Why a Disaster Recovery Plan for the SMB is Important Today
Making a Disaster Recovery Plan
In the beginning, it’s usually one of two incidents that bring you to the DR planning table to map out your data protection services. Either there’s an oversight group, like a Board of Directors, who would like to see the company’s disaster recovery plan formalized, or there’s been a really large, really embarrassing incident.
If it’s the former, you can look at it from the business perspective that your company has reached a size and complexity that people are interested in codifying what’s been in your head for some time. After all, as an IT manager or Office Manager, you’ve gotten the team through countless, maybe daily, small crises and the business has survived. Now it’s a matter of thinking out that structure you already know and passing it down.
If it’s the latter, take heart. By engaging in a thorough, competent disaster recovery plan process, your company is acknowledging that it could have done better, and this opportunity for thoughtful growth doesn’t come along every day.
Regardless, if you’ve been asked to design a disaster recovery plan for your team, it’s time to sharpen your pencil and drink an extra cup of coffee today – this is going to require your brain. Data protection services is an involved process.
It will also require your friends and relationships at work, as you can’t do this alone. If you’re relatively new to your organization and don’t have the depth of knowledge about processes and business goals, you will need to start by partnering up with a company historian. Someone who has been around long enough to know, who is comfortable sharing knowledge, and who might even be an asset in a time of disaster recovery plan activation. I mention this now, because if you are very new to the company, you will need this person to be with you all the way through the planning process. Begin bribing them now, we will wait.
Once you have assembled these early resources, you’ll need to begin by getting up to speed on your building and city processes. Are you required to vacate the property after so many minutes of power outage? What if the bathrooms don’t work for a specific period of time? Does your area have a history of bad flooding, or tornados, or robberies? Do the same for any other offices your company operates. Remember that even within a region, weather patterns, power companies and other impact factors can vary significantly, so don’t hesitate to reach out to your co-workers to get the best on the ground information. Getting this information together can help you when you begin to develop your response plan.
Next, outline the company’s assets that could be impacted by one of the issues you discovered above. (If you didn’t discover any issues, make one up – this can be fun. What’s the worst thing that can happen to your company?) Is your data storage vulnerable? How about a hosted application that’s accessed via the internet? What about physical equipment? Receivables are an asset, so think about what would impact your company’s ability to collect and earn money.
For each instance you’ve described, list next to it the compensating recovery item. For instance, if your physical building were damaged, you have insurance or a property manager. If your computer hardware were destroyed, you have cloud-based backup. If you’re unable to process payroll, you have the ability to direct wire funds to each employee.
If you have any items that are left unaddressed, you should think about the processes involved and measure the impact of an extended outage. If you have items that are addressed, but in a way that would leave you out of operations for more than a day, you need to back those up with a Plan B.
Your building being destroyed is a great example of this. Of course you have insurance if it’s your own facility, or a property management team if you rent. The more immediate point is what you do with the first forty-eight hours following a disaster, so what is your Plan B for office space?
Not every line item requires a Plan B, but many will. Once you get this outline finished, you’re going to need to consult with your buddy to make sure you don’t have any gaps in your plan or unforeseen processes that will be impacted during an outage.
Finally, write your disaster recovery plan up in two parts. Make an Executive Summary that outlines the basics and is no more than a page or two. Then go into detail for each scenario, backing up your thinking. If implementing your disaster recovery plan requires training or budget or change management, get approval to start those processes and away you go!
Kathleen Hurley, COO at Fidelity Networks, has over 15 years’ experience as a business services CIO, a background as a small business owner, and more than a decade as a web developer. Kathleen says that her MBA in IT from the University of Wales and her BA in English allow her to do two things really well: read the directions and speak to fellow humans. Her dissertation was on Women in Information Technology and considered the international financial implications of an understaffed IT industry.
If you want more information on how to protect the lifeblood of your business, please contact us. As consultants who specialize in data protection services, we can offer you total protection solutions.