Following on from our post on Business
Continuity, this blog looks at planning for disaster recovery.
While
organisations should analyse critical and non-critical threats to their business
continuity, planning for disaster recovery is considering your options in the
worst case scenario, even if you have done everything possible to eliminate
critical service outages in your business activities. It is an admission that
not all threats can be anticipated, but that you can still plan a range of
effective responses to detect, prevent or react to critical threats
to the organisation to reduce their impact.
What should be in the plan?
Your plan
should specify your policy objectives; your mission (what you do), your
continuity targets (service reliability targets, system uptime perhaps), and
what you define as the levels of severity of an incident or service disruption
that would trigger a disaster recovery level response across the organisation.
The plan
should make key risk assessments of
critical threats to service continuity, and provide plans to prevent, mitigate
and respond to each threat.
The plan
should be accessible; perhaps as both a centrally located physical and
web-based staff handbook. It should specify the chain of command once disaster
is declared, and the activation plans, teams, and key staff contacts needed to
respond to events.
Particular
attention should be paid to technical systems, security and provider support
for these if systems are down; depending on your business, this might be
alternative internet access; firewalls; phone systems; CCTV; back up
generators; replicated live mirror servers; and what the provider response
times are for these systems 24x7 if all or any of the above are down.
The handbook
should also map out a chain of command during a disaster and provide sufficiently detailed procedures for various tasks to
ensure that the Disaster Recovery Coordinator can delegate effectively once an
incident is in play.
Major Threats
In our
planning these have been grouped functionally; whether premises are out of
commission due to flood, fire earthquake, war or terrorist attack or vandalism,
will not affect our practical response although the preventative measures
possible will vary according to whether a threat is the result of a deliberate
human action of a natural disaster.
Common areas
to consider are people (continuity, availability, security); premises (main
sites, backup facilities); technology (backups, security, servers, failover capabilities
when systems fail, provider response times and contacts); power (generator and
back up facilities). We say that we have redundancy in a system when we have a
back up in place; we have failover level of redundancy when one system fails
another automatically kicks in to provide service continuity.
Most
businesses should also consider financial threats in disaster planning; that
is, how you can insure or order your business to avoid catastrophic financial
risk.
The pitfalls
vary with your line of business. Professional indemnity insurance is essential
for anyone making their living by giving professional advice. Landlords should
take out landlord’s insurance which will not only cover against a nominated
loss of rent, but insure against malicious damage; if a tenant burns down a
building, normal building insurance won’t cover you. If intellectual property is a key asset, you will need both security and confidentiality agreements in place to protect this, and perhaps patent or copyright protection as well. Organisations may be
liable to large fines in some instances for failing to take action. Reliance
for most of your business with a few customers could constitute a risk to your
business that could be reduced by having more customers in more than one major
service sector. Considering how you might structure a major contract that might
not be renewed is also something that you can plan for to reduce risks to your
business.
Tests, incidents and the aftermath
The plan
should be thought of as a continuous feedback loop not unlike WHS planning that
comprises scheduled tests, detailed incident logs of problems encountered
during live and test incidents for review by management and reporting arising
to the Board (or equivalent) and recommendations for procedural or policy
changes or major investment decisions for feedback into the plan.
You should be able to track new versions of the plan from the incident logs and deliberations that led to changes to the plan.
Often it is the small things that trip you up during a disaster, and working through the detail (in planning or the aftermath) will make your responses faster and smoother in any future crisis.
