Every organization or business, regardless of revenue or staff size, needs to understand what is truly critical to keep operations going, and how long the business can function without certain elements, components or dependencies. This includes considering how long the business can survive both financial losses and reputational losses due to negative public perception. Obviously, not having a disaster recovery plan is a recipe for disaster, but just having a plan is not enough. Make sure that your disaster plan avoids certain pitfalls that may complicate disaster recovery.
Let’s be real. It is impossible to recover everything all at once. So it is imperative to establish recovery priorities and understand their dependencies. Dependencies include any component, element or infrastructure that must be
in place for other components of the process to work.
2. Impose a gag order.
Have a means to communicate with all of your employees, emergency responders and customers in the event of a disruptive event.
Consider mass notification email, SMS text, mobile alerts, social media & even old fashioned phone trees depending on the situation. Make sure the emergency contact list is available in many different forms so that it is accessible during the disaster.
Determine a way to allow employees to access incident management plans & procedures remotely. This can be via laptop, mobile device, and yes… paper if need be.
Be sure to have a means to communicate your status to clients depending on your business type. Consider Social media , it’s a great way to send out status updates to a broad audience with minimal effort.
Never underestimate the value of communication. Even if the news is not ideal, it always pays to communicate the status vs. leaving things open to negative interpretation. Consistent communication of status and recovery objectives helps to reassure, maintain trust and puts you in control of the rumor mill.
We all know that having a Recovery Time Objective (RTO) and a Recovery Point Objective (RPO) is essential in disaster planning. The RTO establishes a target for the amount of time it will take to go from the point of disaster to the point of recovery. For data infrastructure and recovery, the RPO takes into consideration the amount of time between the disaster (disruptive event) and the last complete back-up. The RPO is a measure of how much data is at risk.
That said, even the best-laid plan needs to account for additional disruptive events that may occur during recovery efforts that further delay the RTO or RPO. Two aspects of the disaster that should definitely have extended plans include physical plant and data infrastructure. Consider a disaster in which an organization can’t continue operation within its own facility due to physical damage or destruction of the building or, the inability to access the building due to damage to external roads or other public transportation. What do you do if the RTO or RPO is impossible to meet due to additional circumstances beyond your control? This is why having an extended recovery plan in place is helpful should you need to go to “Plan B.” Think of it as your disaster plan within the disaster plan.
4. Over complicate & over process the process
Don’t you just love it when the process has a process within a process? It can feel like you are trapped within the process of the process and can’t even remember the inception point. Keep the plan simple, logical and straightforward. Avoid building a plan that may actually build roadblocks to recovery by demanding too many processes or executive approvals of real-time changes. In a disaster, timing and flexibility are two key elements that you need on your side.
5. Micro-manage the disaster recovery team
In an actual disaster, people can be incredibly inventive, which can come in handy when the recovery phase requires real-time flexibility. Don’t get stuck on “the plan” or chain of command. People can be more flexible than systems or processes, especially in emergency situations. Allow some room for adaptability and have plans B,C, etc. ready to go if necessary. Understand that there may be times when recovery teams may have to make autonomous decisions or procedural changes when they are necessary.
6. Let the disaster recovery plan collect dust on a shelf
Review the plan and test it regularly. It is critical to monitor the plan to ensure its components are implemented effectively and understood by team members. A disaster recovery plan should be viewed as a living, breathing document that is routinely reviewed and updated frequently, as needed. Additionally, proactive monitoring and testing of processes and infrastructure can alert the recovery planning team to any gaps or changes that may impact successful recovery. Some business continuity experts believe that having un under-tested plan can often be more of a disaster than having no plan at all.
Every business is vulnerable to experiencing an unexpected event, serious incident or disaster that can prevent it from continuing normal business operations. A well-structured, flexible disaster recovery plan can enable organizations to recover quickly and effectively from disaster or emergency and take command of business interruption, financial impact, and even reputational loss.
Comments are closed.