Most businesses know that success requires planning. Whether it’s a 5-year growth strategy or the next product launch, success isn’t random. Disaster, on the other hand, is often quite random. We’ve talked about security threats such as ransomware. The news reports from this past week confirm that a disruption of IT infrastructure can happen without warning. But there are other threats that are less sensational but just as devastating. A fire. A broken water pipe. These random events not only can damage your equipment but also prevent your employees from even entering the building for weeks. The Federal Emergency Management Agency reports that 40% of businesses do not reopen following a disaster. Even if a business is able to reopen quickly after a disaster, the impact continues. The US Small Business Administration found that 90% of companies fail within two years of a disaster. What are you doing to make sure your company is in the 10% that survive? We can’t eliminate disasters, nor predict when they will occur. That’s life. The goal needs to be business continuity: the ability to continue to deliver products and services at acceptable levels following a disruptive event. Another way to describe it is resilience: the ability of a business to withstand, adapt, and thrive in the face of shocks. Businesses that are resilient can roll with the punches and keep critical business processes running while waiting for the disruption to be resolved. The foundation of business continuity is a disaster recovery plan. When disaster strikes, you don’t have time to start planning. You need to have a plan in place that is ready to execute at a moment’s notice. We see examples of this all around us. Let’s look at a football team that is running out of time, needs to score a few more points to win, and the quarterback was just sacked on third down with a lot of yards to goal. The team already has a list of plays to choose from: a long pass, an on-side kick, even a trick play. The team has already practiced executing these plays so they are all familiar with their specific roles – no one needs to be taught what to do during the moment of need. The coach chooses a play and everyone executes according to the agreed-upon plan.
How many plays are in your business’ disaster recovery playbook? How often do you review the plan in practice? If disaster strikes, how many of your employees would know what to do?
If you didn’t like the answers you gave to those questions, it’s time to get a plan. Here’s an overview of the five key steps you’ll need to undertake to get a disaster recovery plan in place.
Step 1: Identify Critical Business Components
The first step in creating a disaster recovery plan is to identify the components and processes that are essential to keep the business running. Revenue is the lifeblood of any company, so what is required to deliver products to customers and receive payment? That could include inventory systems, shipping processes, and payment systems. How long could manufacturing be shut down before you ran out of inventory? As you move further away from the customer, urgency probably diminishes. Your business can probably survive longer with the Research & Design department not functioning than if Payroll or Purchasing were not functioning. Each business will be different, which is why you need to create a plan that is customized for your business. During a disaster, you have to prioritize and focus on protecting the most essential parts of your business.
Step 2: Identify Compliance Requirements
Chances are, your business has regulatory compliance requirements. Some industries like healthcare and banking have strict guidelines, but even payment processing systems and insurance policies have compliance guidelines that must be followed. It’s critical that you remain compliant during the disaster recovery process. If your company leaks personal payment information during a disaster, no one will care that your business was trying to keep the doors open during a disaster. Does your data backup and disaster recovery plan adhere to security and privacy requirements? If you have to move from on-premise servers to cloud-based servers, can you do so while meeting all your regulatory requirements? The time to do the research and answer these questions is before you begin developing your execution plan.
Step 3: Develop Your Return to Operation Plan
Now that you know what systems you need to prioritize, and what compliance requirements you must maintain, you can now begin to craft your plan on how to return to operation. Which servers are the most critical? How frequently are they backed up? Are there multiple backups stored in different locations? Have those servers been virtualized so that during a disaster the backups can be quickly deployed on alternate hardware? Are there already contracts in place that will allow you to quickly deploy a replacement infrastructure? What will employees do if they don’t have access to the workplace? Is their data backed up regularly? Is their data accessible from the cloud? How do you manage, recover, and restore employee computers if your main site has been closed due to a fire? These are all issues that need to be planned out in advance, so that when disaster strikes you already know what to do.
Step 4: Make Hard Tradeoffs
We’ve all heard the saying: “You can have high quality, fast, or cheap: pick two.”
When Wall Street was closed after the 9/11 attacks, financial institutions were prepared. They had backup locations with duplicates of everything they used in lower Manhattan to run their business, and they were ready to resume operations quickly. It was high quality and fast, but it wasn’t cheap! There are portions of your business that will require high-quality, fast disaster recovery. There are other portions that won’t. They can function with a slower recovery time or a less resilient solution. Unless you have unlimited budgets, you will need to carefully determine how to allocate your disaster recovery budget to ensure you are investing for maximum effectiveness.
Step 5: Get a Good Coach
Sports teams know that a good coach can be just as valuable as a good player. Coaches not only bring experience and expertise, but they also bring a different perspective. They can see the bigger picture that a player may not see, and help make the tough decisions that can take a team from good to great. Chances are you haven’t had to deal with disaster recovery recently. You’re probably not aware of the latest defensive and offensive plays to help keep your business running when disaster strikes. Because you’ve invested so much of yourself into your business, it may be difficult to dispassionately assess your company’s vulnerabilities and prioritize which portions of the business require greater resources in a disaster recovery plan. Clare Computer Solutions has been coaching businesses of all sizes for over 30 years. That variety of experience enables us to give you customized solutions that address the unique requirements of your business, rather than a one-size-fits-all approach that doesn’t really fit anyone well. If you’re ready to get a disaster recovery plan in place to help ensure your business is one of the 10% that survive a disaster, give us a call.