Disaster Recovery Plans
Of the U.S. companies that are victim to a man-made or natural disaster, the Contingency Planning Research Strategic Corporation says 43% never reopen their doors and 29% are out of business within the following two years. A study by Touche Ross found that companies without a disaster recovery plan only have a 10% or less survival rate. Business owners should be seriously asking themselves whether or not they have an adequate recovery plan for disasters.
There are three crucial areas that all disaster recovery plans should cover:
Physical Resources
- The physical assets of a business, such as equipment, electronics, office furniture, and the building itself, are things that usually can’t be quickly or easily replaced if they’re damaged during a disaster. An adequate disaster recovery plan should answer the following:
- Is there at least three days’ worth of emergency supplies on hand to carry the business immediately following the disaster?
- What steps can you, should you, and will you take to protect physical assets?
- How would physical assets hold up against various disasters (e.g. flood, hurricane, tornado, fire, or earthquake)?
- Who will assess the damage to physical assets following a disaster?
- Has a list been made to prioritize the replacement of key physical assets, and what suppliers or companies should be contacted for the replacement?
- Is access available from an off-site backup system if data and electronics are damaged, and how often should backups take place?
- How will important documents and records be kept secure and protected?
- Is an alternative facility an option to resume operations if the primary location is unusable; what location and type of facility would be needed?
Human Resources
All employers know that their employees are one of their business’s most vital assets. Therefore, employee safety and the resulting personnel issues that follow a disaster should be a top priority. An adequate disaster recovery plan should answer the following:
- Have all staff been adequately instructed on the disaster recovery plan?
- How will staff find safe shelter?
- How will contact be maintained with staff during and after the disaster?
- Are current contact numbers for all staff, vendors, suppliers, and clients available at an off-site location and how will this list be maintained and updated to stay current?
- Have staff members been identified to assume mandatory or key roles should other employees not be able to resume their roles?
- Are staff members assigned to form a crisis management team?
Operation Continuity
Getting the business back up and running after the disaster is top priority. An adequate disaster recovery plan should answer the following:
- Does insurance, in particular business interruption insurance, provide adequate coverage?
- What amount of cash will be available for emergency contingency expenses?
- If the facility isn’t usable, then where should an alternative command center be located to coordinate the recovery?
- Is there an alternative list of suppliers to use in the event regular suppliers aren’t operational?
- What should be done for clients and customers during and after a disaster?
Employers might further assign specialized teams to be in charge of some of the tasks related to the above points. For example, a post disaster recovery team could manage recovery tasks like getting the business up and running quickly; an administrations team could handle areas like logistics, transportation, and emergency and survival gear; a public relations team could make public announcements and field inquires; a client/supplier communications team could advise vendors and clients of the business’s status; and an IT team could be responsible for software and hardware issues.
Remember, disasters can strike with little, if any, warning. Business owners can keep themselves off the wrong side of the statistics by being prepared and being able to get themselves up and running as soon as possible. For more on disaster recovery, please consult the FEMA Emergency Management Guide for Business and Industry. In addition, Symantec and Ponemon Institute have developed an online Data Breach Risk Calculator, helpful for assessing cyber liability and your potential exposure to data breach risk.
At Cleary, we will evaluate your business exposures and work with you to develop a comprehensive plan to safeguard your business. Give us a call today at 617-723-0700.