Disaster can strike your business at any time. Despite the risk, 75% of businesses don’t have a disaster recovery plan, which is part of an overall business continuity plan. Research from Deloitte has revealed that 90% of businesses without a disaster recovery plan fail after an unexpected event such as a natural disaster. Fortunately, there are a few simple things to keep your business running in the event of a disaster.
What is a disaster recovery plan?
A disaster recovery plan is similar to a business plan and details the steps that need to be taken to resume business in the event of a disaster. A disaster recovery plan is part of business continuity planning. A disaster recovery plan focuses on enabling an IT department to recover enough data and system functionality that would make it possible for the business to continue operating.
What is a disaster?
The word disaster indicates calamitous events like hurricanes, tsunami, and terrorist attacks. Sometimes more innocuous occurrences such as hard drive failure can be just as devastating. Common small business disasters include:
- Fire/flooding
- Computer/telecoms failure
- Cyber attack
- Key equipment failure
- People issues — illness/resignations/maternity leave
- Denial of access to the premises
- Product defects
- Bomb/terrorism threat
- Legal/regulatory action
- Loss of key staff
- Utility failure.
Whatever the potential disaster, planning ahead will reduce the impact and help you keep the business running.
Current events highlight the need for disaster recovery plans
Recent high-profile cyberattacks – including Colonial Pipeline in the USA and Channel 9 in Australia – show that no business is immune from major business disruptions. In addition, the COVID-19 pandemic has led many people to rethink their lives and careers, resulting in what has been called ‘The Great Resignation.’ In this case, essential knowledge gained over many years is leaving businesses.
Both these factors, along with many others, highlight the importance of being ready for disaster.
Start by determining risks
In order to prepare for the unexpected, start thinking about the potential things that can go wrong. This risks will be different for each business. For example, a service business that relies on large amounts of information will want to ensure that information systems have a data backup. If there is no back-up in place, and data is lost, it could mean the end of the business. A business that relies heavily on information will want to ensure that its data centres have a redundant backup.
On the other hand, a business might not rely on information as much but has other critical systems. For example, a manufacturing business would be at risk if its machinery or premises are damaged or destroyed.
The starting point of any business is to assess the risks for all areas of their operation. Look at all critical business processes and conduct a business impact analysis. After you have completed a step-by-step planning process, you can create a risk management plan that addresses the issues you uncover.
What’s included in a disaster recovery plan?
Once you have determined what the risks are for your business, you can start creating your disaster recovery plan as part of your overall business continuity plan. Typically a disaster recovery plan consists of the following sections:
- When and who can activate the plan – describes the circumstances when the disaster recovery plan can be implemented and who has the authority to activate the plan.
- Plan scope and overview – covers the scope and objectives of the plan as well as the required recovery time.
- Organisational roles – outlines who is responsible for various roles following a disaster, including management, business and facility recovery.
Processes and procedures – answers what needs to be done to recover from the disaster, including strategy and actions that will make it possible to resume business activities.
In addition to these points, information included in the disaster recovery plan can include a:
- Contact list – including key personnel, vendors and clients who might need to be contacted.
- System recovery requirements – requirements for recovering information technology systems.
- Offsite backup retrieval – the procedures for recovering backed-up data.
Command centre information – includes location details and checklists for ensuring offsite command centres are ready when needed.
Consider additional ways to protect your business
Besides having a disaster recovery plan in place, you will want to consider covering other risks that can have a negative impact on your business. This includes having the necessary insurance policies in place to cover the business premises, products and people. A disaster can include situations when a product fails or a service you provided leads to losses for a customer. A range of insurance solutions is available including public liability insurance, professional indemnity insurance, property insurance and key person insurance. A professional insurance broker can help you enhance your emergency management preparedness.
Get more information on disaster recovery, including a free toolkit with checklists, from CPA Australia. For businesses that have a big information technology focus, see the Disaster Recovery Plan at the IBM Knowledge Centre.