It sounds quite dramatic doesn’t it? ‘Disaster’ – we don’t really like to think we will ever fall prey to a disaster, yet we might, there is always a small possibility. In the business world, we often focus on preventing and reducing risk and the difference here, with a business disaster recovery plan, is that the intention is to actually minimise the impact of the risk of disaster itself and how the business can continue to thrive, if said risk were to occur.
‘Disaster’ can refer to anything that poses a significant threat to your business operation – from natural disasters like fire or flood to fraud and theft of intellectual property or technological failure.
The plan itself is for use and reference in the event of a disaster taking place. However, the plan is likely to generate action steps. For example you may need to put certain processes and policies in place, in order for the plan to be effective. However, in its simplest form, the plan is to restore business as usual to any affected areas, as quickly as possible.
Yes, it is a bit of a doom and gloom project to undertake! However, it may well be worth it for the long term stability of your business. This is one of those times where is can be useful to have a negative mind-set! Here are some simple steps to get your disaster recovery plan in place.
Put on your pessimistic hat!
The first step required is for you to put your pessimistic hat on and think of all of the things that could go wrong in your business, and we mean ‘everything’! – What if Janet, your secretary who magically answers all of your questions when you need them, passes away suddenly. Would you know where she filed all of your important paperwork, the passwords to your databases and systems? If Janet stores everything in her head, then it is likely the information would be lost with her. Not only would you be dealing with one tragedy, you would then have the stress of another. It’s awful to think about but it is always a possibility. Another example might be if your business has trade secrets. If they were leaked by a disgruntled employee exiting your business, would your business survive the breach?
To further assist this process, your plan should focus on covering any of the following areas of risk, specific to your business.
- People i.e. sickness/death, sabotage.
- IT i.e. cyber-attack, system failure.
- Natural i.e. fire, flood.
Put on your problem solving hat!
The next step is to go through your list of potential risks and list anything that would either mitigate or prevent it being a problem in the event of a disaster. Using the example of Janet above – if she documented her processes and procedures and these were kept up to date, anyone could pick up her role and carry it out in her absence. In the second example, of the breach of intellectual property, it would be wise to ensure this was incorporated into any employment contracts and also to take out the necessary specialist insurance policies for the protection of your business.
In the event of a natural disaster or IT failure, what processes will you need to have in place to continue as normal without access to systems or indeed your office space? You get the idea.
Keep going until you have a list of actions to implement both in preparation for and in the event of a disaster.
Disaster recovery plan format
The structure of your disaster recovery plan should take into account the following element:
- Summary: Outline objectives and scope of the plan.
- Role and responsibilities: List all internal and external stakeholders and their role descriptions and responsibilities.
- Trigger: State when the plan should be triggered and when to notify stakeholders.
- Action: Detail what action needs to happen when the disaster recovery plan is triggered.
- Resources: List all documents and resources associated and relevant to the plan.
Whilst this may all sound like a bit of a headache, with quite a lot of work involved, your business is worth the investment right? After all, it’s your livelihood at stake here! We’re sure you’ll agree, the sayings it’s better to be safe than sorry is quite apt in this particular circumstance.