ICFiles
SOC 2
Secure File Transfer Soc 2 starts at $1 per month
A Backup Does Not A Recovery Make
General Business News
February 2001
A Backup Does Not A Recovery Make
You open the e-mail and it tells you about all the new viruses, worms and other nasty computer bugs making their way around the computer world, but that doesnât worry you. You backup your data every night and you faithfully take the most recent backup off premises and bring the prior dayâs backup to the office the next day. Yes sir, thereâs no doubt about it, you are prepared for anything â or are you?
If you truly think you are prepared for anything to happen, youâre not. Don Edwards in his article The Contingency Planner said, âI remember early on making predictions that our entire plan would be fully tested and documented requiring only periodic maintenance within two years. Not quite! And, as most of us now know, the further we dig into the puzzle of recovery the dirtier it gets!â (Disaster Recovery Journal, Vol. 4 No. 2, p. 59.)
Unfortunately, we are living in a fluid world and change takes place at an alarming rate. What is state-of-the-art while you read this article wonât be when you finish. Worse, it seems these days there are more natural disasters and even man made disasters. You donât have to look very far to read about a hurricane, a tornado or even massive power shortages. Disaster strikes everything â not just computers.
So, how do you protect yourself? You could sell everything, move to a remote part of the earth and live off the land, but even there you have the wild animals and elements to contend with. Better you should develop a Disaster Recovery Plan that will help you move in the direction of true recovery if a disaster strikes. The following article is just a very brief discussion of some of the things to consider in creating that plan.
As we say, this article is very brief. There are, however, resources you can use on the Internet to âflesh outâ the ideas in this article. One very good source is the Disaster Recovery Journal. If you take time and review its materials, you will be forced to stopâ¦and thinkâ¦and, hopefully, act on the suggestions of this article and the Disaster Recovery Journal.
What do we mean by disaster recovery and itâs first cousin â business continuity planning? While there are differences in the specific terms as used by the Disaster Recovery Journal, we will use those terms to mean anything that adversely affects your companyâs ability to meet its customerâs needs, which in turn will help to keep both you and your customers in business. That means it could be anything from a simple loss of computer data to the complete destruction of the main operating plant. Since each scenario requires the assistance of different team members and their talents, you have to look at each risk in your operations and devise a plan to overcome the disaster.
With this in mind, letâs take a look at the various general phases of a Disaster Recovery Planning.
The first step is, of course, deciding that your company needs a Disaster Recovery or Business Continuity Plan (BCP). While you may think this is a no-brainer, many managers donât think about the possibility of the office being carried away by a tornado or some other disaster. They are just concerned with getting the job done today. Youâre also talking about a significant expense to properly prepare a BCP.
Next, you will need to develop a general understanding of the planning process and determine the scope of the project. If you are not top management, your next step will be to gain an audience with top management and discuss your ideas. Donât forget one major factor management will want to know â how much it will cost.
After you have obtained managementâs buy-in to the need for the BCP, the next step is to sell it to your co-workers. Why is that necessary? After all, the boss will tell them what to do and theyâll do it! Donât bank on it. If you are going to develop a plan to resume business when the disaster strikes, it will be an organization-wide effort. Just one person dragging their feet can bring the project down. Donât let that happen. Obtain the buy-in of your co-workers and then establish a disaster recovery committee. This committee should include representatives of all departments and especially top management. It is this committee that will ultimately define the project.
Next, you need to perform a risk assessment. What are the internal and external factors affecting your business? How can those factors, either working alone or in tandem, create a disaster that you will have to address? Donât forget there are a variety of factors to consider, including natural disasters, loss of power, strikes at a major supplier or simply the network server blowing up from all the traffic your employees send it.
Once you have identified the risks, you next step is to prioritize the operations/functions performed in each department or business function. Specifically, what are the critical functions that need to be restored first? Is it the shipping department or sales? Donât forget accounting! Hey, data processing needs to get up and running or none of those departments will be able do their job! Once you get into the process, you will quickly find there are no easy answers. The committee will have to look at all the facts and decide which has priority.
The next step will be deciding what recovery strategies are available to you. In some cases, the only recovery strategy is rebuild and hope the customer base is there when you are back up and running. Sometimes, you can obtain access to a âhot siteâ where you will have the information and facilities needed to carry on business until your own facility is operational. This alternative is particularly sensitive in financial institutions and the bank examiners regularly check a bankâs preparedness. This step will require an assessment of what facilities, records, supplies, hardware and software are available and necessary.
Determining alternative business continuity strategies will also require hard choices about how much money should be spent and where personnel are to be allocated in the event of a disaster.
After you have looked at and decided the approaches to the BCP, the hard work starts. You need to collect information on virtually every aspect of the organization. You will need to know critical telephone numbers, who to call to replace items of equipment, telephone service, software and hardware. Virtually everything that has gone into the operation of your business has a source of supply that you will need to contact in the event of a disaster.
The plan wouldnât be a plan and this wouldnât be a good article if we suggested you keep the results of all of this to yourself. You will, of course, need to document everything you have done. Then, based on the results of your work, you will need to organize the plan into a well-written document detailing the steps to take in the event of a disaster and who will be involved. This will necessarily include various scenarios and different personnel required to meet the recovery needs.
After obtaining management approval, you will need to develop criteria and scenarios to test the plan and then actually test it. Make sure you perform a comprehensive test of all functions to determine where there is a need for change. There will be a need for change on your first BCP and probably everyone thereafter.
After any changes resulting from the testing phase, top management should formally approve the plan. This will lend it credibility and weight in the eyes of other employees. It should also help you get the funding you need to properly administer the program.
The final step comes next year. When you go through all of this again â or at least a major portion of it.
Disasters occur all the time. You neednât look to far from your office to find some form of disaster â natural or man-made. If you want to maximize your profits and minimize the cost of disaster recovery, a well-written and tested plan is necessary. We can help you with your planning process. Give us a call and letâs discuss your next step.
By the way, have you tested that backup that made you feel so good in the first paragraph of this article? How do you really know itâs working?
If you truly think you are prepared for anything to happen, youâre not. Don Edwards in his article The Contingency Planner said, âI remember early on making predictions that our entire plan would be fully tested and documented requiring only periodic maintenance within two years. Not quite! And, as most of us now know, the further we dig into the puzzle of recovery the dirtier it gets!â (Disaster Recovery Journal, Vol. 4 No. 2, p. 59.)
Unfortunately, we are living in a fluid world and change takes place at an alarming rate. What is state-of-the-art while you read this article wonât be when you finish. Worse, it seems these days there are more natural disasters and even man made disasters. You donât have to look very far to read about a hurricane, a tornado or even massive power shortages. Disaster strikes everything â not just computers.
So, how do you protect yourself? You could sell everything, move to a remote part of the earth and live off the land, but even there you have the wild animals and elements to contend with. Better you should develop a Disaster Recovery Plan that will help you move in the direction of true recovery if a disaster strikes. The following article is just a very brief discussion of some of the things to consider in creating that plan.
As we say, this article is very brief. There are, however, resources you can use on the Internet to âflesh outâ the ideas in this article. One very good source is the Disaster Recovery Journal. If you take time and review its materials, you will be forced to stopâ¦and thinkâ¦and, hopefully, act on the suggestions of this article and the Disaster Recovery Journal.
What do we mean by disaster recovery and itâs first cousin â business continuity planning? While there are differences in the specific terms as used by the Disaster Recovery Journal, we will use those terms to mean anything that adversely affects your companyâs ability to meet its customerâs needs, which in turn will help to keep both you and your customers in business. That means it could be anything from a simple loss of computer data to the complete destruction of the main operating plant. Since each scenario requires the assistance of different team members and their talents, you have to look at each risk in your operations and devise a plan to overcome the disaster.
With this in mind, letâs take a look at the various general phases of a Disaster Recovery Planning.
The first step is, of course, deciding that your company needs a Disaster Recovery or Business Continuity Plan (BCP). While you may think this is a no-brainer, many managers donât think about the possibility of the office being carried away by a tornado or some other disaster. They are just concerned with getting the job done today. Youâre also talking about a significant expense to properly prepare a BCP.
Next, you will need to develop a general understanding of the planning process and determine the scope of the project. If you are not top management, your next step will be to gain an audience with top management and discuss your ideas. Donât forget one major factor management will want to know â how much it will cost.
After you have obtained managementâs buy-in to the need for the BCP, the next step is to sell it to your co-workers. Why is that necessary? After all, the boss will tell them what to do and theyâll do it! Donât bank on it. If you are going to develop a plan to resume business when the disaster strikes, it will be an organization-wide effort. Just one person dragging their feet can bring the project down. Donât let that happen. Obtain the buy-in of your co-workers and then establish a disaster recovery committee. This committee should include representatives of all departments and especially top management. It is this committee that will ultimately define the project.
Next, you need to perform a risk assessment. What are the internal and external factors affecting your business? How can those factors, either working alone or in tandem, create a disaster that you will have to address? Donât forget there are a variety of factors to consider, including natural disasters, loss of power, strikes at a major supplier or simply the network server blowing up from all the traffic your employees send it.
Once you have identified the risks, you next step is to prioritize the operations/functions performed in each department or business function. Specifically, what are the critical functions that need to be restored first? Is it the shipping department or sales? Donât forget accounting! Hey, data processing needs to get up and running or none of those departments will be able do their job! Once you get into the process, you will quickly find there are no easy answers. The committee will have to look at all the facts and decide which has priority.
The next step will be deciding what recovery strategies are available to you. In some cases, the only recovery strategy is rebuild and hope the customer base is there when you are back up and running. Sometimes, you can obtain access to a âhot siteâ where you will have the information and facilities needed to carry on business until your own facility is operational. This alternative is particularly sensitive in financial institutions and the bank examiners regularly check a bankâs preparedness. This step will require an assessment of what facilities, records, supplies, hardware and software are available and necessary.
Determining alternative business continuity strategies will also require hard choices about how much money should be spent and where personnel are to be allocated in the event of a disaster.
After you have looked at and decided the approaches to the BCP, the hard work starts. You need to collect information on virtually every aspect of the organization. You will need to know critical telephone numbers, who to call to replace items of equipment, telephone service, software and hardware. Virtually everything that has gone into the operation of your business has a source of supply that you will need to contact in the event of a disaster.
The plan wouldnât be a plan and this wouldnât be a good article if we suggested you keep the results of all of this to yourself. You will, of course, need to document everything you have done. Then, based on the results of your work, you will need to organize the plan into a well-written document detailing the steps to take in the event of a disaster and who will be involved. This will necessarily include various scenarios and different personnel required to meet the recovery needs.
After obtaining management approval, you will need to develop criteria and scenarios to test the plan and then actually test it. Make sure you perform a comprehensive test of all functions to determine where there is a need for change. There will be a need for change on your first BCP and probably everyone thereafter.
After any changes resulting from the testing phase, top management should formally approve the plan. This will lend it credibility and weight in the eyes of other employees. It should also help you get the funding you need to properly administer the program.
The final step comes next year. When you go through all of this again â or at least a major portion of it.
Disasters occur all the time. You neednât look to far from your office to find some form of disaster â natural or man-made. If you want to maximize your profits and minimize the cost of disaster recovery, a well-written and tested plan is necessary. We can help you with your planning process. Give us a call and letâs discuss your next step.
By the way, have you tested that backup that made you feel so good in the first paragraph of this article? How do you really know itâs working?
These articles are intended to provide general resources for the tax and accounting needs of small businesses and individuals. Service2Client LLC is the author, but is not engaged in rendering specific legal, accounting, financial or professional advice. Service2Client LLC makes no representation that the recommendations of Service2Client LLC will achieve any result. The NSAD has not reviewed any of the Service2Client LLC content. Readers are encouraged to contact their CPA regarding the topics in these articles.
Dynamic Content Powered by Service2client.com
SEO Content Powered by DynamicPost.net
