In the event of an actual disaster or emergency, is your company ‘at the ready’ to respond quickly and avoid expensive downtime?
You need a Strategic Corporate Disaster Recovery Plan.
Far too often, the answer is not ‘absolutely’, but rather a more unsure version of ‘we think so’. The fact is that no company can afford to wait to implement and test a strategic disaster recovery plan. In these times, vigilance is mandatory.
Following is a clear-cut guideline about what you need to do to ensure your company’s security in the event of a disaster.
Conduct a comprehensive inventory.
Your Disaster Recovery Plan should have all hardware, software and applications inventories and in order of priority. Include all technical support contract information and contact numbers.
How long can you afford to be down?
This will vary depending on your business model, but be clear that you define whether you can afford to be down seconds minutes, hours, or days without major losses. This will help you better define your overall recovery plan.
The two metrics here are RTO (recovery time objective) and RPO (recovery point objective). When you identify these two metrics you can better prioritize what’s needed to survive an emergency event.
Who is responsible for each key role?
This starts with who has the authority to declare a disaster. When roles are clearly defined, there should be no miscommunication about who does what. All third-party providers must be included in this list so they are aware of one another’s responsibilities. It’s also important to have trained back-up staff to step in for key staff if they are unavailable.
Follow a communication plan.
If it is clearly understood how communication will be executed to let employees know about a disaster, there is less chance of slowdowns. Frequent training and updates to the plan should include all employees. An agreed-upon, written process will ensure efficient action and alignment between organizations, employees and partners.
In case of emergency, do your employees know where to go?
Beyond the technical aspects of ensuring a strategic discovery plan, is the essential process for employees to know how to respond and where to go. If an alternate site is available, let them know to go there and how to get access to the systems once they arrive, and how to access the systems from that site. A map is useful to avoid any confusion.
Do your service-level agreements (SLAs) include disaster recovery clauses?
If your technology is outsourced or your systems are stored in a data center facility offsite, be sure your agreement defines each level of service in the event of a disaster.
How to handle sensitive information.
Clearly define how sensitive information will be managed and accessed once a disaster recovery plan has been activated. Ensure the protection of all operational and technical procedures in the handling of sensitive data.
Test, test, and retest.
Testing is perhaps the most critical part of ensuring your disaster recovery plan will perform when you need it. Never become complacent when it comes to testing. Even with the most perfect plan, things can still break. Looking for vulnerabilities and testing is the only way to be confident your disaster recovery plan is reliable. Test your employees and staff, too. Simulated disasters and drills help to keep everyone at their best.
Remember, preparation is the only way to ensure speedy recovery and avoid major losses in time and revenue in the wake of a disaster or emergency.