Building an Effective Business Disaster Recovery Plan
With protests, tropical storms and wildfires affecting millions in the midst of a global pandemic, 2020 has left virtually no business in the U.S. untouched.
If anything has become clear, it is that all businesses need a robust “Disaster Recovery Plan”, or DRP. Even if you already have one in place, now is a good time to examine how well your DRP applies to the variety of events that many businesses are facing right now.
Traditional risk management and insurance policies help at the very most basic level, but a strategic DRP can mean being able to provide full continuity of your services - regardless of the disaster scenario at play.
The overall goal of a DRP is to avoid and/or limit the amount of downtime that your business suffers. With the right recovery plan in place, you can return to regular operations quickly, and in the process, undergo as little impact as possible.
Form a Disaster Recovery Team.
Disaster Recovery presents a massive undertaking, but one that is very doable with the assistance of your team, vendors, and other parties with an interest in your business. This includes affiliated firms, bankers, IT professionals, and others. Establish clear roles, expectations, authority, and require all to have a plan in place. Your head of operations or office manager often provides an ideal team lead for the DRP.
Business Impact Analysis.
Not all firms face the same risks. Firms in tropical or subtropical climates, as well as bordering regions face the threat of hurricanes and tropical storms. Other parts of the country face other meteorological challenges. Western States face wildfires. Rural areas deal with weather and infrastructure risks. Identify and assess disaster risks which affect your business. Some of these include local property issues due to fire and flood. This year introduced all of us to Global Pandemics. Even routine communication outages, utility problems, and localized construction can pose unique challenges. Cybersecurity poses a huge challenge, as well as Vendor Supply Chain Risks.
Determine critical processes, records, and resources.
This includes key standard operating procedures, or SOP’s, as well as Cloud & Local Access to these processes. Cloud & Local Access to CRM’s require attention, and as we have learned this year, Remote Work Guidelines must be established, managed and monitored. Hardware requirements for critical team members should be addressed, as well as HR Policies for non-insured, unfunded employee benefits. Password storage and recovery should also be assessed and addressed.
Specify backup and off-site storage procedures.
What business records need to be protected and accessible? Are Client Records securely available from remote locations? Are your Hard Drive & Server Backups protected and accessible as well? Check to make certain data is stored at multiple locations.
Data security refers to the protection of data from unauthorized access, use, change, disclosure and destruction and includes network security, physical security, and file security. Note: Data storage refers to holding your data files in a secure location that you can readily and easily access. Data backup, in contrast, refers to saving additional copies of your data in separate physical or virtual locations from data files in storage.
Test and maintain the DRP.
Define the most likely scenarios your firm could face, and test against those scenarios. Identify Objectives & Success Metrics for each scenario. Then test the plan. Can you execute if your traditional resources are not available?
Communication.
Your DRP should be communicated to all team members in advance, with specific training in their individual roles and responsibilities. The plan needs to clearly outline who is responsible for each function. The plan is only as effective as it is clear who owns what.
Conclusion
Make clients aware of the fact you have a plan as a way to increase their peace of mind. It is 2020 so everyone is thinking about these things. Also communicate with vendors and affiliated companies, paying particular attention to their role in your plan. It is important that the disaster recovery plan is clear and concise, focusing on key functions required to protect the services of your business. It should be tested, reviewed and updated on a regular basis.
A Disaster Recovery Plan provides the foundational security required to protect your enterprise value. It can also contribute to your long-term success.
With a DRP, your business stands a better chance of maintaining service delivery and business continuity. Ultimately, it helps ensure you cover your bases and makes sure your business has what it needs to — safely — keep its doors open.