What is an IT disaster recovery plan and do I really need one?December 12, 2018
Let’s set the scene – a huge fire leads to an entire and immediate evacuation of buildings including your business premises. There is no indication when you will be able to get back in which could have devastating consequences for your business. Would your business still be able to function smoothly with all your on-site infrastructure not available?
This is a real life scenario which happened not far from us in Weston-Super-Mare* and could all too easily happen to you. However, with a little forethought and the right systems in place, this kind of situation can be handled calmly and with limited business impact. This applies whether your business is a multinational conglomerate or a small business with only a couple of employees – all businesses should have a disaster recovery plan in place.
What is a disaster recovery plan?
In short, a disaster recovery plan is a back-up strategy which is put in place should a disaster such as this strikes your business, or if for example personnel can’t make it to work, or the building itself or equipment within it is compromised.
It is built on an assessment of possible risks to your business with strategies to manage those risks if they come to fruition. By being proactive and putting plans in place, you can mitigate any potential harm to the business by developing responsibilities and actions which would take place to get the business back up and running again as quickly as possible.
As part of a disaster recovery plan, consideration needs to be given to the IT and telecommunication systems you have in place, and if and how these could be accessed in the case of an emergency.
What ‘disasters’ should you be planning for?
Each business’ disaster recovery plan will differ, as the potential disasters that are most likely to befall them will be driven by a number of factors such as location, building type, personnel, local infrastructure and current service providers.
A good disaster recovery plan will identify what disasters could affect your business and classify them both by the probability of that event happening, and the impact if it did. Then strategies can be put in place to help protect the business in the case of that disaster striking.
So, for example, businesses built near a large river are more likely to be hit by flooding and if they are this could cause serious equipment damage. One strategy in this case (amongst others) might be to keep business critical equipment on the 1st floor or above.
Developing a disaster recovery plan
The first stage is to clearly identify a wide variety of situations that could potentially affect the business. From natural disasters to employee sabotage, it’s vital to try and consider anything that could lead to significant business impact. You may find you can do this internally, or you may like to work with a company like ourselves who have significant experience of developing these plans.
Once potential ‘disasters’ have been identified, then alternative strategies for dealing with these issues can be developed. This is where it would be beneficial to involve your IT provider if you haven’t done so already. So, for example if one of the identified disasters was a failure of your IT hardware, then one thing to consider would be whether the data stored on that hardware is backed up securely somewhere. Also do you have spare PC’s or laptops available? What about if an employee ran off with one of your laptops with access to secure data? What would you do then?
Once you are happy you have identified all potential issues and how to deal with them should they arise, then consideration also needs to be given to other factors such as: when should the disaster recovery plan be triggered, who is going to do so and how will they contact all staff?
Finally, of course, the plan needs to be written up and stored securely, where the people authorised to trigger it can access it easily even in case of disaster.
So, do you really need a disaster recovery plan?
There are often many reasons why companies don’t invest in a disaster recovery plan – one reason being that they don’t want to think or believe that something awful could happen to them. But if you are one of those companies, then it really is time to take your head out of the sand. Unfortunately, disasters can and do happen, and although disasters are thankfully rare, the time and money spent developing a plan has to be worthwhile, particularly if you consider the consequences of not being prepared.
Sadly, technological advances combined with the prolific use of the internet and social media are also causing disasters to businesses on a large scale – cyber attacks on businesses being one of them with government research published in April 2018 suggesting 43% of UK businesses and 19% of charities suffered a cyber-attack in the previous 12 months.**
Hope for the best and plan for the worst…
….a popular saying for a very good reason. Even if you never need to use it (and hopefully you never will) a comprehensive, regularly updated disaster recovery plan will offer peace of mind that you will have a plan of action for almost any situation.
If you need help writing your disaster recovery plan, feel free to give us a call – we will definitely be able to offer some advice, or if you would like more help than that then we can even manage the whole process for you.