It can only take a minute to destroy what business owners have worked long and hard to create. In light of recent natural disasters such as Hurricane Katrina or Tropical Storm Erin, thousands of businesses have lost data critical to their ability to function.According to the Institute for Business and Home Safety, an estimated 25 percent of businesses do not reopen following a major disaster, and of those that do recover, half of them go out of business within two years.1

 

Despite this, some businesses put disaster recovery planning on the back burner, preferring to take a reactive approach. More disheartening is that many executives do not see disaster preparedness as a priority. In fact, a recent Harris Interactive survey found that only 49 percent of business executives believe disaster recovery and business continuity are very important or crucial to business success, compared to 71 percent of IT managers - showing a glaring disparity in priorities between IT folks and those who are not managing the data.2
 
When looking at the impacts that a hurricane, a blackout, an earthquake, flooding or other natural occurrences can have on a business and its data, it is crucial that a proper disaster recovery plan be put in place. The up-front investment of time, money and resources may seem unwarranted at first, but as the old saying goes, “It is better to be safe than sorry.”

 

Formulating a Disaster Recovery Strategy

 

To begin establishing a disaster recovery strategy, businesses must first conduct an audit of all information, applications and functions to fully grasp all aspects of the company. Then those involved in the disaster recovery efforts must come to a consensus on which factors are crucial to the business’s ultimate success, prioritizing what is most important and least important to the business. This includes categorizing data by importance, recovery time objective (RTO) and recovery point objective (RPO). RTO refers to the acceptable length of time the business can wait to restore the data while RPO refers to how current the data has to be to ensure business continuity or the company’s tolerance for loss of data. Department, project, application and business leaders should define the RTO and RPO for all information and applications, regardless of priority.

 

Establishing a Plan

 

Once a disaster recovery or business continuity plan has been put into concept, determine which individuals will play a role in the disaster recovery efforts and ensure that everyone has a documented plan that can be accessed in hard copy and electronic formats. And going against the dependence on email, it is important to distribute a hard copy of the plan in addition to an electronic copy in case email is inaccessible for any amount of time. Becuase one can never anticipate when a disaster might occur, it is not likely that all steps and procedures will be recalled and to ensure an efficient and timely response, executives and others within the company will rely on these predetermined steps. A designated employee should be charged with reviewing the disaster recovery plan on a quarterly basis to ensure all contacts, data needs, applications and other aspects are current and relevant and that any changes to the plan have been communicated in hard and soft copy formats.

 

Determining Staff Utilization

 

A final step in developing a disaster recovery plan is determining how to best utilize staff.Businesses should prioritize who will work on what portions of the recovery based upon the employee’s skill set, physical location and accessibility. For example, in larger companies spread across the country, or the globe, the most appropriate person to tackle one task might be located hundreds of miles away from the issue. Evaluate whether or not another person could take their place and if not, decide on a contingency plan if that person is not able to make it to the site in a timely or necessary manner.

 

Once roles are established, determine how staff will gain access to the required resources to initiate a recovery. Is the information stored in more than one location? Will the appropriate people be able to access the location? How will your business address the disaster if applications are available in more than one location? Will these locations be accessible? It is critical to process and answer these questions before a disaster occurs to help eliminate any confusion at the time of the crisis and reduce the amount of time that service or business may be interrupted.

 

By implementing a disaster recovery plan, businesses increase their chances of remaining in business following a disaster. Planning makes certain that business-critical data remains safe and secure, while also providing business leaders with the piece of mind that they will be able to recover from any financial losses and business interruption.

 

References:

  1. Institute for Business and Home Saftey. "Open for Business: A Disaster Protection and Recovery Planning Toolkit for the Small to Mid-sized Businesses." Institute for Business and Home Saftey, 2007.
  2. Harris Interactive, Inc. "Harris Survey Examines Current Attitudes to Disaster Recovery, Business Continuity and Information Availability." Harris Interactive, April 24, 2007.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access