You close your small business for the day and go home. You come back the next morning, and a leak has caved in the roof and it has fallen on your office server. If you don’t have an IT disaster recovery plan, your day is going to get much worse.
According to the US Small Business Administration (SBA) and its Prepare My Business program, 90 percent of companies fail within a year unless they can resume operations within five days following a disaster. That is an alarming statistic, and one that small businesses should take into consideration as they become more connected and their reliance on digital technology grows. With the right IT disaster recovery plan , even if there is a major disaster, server failure, security breach or data loss, you will be able to restore at the minimum, critical services in the least amount of time.
What is an IT Disaster Recovery Plan?
An IT disaster recovery plan is a process put in place for responding to unforeseen events effecting your data with a documented and structured approach and a clear set of instructions. These instructions include a step-by-step plan designed to greatly minimize the impact of any disaster and to allow your business to swiftly resume operations.
The broader terms business continuity or disaster recovery, generally describe a similar concept. They are procedures allowing you to recover from a disaster quickly so you can continue your business with minimal disruption. However, the IT disaster recovery plan refers specifically to data and other IT operations.
The other two descriptions may also apply to procedures providing for things like replacement for damaged equipment or inventory and even additional part-time or full-time help where needed.
It begins by analyzing the business process and the continuity needs of the company. It requires a business impact analysis and risk analysis to establish the recovery time objective and recovery point objective — both important when setting up the plan.
A thorough analysis of the existing digital setup is needed, including hardware, software, data, connectivity, network and more. This, of course, will depend on your business and the industry you happen to be in. The analysis should disclose the resources needed to allow the recovery of business functions and a time objective to recover those functions, as well as recovery point objective after a disaster.
The analysis will also include establishing a disaster-recovery team of employees. These should be employees with the most experience so they can be assigned with contact details and specific tasks. These individuals should be able to prioritize critical business functions and determine the speed of recovery.
Have methods of communication in the event cell towers and internet connections are down. Create a top down list so everyone can go through it until one is found that is working and connects the recovery team.
The next step involves designating a disaster recovery location where critical backup systems can be accessed allowing employees to work. For many small businesses this might be your home, hotel or the home of another business partner.
Have multiple means — phone, email, VOIP, etc. — for contacting everyone involved in the recovery process as well as for other employees, customers, vendors, suppliers, business partners, your insurance company and other resources that might be relevant for your particular business.
Make your customers aware of your emergency plan with alternative ways of getting in touch with you, placing orders, sending payments and even a backup business location. Your website is a great place to have this information.
Back up your digital information in more than one location.
Test your plan at least once a year to integrate new procedures and technologies and to eliminate those that are inefficient or no longer necessary for your business.
Who Should Implement an IT Disaster Recovery Plan?
The answer is every business, but not every business has the resources to implement such a plan with all the bells and whistles. So just having a plan and testing to see that it works no matter how small your business already puts you ahead.
However, for industries that totally rely on digital technology for their day to day operations, it is a must. And it should be as thorough as possible within the limits of your budget. Independent insurance agents, game designers, IT service providers, communications companies and others come to mind as all in need of such a recovery plan. But in reality, it applies to every business that is using computers in their operations.
As far as the reason for implementing an IT disaster recovery plan, it is the same as the reason for buying insurance for your car or home. Having it will give you the peace of mind that you will be able to recover much quicker, not if, but when a disaster eventually strikes.
If the process sounds complicated and you don’t want to implement it yourself, you can have managed business continuity service providers do it for you. The price and services vary greatly, so shop around and choose a company that is able to address the particular requirements of your business.
Businesses, no matter how small or large are now more vulnerable than ever when it comes to cyber attacks. But disasters can also come from human error or nature, and in any event you need systems to deal with those situations and manage them effectively to minimize the negative impact. An IT disaster recovery plan will let you prevent if possible, or at least anticipate and mitigate any business interruptions to your business when a problem occurs.