Risk Management Balances Cost with Speed of Recovery
A comprehensive disaster recovery plan will take into consideration different scenarios for recovery and their associated one time and annual costs. The more disaster scenarios you cover, the more expensive it will be to implement. Each scenario that is covered should include an estimate of the time it will take to bring your company's operations back online. It's not cheap, but it's like buying insurance; nobody wants to use it but you're sure glad it's there when you need it. Your budget for disaster recovery should include each of the three steps: planning, implementation and testing. Also, for each disaster scenario check with your insurance carrier to verify what is covered, what is excluded, and if recovery/relocation costs are included.
Budget for the Most Likely Scenarios
As previously stated, it is cost prohibitive to plan for each and every type of disaster that could possibly impact your business. Spend your money wisely in order to cover the disasters that are most likely to occur to your business. Take an objective look and try not to get caught up in the headlines of the day. For example, terrorism seems to be at the top of the news lately, but it is one of the mostly unlikely events to occur in the United States. If you live in the Northeast, a snowstorm is more likely to impact your business for few days. In Florida, a hurricane. Los Angeles, California, earthquakes are a real concern.
Also, budget for the physical security of your business during the disaster. This may include relocating contract employees from an area that was not affected by the disaster.
Finally, create a plan to buy the resources necessary to communicate with your employees during and after the disaster. This may include cell phones, walkie-talkies, or directions to listen to local radio stations for further instructions.
Test Your Plan Routinely to Reduce Risk
Creating the plan is meaningless if it is never tested. Testing the plan once is not enough either. Testing should be done at least annually, but it doesn't have to be a full execution of the disaster recovery plan. Individual pieces may be tested independently as long as all pieces are tested at least annually. For example, over one weekend your key IT employees could fly to your designated offsite location and ensure that your backups can be recovered in a quick and timely manner. The next month, accounting can make sure that a supply of all critical forms (paychecks, invoices, etc.) are stored in an offsite location to that is easily accessible in order to ensure the continuity of the business. Execute this methodology for each section of your disaster recovery plan at least once a year.
Check Your Disaster Recovery Plan for Completeness
As stated earlier, your business is a chain of interconnected systems. If one link is missing, the whole system may not work. Seek a trusted friend or business acquaintance that can review or your plan for completeness. Your disaster recovery plan should include: data, employees, facilities, network, communications equipment, notification strategies to vendors and a communication plan for your customers.
Take Into Account the Human Factor
Finally, all of us are human, with emotions, husbands, wives, families, homes, cars, etc. Depending upon the type of disaster that strikes, people may have other priorities at the moment. If it's a widespread disaster like a severe hurricane people may be at tending to family priorities like injuries and damaged homes. If it is a "shooter on the premises", the emotional toll on your employees may seem insurmountable. Take this into account when planning for your disaster recovery. Remember to use all assets that are available to you. It may be as simple as relocating employees temporarily from a location that is not affected.