What would it take to cut a check from an alternate business location if needed?
Identify steps or processes to resume normal business operations and how to failback.
Test the plan! There is no such thing as a test disaster plan that fails. Everyone learns from the exercise and items for improvement are identified.
Disaster Recovery plan requirements will be different for each company and should be custom tailored for their level of business needs. A plan could be as simple as an offsite backup for small businesses and redundant complex plans for larger business. Now at this point I must caution you that a backup is no good without testing restore capabilities. You can have a backup file with lots of data but it is worthless if you cannot restore the data. Test, test, test!
There are many tools and templates online that will assist you in setting up or updating your disaster recovery plan.
or simply google “disaster recovery plan templates”
If you would like more information on joining the TUG IT Committee, contact Angela Martin at firstname.lastname@example.org.