Blogs

Plan for the Worst!

By Robert Lingard posted 08-18-2015 15:01

  

Have you ever wondered what you’d do if:

  • You could not gain physical access to your building, but the power, computer networks, and physical facilities were all functioning?
        • How would you deal with not having access for 24-48 hours?
  • You could gain access to the building, but the phone/computer networks were down?
        • How would your reaction change if you were told that the network would be down for 72 hours?
  • You could not gain access to the building and all power and communication networks would be down for an indefinite period of time?

Planning for disaster and having a meaningful resumption plan is something all of us need, but few of us spend time on. Business resumption and disaster recovery are parts of our job that become important only when faced with an event that interrupts our work.

Many organizations have individuals assigned to manage the recovery process, but it is usually left up to the individual department or group manager to keep the “plan” updated and fresh in the minds of employees.

A simple disaster recovery/business resumption plan is comprised of two main components.

  • Disaster Recovery – refers to the continuance of IT and telecommunication services in the event of a disruption.
  • This includes:
        • Identifying levels of redundancy for data storage
        • Determining the best location for off site storage including physical locations and cloud storage.
        • Identifying the steps necessary based on company or department wide priorities of how and when IT and telecommunication resources will be restored.
        • Department managers should work closely with their IT support staff to identify and prioritize disaster recovery services.
  • Business Resumption Plans – refers to the overall recovery strategy for business operations when a disruptive event takes place. Managers need to identify all of the functions preformed in each of the departments, prioritize these functions by department, and assign each function a recovery point objective and recovery time objective.
        • Recovery Time Objective – (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.
        • Recovery Point Objective – (RPO) refers to the amount of data at risk. It's determined by the amount of time between data protection events and reflects the amount of data that potentially could be lost during a disaster recovery. The metric is an indication of the amount of data at risk of being lost. This helps managers identify how often data needs to be backed up for recovery purposes.

So the questions I ask are:

  • How prepared are we?
  • Do our associates know what to do in the event of a disaster?
  • Do we have predetermined and established communication plans and built in routines with upper management and associates?
  • Have we set up redundancies for our critical functions?
  • Do we have someone we trust to send our work to in the event of a long term disruption?

Let me know what your thoughts are. 

0 comments
18 views

Permalink