As organizations rely more on technology and electronic data for their daily operations, the amount of data and information technology infrastructure lost to disasters appears to be increasing. Organizations are estimated to lose revenue and incur expenses every year due to disasters, unpreparedness, and lost productivity. Measures must be taken to protect your organization from disasters.
One way your organization can prepare and protect itself from disasters is to create and implement a disaster recovery plan (DRP). Organizations should create a disaster recovery plan that can address any type of disaster. The plan should be easy to follow and understand, and be customized to meet the unique needs of the organization. Typical elements in a disaster recovery plan include the following:
1. Create a disaster recovery team. The team will be responsible for developing, implementing, and maintaining the DRP. A DRP should identify the team members, define each member’s responsibilities, and provide their contact information. The DRP should also identify who should be contacted in the event of a disaster or emergency. All employees should be informed of and understand the DRP and their responsibility if a disaster occurs.
2. Identify and assess disaster risks. Your disaster recovery team should identify and assess the risks to your organization. This step should include items related to natural disasters, man-made emergencies, and technology related incidents. This will assist the team in identifying the recovery strategies and resources required to recover from disasters within a predetermined and acceptable timeframe.
3. Determine critical applications, documents, and resources. The organization must evaluate its business processes to determine which are critical to the operations of the organization. The plan should focus on short-term survivability, such as generating cash flows and revenues, rather than on a long term solution of restoring the organization’s full functioning capacity. However, the organization must recognize that there are some processes that should not be delayed if possible. One example of a critical process is the processing of payroll.
4. Specify backup and off-site storage procedures. These procedures should identify what to back up, by whom, how to perform the backup, location of backup and how frequently backups should occur. All critical applications, equipment, and documents should be backed up. Documents that you should consider backing up are the latest financial statements, tax returns, a current list of employees and their contact information, inventory records, customer and vendor listings. Critical supplies required for daily operations, such as checks and purchase orders, as well as a copy of the DRP, should be stored at an off-site location.
5. Test and maintain the DRP. Disaster recovery planning is a continual process as risks of disasters and emergencies are always changing. It is recommended that the organization routinely test the DRP to evaluate the procedures documented in the plan for effectiveness and appropriateness. The recovery team should regularly update the DRP to accommodate for changes in business processes, technology, and evolving disaster risks.