Disaster Recovery Process Getting Back to Business After Unforeseen Events Review of Potential Disasters Step-by-step Process for Creating Disaster Recovery Protocols System for Resuming Operations After a Disaster Happens
Overview Disaster Recovery Processes have become a frequent topic of conversation over the last several years. Some organizations go to the extreme in making sure that under no circumstance will the business be impacted in the event of a disaster. This is easier to do if you are part of a large institution with lots of resources and offices around the country. Many smaller organizations have not dealt with this subject because they just have too much on their minds as they try to survive day to day. Many people seem to think that investing time in a Disaster Recovery Process is not valuable because the odds are so low that anything will happen. They re okay with just accepting the risks. A few factors have raised the importance of having a business continuity plan when a problem arises. The first is that organizations have become more dependent on technology to operate, so if the power goes out or the data center is physically damaged, it often means the business comes to a halt until the equipment can be brought back online. The second factor is that customers have more ability to move their business to a competitor; in this increasingly competitive market, loyalty to any one vendor has been decreasing for many years. So, if a supplier of goods or services is off the air for more than a few hours, it will not only lose some business, it may lose customers for good. The third factor is that the expectation of a quick recovery from technical difficulties has increased. As larger organizations invest in Disaster Recovery Plans and become more sophisticated in how they manage the business s uptime, customers have become less patient with smaller vendors who have issues that cause downtime. It is not unusual now for a customer to threaten a smaller vendor that has just experienced a disaster by telling the vendor they will move their business if a Disaster Recovery Plan is not put in place. The large customer reasons they cannot depend on the smaller vendor if it is not willing to minimize the risk of downtime, especially when others in the
market have implemented advanced Disaster Recovery Processes. With that said, it s important for any organization to know how their business operations would continue after a disaster. Our process will help you list your potential disasters, plan for how to react, and regularly update your plans so that they are effective. Goals The main goal is to have a plan in place and be ready to act when a disaster happens. In these situations, things are chaotic and happening quickly. You want to have a team that is prepared to act to get your business operations back up and running. By going through and listing all potential disasters, how they impact each division, and what the responses should be in steps, you will have a plan put together to react when a disaster happens. Secondly, this is another opportunity for management to examine and determine the risk that the organization is willing to take. Maybe there are certain aspects of your company that are more important, so you prioritize which areas will receive the most effort to restore. Managers will have the opportunity to look at the business operations as a whole and decide which pieces need to be restored first in the event of a disaster to put the organization in the best position to make a full recovery. These are decisions that executives should be making, not IT. Process Assemble a Team This team should have members from every part of the organization. They will consider the intricacies of their department as you work to develop an organizational Disaster Recovery
Plan. The whole business will be impacted in a disaster, so the whole business must be represented when building a recovery process. Do not restrict membership of this team to just a couple of people, or just the IT department. Executives should also be on the team so that it can take action if any problems arise. Review Each Division Especially look at the IT department, but also every other operation of the organization. Discuss how that division could be built back up in the case of total loss of either the home office or any of the other locations around the world. We say to look closely at the IT department because of the dependence on technology that so many divisions have. IT will play a critical role in the restarting of most of your divisions, so they will need to play a key role in any Disaster Recovery Process. Define Responses This needs to be done for issues of varying severity: Half-day power outage Bad storm that cuts off access to the building for a day Small fire that damages part of the building Tornado that destroys the entire operation Spend time thinking about all of the potential disasters you could face. However, even if you don t think of every possible disaster, by having several disaster plans of varying degrees, it will give you several to choose from when an unforeseen catastrophe takes place. Let s say you live
in an area that isn t known to be prone to flooding, but a 500-year flood comes through and damages your entire facility and it takes days to get back online. You may not have made that particular Disaster Recovery Strategy, but you can probably combine elements from the policy you made for a small fire destroying part of the building and a tornado destroying the entire operation to come up with a workable plan for the hard-to-imagine flood. Once you have gone through an event that you hadn t planned for, have a discussion after the fact to talk about what you did right and what could have been done better. Record your findings and store that plan away until you need it again. Begin collecting these strategies and use them as a playbook when you re faced with a problem. With that said, the time to begin thinking about responses is BEFORE a disaster happens, not after. If you wait until the disaster happens to begin charting a plan you will be slowed down by the chaos of the moment, possibly to the point of not being able to recover at all. Create To Do Lists These will come from the responses you developed to potential disasters in the previous step. Plot out each of the steps it will take to complete the responses. Also, determine who is responsible for completing each task. These will be used in the event of a disaster so that tasks can be handed out and executed quickly. Have Recovery Meetings You should have your team meeting every six months to review the list of potential disasters, responses, and steps. They should discuss any changes that need to be made or additional
disasters to consider. During these meetings it would be a good idea to also practice a scenario or two. You can go around the room and have everyone from the different divisions list off their first five moves. Expected Outcomes By going through each of the steps listed above, your organization will have an ongoing system of preparing for disasters. Not only will you have a full list of potential scenarios and steps for recovering, you also will be regularly meeting to re-evaluate the plans, adding new ones if needed, and practicing scenarios. Having this process in place is a much safer position for an organization to be in than waiting for the disaster to happen to begin planning the recovery process. We expect that you will have several plans of action based on varying degrees of potential disasters, and even if a different disaster that you haven t planned for comes along, you will have enough variety in your Disaster Recovery Plans that you ll be able to adapt them to fit the situation you are in. If you never have to use any Disaster Recovery Plans, fantastic, if you do have to use one, at least you have it ready to go. Don t begin this process in the middle of a disaster.