Keep your Business in Business: Disaster-Proof Your Computer System
disaster recovery plan is a comprehensive statement of actions to be taken
before, during and after a disaster
Baldwin Register (Money Management) – Monday April 23, 2001
There is not absolute protection against sabotage to your business or the consequences of a natural disaster, such as a hurricane or earthquake. However, the Alabama Society of CPAs points out that having a disaster recovery plan in place can help minimize the disruption and possible damage to you company that can result from an unexpected disaster.
A disaster recovery plan is a comprehensive statement of actions to be taken before, during and after a disaster. The primary purpose of a disaster recovery planning is to protect an organization in the event that all or part of its operations, computer systems and services become unusable.
While most small, or even medium-sized businesses would not consider themselves targets for terrorist attack, they can be vulnerable to other types of disasters that can put them out of business temporarily – and if they’re not prepared, even permanently. Power outages, hardware, and software failures, fires, and floods are among the events that have compelled companies to declare disasters. Disaster recovery planning is about being prepared for such events to minimize the negative impact on your business.
In large organizations, the disaster recovery plan is part of a larger document called a contingency plan, which lays out how a business will approach any unusual interruption in activities. In smaller organizations, the disaster recovery plan may be the only contingency plan in place and may be the only contingency plan in place and may be a very simple document. Although disaster recovery plans van vary widely, common features include the following:
Risk Assessment – To develop an effective plan, an organization first needs to assess the risk and business needs t impact from potential disasters, including natural, technical and human threats. The plan should evaluate the safety of critical records and vital documents and determine the potential consequences to information and services under various disaster situations.
Processing and Operations Priorities – Next, it is important to consider the critical needs of an organization – that is, the necessary procedures and equipment required to continue operations should a department, computer center, main facility or a combination of these be destroyed or become dysfunctional. Once the critical needs have been documented, management can set priorities for the overall recovery of the organization based on those activities that are “essential”, “important”, or “nonessential”.
Recovery Team – a recovery plan also should list all employees and their skills which can be mobilized when responding to or recovering from a disaster.
Data Collection – It’s important to document all computer hardware and software and consider equipment replacement provisions. In addition, be sure to document the following: software and data file backup and retention schedules; off-site storage locations and respective inventories; temporary locations you plan to use in the event of a disaster; and the names and contact information of your recovery team staff as well as the names and locations of key vendors.
Recovery Procedures – This is the cornerstone of the plan and outlines recovery procedures – in other words, what will be done, in what order, and by whom? It should identify the location of all backup equipment and focus on the most practical and cost-efficient alternatives for processing information should a disaster occur. In addition, it should identify who will be responsible for administrative functions, logistics, user support, computer backup, restoration an other important areas of the organization. To determine whether any procedures need to be corrected or changed, it’s vital that all recovery procedures are tested.
Finally, CPAs point our that it is important to keep several copies of the disaster recovery plan in various locations, including an off-site location, so that it is always accessible.
The Alabama society of Certified public Accountants is the professional statewide organization for CPAs, with more than 5,900 members in public accounting, business and industry, government and education.