“Unfortunately, many companies have to experience the pain of a disaster to finally understand how some forethought and planning could have mitigated an event that has devastated their livelihood.” Yes, we find it quite stunning how many businesses have little or no disaster preparation – even in today’s heightened cyber-aware environment.
Disaster Recovery Planning (DRP) covers the steps and planning needed to restore critical IT infrastructure and data from a catastrophic event (either man-made or natural) that has resulted in the partial or total loss of critical business systems. The goal is to minimize the effects of a disaster and its ramifications immediately after the event occurs. When a disaster happens, everyone is in “emergency mode” and everyone is scrambling to recover. You need a plan, before it happens.
Business Continuity Planning (BCP) is often called Continuity of Operations Plan (COOP). It refers to the steps and planning needed to keep the business running during longer term outages while Disaster Recovery is taking place. Disaster Recovery may incur days or weeks of replacing lost or damaged systems, and without a BCP/COOP plan, your business is likely to be at a standstill. For many, this would be an unsustainable loss that could lead to failure of the business or bankruptcy.
Do we have your attention now? Good! Just bear in mind that this article is written as a high-level overview and does not get into all the details of BCP and DRP. Contact us for more details when you are ready to start planning.
Both are important, but if you have no disaster recovery planning in place at all and a major event occurs which results in you losing all your data, then the business continuity part of it becomes very difficult if not impossible to perform. Imagine if you lost all your accounting data, payroll data, business contact information, emails and so on… For many, the loss would be insurmountable.
There isn’t room within this overview to cover Disaster Recovery Planning in depth but hopefully we can help guide you in the right direction and get you started. There are complete books covering DRP and BCP and for larger businesses it typically involves teams, dedicated IT resources; and of course, funding. For small businesses, it is often down to just one or two individuals working on a very tight budget. If anything, it is even more critical for a small business to have a plan because they don’t have the resilience or resources of a larger corporation.
It is critical to understand that even if budgeting is tight, a little planning can still reap big rewards and therefore a large ROI (return on investment). Consider this: even if a small business has revenues of several million dollars, setting aside a small portion of this to protect your assets in the event of an emergency makes a lot of business and financial sense.
Setting aside funding for a Disaster Recovery and Business Continuity Plan should be considered an investment, not an expense. If you have not grasped this yet, read the section on conducting a Business Impact Study in this article…
It’s a common belief, but bluntly speaking, no you have not. There is a world of difference between having disk or tape backups of your data and having a strategic and tested plan to rebuild your systems and network infrastructure so your employees can actually access and use that data and get your business operational again.
Raw data (such as databases) is often useless on its own. Information systems are very expensive. Purchasing a new server is only a fraction of the true cost of replacement. A new out-of-the-box server needs an operating system to boot from, licensed application software must be procured, installed and configured and you need skilled IT staff to do this. It gets expensive, fast. And all the time you are down, you are not generating revenue so the problem compounds itself. A properly executed DRP will ensure that you have the means to recover whole systems, ready to boot up complete with your original customized licensed software applications and data quickly. Of course, you will need new hardware to restore this too if the primary site was lost, but insurance should cover that for the most part if you have purchased adequate coverage.
We have already said, without a recovery plan your business could fold in the event of a major catastrophe. You may have insurance against physical losses but that will probably not cover intangible losses such as goodwill, accounts receivable, contracts and deliverables that may be difficult or impossible to reconstruct or fulfill, or for lender’s notes and mortgages that may not be fully indemnified by insurance — and a disaster could result in your workforce being out of work too, so there is often a human cost to consider.
We tend to think of only major events causing disasters and as improbable as they are, they do occur. Events such as a tornado or a fire can cause a total loss; however, it does not necessarily take a natural disaster to bring a business to its knees. Malicious cyber-attacks or damage from a Ransomware type virus for example, can destroy critical business data so badly that the affected servers might as well have burned down. A simple event such as a server update or a component failure can have the same effect, and these are much more common than (for example) a tornado or a fire.
Click the link below to purchase our newest book, “Weather the Storm in the Cloud”
It will guide you through your planning process for moving to and maintaining your DFARS 7012 compliance in the cloud.