In previous articles, we discussed disaster planning and the fact that ALL businesses should have a comprehensive Backup/Disaster Recovery Plan (BDR). To fully protect your business, it needs a comprehensive Disaster Recovery Plan (DRP) that encompasses both Operations and Computer Systems (IT). Data and systems are important, but people are more important.
A full DRP should include:
- Team identification and responsibilities
- Identification of critical functions
- Response processes
- Employee contact information
- Vendor and Client information and notification processes
- Premise evacuation procedures and alternate employee meeting places
- Emergency Operations Center (EOC) activation
- A full IT Contingency Plan.
However, even the most comprehensive documentation won’t do you any good if it is not tested, refined, and updated. How else would you know if your plan actually works?
I come from a corporate background and I’ve seen beautiful binders with seemingly comprehensive disaster plans. They were even sent electronically to all employees to ensure that everyone got them. I’m also reasonably sure that very few people actually read them. Here’s a few questions to ask yourself:
- How often do you test and update the operational and IT aspects of your Disaster Recovery Plan?
- Have you performed a controlled taken down of your systems and brought them back up at the alternate data center?
- Can employees access critical systems during the test?
- Have you tested your data backups as well as your onsite device and cloud fail overs?
- Does everyone have the appropriate contact information for their positions?
- Are employees familiar with business hour and after hour disaster processes?
- Have your employees even read the plan?
- Is there a clear chain of command if the CEO/President/Business Owner cannot be reached during or after a disaster?
These are questions that business owners and corporate executives need to know. You should look at tested Disaster Recovery Plans like insurance. You hope you never have to use it, but you’ll be thankful you have it should the need arise.
Testing also affords you the opportunity to add processes and procedures for areas that tests show need improvement. Disasters come in many shapes and sizes. As soon as something happens that you didn’t previously anticipate, it should be documented and contingency actions added to the DRP. Testing fosters continuous improvement. Testing also ensures that your employees know what to do when the time comes.
If you haven’t put together a DRP, don’t despair — Act! Create an interim or temporary plan. It may not have everything you need, but it will give some direction should catastrophe strike. A tested “light” DRP will serve you much better than a full, untested one. As soon as you can, start working on a full, comprehensive plan. It’s a must have for business survival.
When facing another disaster like Hurricane Sandy, the last thing you want to find out is that your untested Disaster Plan doesn’t work.
Don’t be a statistic! Plan ahead and constantly test and refine your plan. For more information on disaster planning, I encourage you to visit the Disaster Recovery Journal website at www.drj.com.