Disaster Recovery Planning: Steps to Protecting Your Organization
Disasters come in many shapes and sizes. Natural disasters are certainly caused for concern, but chances are that disruptions to your organization are more likely to involve application, communication or hardware failures.
Properly planning for such unexpected events will not only help you respond effectively; it will also save you a significant amount of money.
What is a Disaster Recovery Plan (DRP)?
The cost structure of potential downtime will dictate many of the specific components of the DRP and where the emphasis needs to be placed. Typically, a reasonable DRP will include the following:
- formal documented sets of steps, lists and instructions needed to return to normal business operations
- instructions of a precautionary nature as well as prescribed reactions for recovery
- list of assets, key applications and data
- important details, such as locations and other relevant information
- contact information for all relevant personnel (both internal and external) and key third-party resources
The Business Cost of Downtime
Understanding the cost incurred by the organization when systems go down is crucial to the concept of disaster recovery planning. Building an effective DRP will ultimately involve cost trade-offs, so it is imperative that one understands the dollar impact of specific system downtime and loss scenarios. These costs will vary greatly between businesses of different sizes, industry types and technological complexities. In a recent study, Gartner determined that costs exceeding US$5,600 per minute are possible. When determining these costs (beyond the traditional downtime costs), be sure to consider the following:
- payroll costs of idle employees
- overtime after recovery to get business back on track
- lost revenue that cannot be recouped
- lost customer trust
Preparing The DRP
The purpose of a detailed DRP is to bring consistency and predictability to unplanned shocks to the business system.
The following is an outline of the steps required to develop your first DRP.
After the Plan is Ready
A DRP is not a static document. If left unchecked, a DRP will quickly become dated and create a false sense of security. Plan deliberate practices of the recovery procedures to ensure proper understanding and effective execution by all stakeholders. Schedule regular reviews, and update the plan as needed. If gaps are present in the plan, work to fill them as your budget will allow. Your environment will change, sensitivity to downtime will evolve, and new technologies will be released – all of which will impact the accuracy and effectiveness of your plan. For that reason, a DRP requires constant re-evaluation and modification to help ensure its success.
Disclaimer: Avisar Chartered Professional Accountant’s blog deals with a number of complex issues in a concise manner; it is recommended that accounting, legal or other appropriate professional advice should be sought before acting upon any of the information contained therein.
Although every reasonable effort has been made to ensure the accuracy of the information contained in this post, no individual or organization involved in either the preparation or distribution of this post accepts any contractual, tortious, or any other form of liability for its contents or for any consequences arising from its use.