As businesses up and down the east coast feel the effects of Hurricane Sandy, now is as good a time as any to evaluate your company’s disaster recovery/business continuity plans. These documents enable a business to enumerate, detail, and prioritize its operations to minimize the length and impact of business disruption due to a disaster such as one that took place this week. A solid disaster recovery plan anticipates all possible catastrophes, from hurricanes and earthquakes to floods, fires, and power outages. While many businesses insist that a disaster will never happen to them, this week is proof that disasters do not discriminate. Studies have shown that a staggering percentage of small businesses cease operations within two years of a major disaster.
To start, list all of your business processes, or what you do and how you do it. The list should include any and all computer systems you use, such as software and hardware necessary for your business to function. The plan should also consider facilities, vendors, and other points-of-failure. Prioritize the processes on the list in order to focus your efforts in the event of an emergency. You should also establish work-around procedures: how will you respond if the power goes out? If your facility is unavailable? If phone or Internet lines are down? It helps to have several different methods, including offline methods, to fall back on. Finally, be sure to test your plan with simulation exercises and inform all members of your organization about the policy.
GraVoc’s Information Security practice can assist with disaster recovery and business continuity plan development. We encourage our clients to take a proactive approach to business continuity, and are happy to help in any way. For more information, please visit www.gravoc.com.