8 key elements of an effective disaster recovery plan

Register now

When we see natural disasters on TV or read about them from afar, it’s often difficult to completely understand the health data security vulnerabilities associated with this issue, particularly when it comes to working with a healthcare organization’s managed service provider in the time of crisis.

And yet, as the Southeast U.S. continues to recover in the aftermath of Hurricane Florence, it’s important for IT leaders to consider the effect hurricanes and other natural disasters have on healthcare information needs - both now, in the future and before the next challenge strikes.

The sobering fact is more than half of organizations (58 percent) are not ready for a major loss of data. In fact, 60 percent will go bankrupt within six months, according to data from Washington, D.C.-based research firm Clutch. Also, according to the statistics compiled by Clutch, cloud backup is on the rise, with:

  • 84 percent of the organizations that have already adopted cloud backup having implemented both on-premises and cloud backups;
  • 68 percent of cloud backup business customers testing their backups at least once per month; and
  • 78 percent of small businesses planning to use cloud-hosted backup by 2020.

Taking on DR Intelligently

Since disaster recovery is of such high value to an organization, it helps to strategize how best to implement it. After all, it’s far easier to return to balance when the potential of business disruption is already planned for.

In order to prepare for a disaster, organizations need a strong DR plan and must be willing to go beyond above and beyond it in implementation. Not only should a company build its core processes into a DR plan and have a team that is designated for DR tasks but it should also perform a risk assessment to best determine what challenges might arise and how dangerous each of those elements is.

One way to do this is through security penetration testing, in which an organization tests its system’s security by trying to exploit its weaknesses.

Since disaster recovery is extremely important in healthcare compliance and other regulatory industries, it is best to also incorporate compliance into security and DR planning.

What to Include in a DR Plan

Beyond those general approaches, here are some of the most critical components to include in a disaster recovery plan:

1. A business impact analysis (BIA)

A BIA will help determine what the possible impacts are of a human-generated or naturally produced disaster on the operations of an organization, per Gartner.

2. People

It is a common mistake to excessively focus a plan on the hardware and software instead of the human element. Think about how you want your staff to respond following a disaster. Think about what they will need to have in place so business can return to normal as soon as possible.

3. Location

It’s important to know where software will be running if the event of an emergency. It underscores the importance of pairing a physical environment with a cloud environment.

4. Mass notification

It’s vital to have the capacity to send out updates to everyone on staff via mobile alerts, text messages, and email. Via their mobile devices and laptops, employees should have access to incident management procedures so they are able to properly respond.

5. Evacuation plans and exits

Think about evacuation protocols and how to get customers and staff into shelter safely, Make sure evacuation routes are marked clearly, and conduct drills at regular intervals to best prepare in the event of an emergency.

6. Supply chain contacts

Include contact details for all vendors - and an alternate set of suppliers - in a DR plan to avoid any unnecessary gaps in communication or service, and to keep the lines of communications open as developments transpire.

7. Disaster payroll and accounting processes

Regardless of a disaster, payroll and invoices must be protected. Choose an independent payroll service and a cloud-hosted accounting system. Business interruption insurance is a good idea too.

8. Continuous data protection

It is essential to have a high-quality infrastructure behind any disaster recovery plan. One way to protect an organization is with continuous data protection (CDP), to avoid losing data in the first place. A managed CDP Backup keeps a set of freshly saved information available for quick and easy access.

The need for a comprehensive disaster recovery plan is clear - from the importance of mission critical data to the business impact that the loss of such data could cause. Since it is possible to have a disaster completely take an organization by surprise and to, in turn, lose thousands or millions operationally and economically, it is a critical, and basic, business need to have a DR plan ready to implement.

For reprint and licensing requests for this article, click here.