Can your small business survive a disaster, natural or otherwise? If you can’t answer that with a resounding “Yes!” and have a well documented plan to back it up, we’ve got some work to do. Having a disaster recovery plan can be the difference between remaining operational, and losing the business you’ve worked so hard for.
Thankfully we’ve been around for a while and have helped many customers feel confident that their business has a backup plan, so we want to make sure you’re on the right track as well.
As a business who uses technology there are quite a few disaster scenarios that could critically impact your business and it’s important to be prepared for all of them.
This is just a general list, to put them all in front of you might be a little overwhelming.
Taking the Right Steps
A risk assessment is step 1, this is where you take the giant exhaustive list of all disaster scenarios, determine which are actually relevant to your business, and brainstorm the possible outcomes to your business from each one.
Is a hurricane a possibility? Do you have older hardware that could fail? What assets are at risk should a hurricane hit your building, or the buildings/areas of companies in your supply/delivery network? What effect would hardware failure have on you, your employees, and your customers?
These are the kinds of questions it’s important to ask, and have an answer for at the end of your risk assessment.
(Check out the FEMA website for a helpful Risk Assessment Guide)
Once potential disaster scenarios are compiled a Business Impact Analysis will help you begin to understand the consequences of each potential disaster and will give you the information needed to formulate possible recovery methods and strategies.
When developing your plan several individuals should be involved:
- Executive team - Depending on the size of your business
- IT team
- At least one member of every business department
The Goals of Your Plan
Every business’ plan will look different but each plan should have the same three goals to determine how the business, in the event of a disaster, will:
- Keep employees and critical infrastructure safe
- Keep data, applications, and proprietary information safe
- Remain running, or get back up and running as soon as possible
According to FEMA “Following a disaster 90% of smaller companies fail within a year unless they can resume operations within 5 days.” This is why having a plan and knowing exactly what is needed to keep your business operational, even if it’s just the bare minimum, is important.
Implementation and Training
Developing the plan is the hardest part, and now that it’s done it’s time to put it into action. Your plan should include any technical measures as well as training for employees.
Many technical measures will mitigate risk and keep you online and running in the event of a disaster, but these measures need to be addressed and implemented before a disaster occurs. Things like:
- Data backups - making sure they are secure and offsite
- Backup power supply
- Redundant connections
- A process for quickly replacing failed hardware
- Service contracts for critical applications
This list could go on and on and will be specific to your business, so when you look at your Business Impact Analysis to determine the outcomes of each disaster, make sure you’re also determining what proactive steps you need to take to lessen any blow and mitigate the risks of each possible outcome.
The next step in your disaster recovery plan involves your employees. When something happens to the business it’s important to remember that every employee has a part to play in either getting everything running again or keeping the business running in whatever state it may be in after a disaster.
Make sure you’re training all employees on any necessary steps in the event of a physical disaster to the building, or surrounding environment. Ensure they know how they can access pertinent information in the event of an emergency, and any additional extra steps they need to take should specific disasters occur.
It’s important to have a team, executive team or otherwise, of individuals well versed in the plan to communicate with employees and make sure they know their:
- Where to find all plan information
- What training is available to them in regards to the plan
- Roles and responsibilities during and after the disaster
- How to proceed with their jobs post disaster
This team should also be responsible for communicating any plan updates, updating asset lists, and taking note of everything post disaster.
Make sure everyone from the top down knows your disaster recovery plan and is ready to answer questions for new and current employees.
So I have my plan. Now what?
Learn it. Teach it. Improve it.
Your disaster recovery plan should be a living document. It should change as your business changes. Make sure that once a year all those responsible for the plan come together to review it and make changes as necessary. A 10 year old plan isn’t going to help when your business doesn’t looks the same today as it did 10 years ago.
Now that you have a basic understanding of how to go about creating a Disaster Recovery/Business Continuity plan it’s time to get started and give yourself some peace of mind should the worst happen. If you still have questions, please let us know on Facebook, Twitter, or give us a call!