Have you ever wondered what you’d do if:
- You
could not gain physical access to your building, but the power,
computer networks, and physical facilities were all functioning?
- How would you deal with not having access for 24-48 hours?
- You could gain access to the building, but the phone/computer networks were down?
- How would your reaction change if you were told that the network would be down for 72 hours?
- You
could not gain access to the building and all power and communication
networks would be down for an indefinite period of time?
Planning
for disaster and having a meaningful resumption plan is something all
of us need, but few of us spend time on. Business resumption and
disaster recovery are parts of our job that become important only when
faced with an event that interrupts our work.
Many organizations
have individuals assigned to manage the recovery process, but it is
usually left up to the individual department or group manager to keep
the “plan” updated and fresh in the minds of employees.
A simple disaster recovery/business resumption plan is comprised of two main components.
- Disaster Recovery – refers to the continuance of IT and telecommunication services in the event of a disruption.
- This includes:
- Identifying levels of redundancy for data storage
- Determining the best location for off site storage including physical locations and cloud storage.
- Identifying
the steps necessary based on company or department wide priorities of
how and when IT and telecommunication resources will be restored.
- Department managers should work closely with their IT support staff to identify and prioritize disaster recovery services.
- Business
Resumption Plans – refers to the overall recovery strategy for business
operations when a disruptive event takes place. Managers need to
identify all of the functions preformed in each of the departments,
prioritize these functions by department, and assign each function a
recovery point objective and recovery time objective.
- Recovery Time Objective – (RTO) is the targeted duration of time
and a service level within which a business process must be restored
after a disaster (or disruption) in order to avoid unacceptable
consequences associated with a break in business continuity.
- Recovery
Point Objective – (RPO) refers to the amount of data at risk. It's
determined by the amount of time between data protection events and
reflects the amount of data that potentially could be lost during a
disaster recovery. The metric is an indication of the
amount of data at risk of being lost. This helps managers identify how
often data needs to be backed up for recovery purposes.
So the questions I ask are:
- How prepared are we?
- Do our associates know what to do in the event of a disaster?
- Do we have predetermined and established communication plans and built in routines with upper management and associates?
- Have we set up redundancies for our critical functions?
- Do we have someone we trust to send our work to in the event of a long term disruption?
Let me know what your thoughts are.