Recent weather events underscored the need for many businesses to evaluate their disaster recovery contingency planning. The implementation and successful testing of such plans can spell the difference between business continuity and expensive/extensive downtime during and following a disaster.
Why it’s Important
A business relies on their computing systems, transactional capabilities, and informational assets in order to survive as an entity. Without the functionality and availability of computing systems, the business will not be able to operate and cease to exist. Such disasters can be in the form of power outages, system outages, weather events (hurricanes, earthquakes, tornadoes, floods), manmade events (terrorism, bomb threats, or sabotage), fire or gas explosions, that disrupt or shutdown the current business operation. A robust Disaster Recovery/Continuity Program ensures that a business can recover their computing systems and operational capabilities from disruptive occurrences. In addition, regulatory requirements (e.g. HIPAA Security Rule, PCI, Sarbanes Oxley) mandate entities to maintain and test their Contingency/Recovery plans. Note that the existence alone of a Disaster Recovery/Contingency plan does not suffice. Plans need to be tested on a regular basis (at least annually) to ensure the effectiveness of the plan and full business functionality can be achieved.
How We Can Help
We have a staff of highly experienced Disaster Recovery professionals who provide expertise in helping organizations develop, test and maintain a Disaster Recovery/Continuity programs. We offer a catalogue of services that range from reviewing existing plans, to helping organizations draft a policy and procedures, to building and managing an entire program to include the following tasks:
- Develop and execute a Business Impact Analysis (BIA) to identity and prioritize an organization’s critical systems
- Identify Recovery Time Objectives (RTO), Recovery Point Objectives (RPO)
- Identify and build the Disaster Recovery team
- Draft and implement the Disaster Recovery policy and plan
- Develop testing protocols starting with tabletop exercises, then simulation, then simple D.R. tests (swinging and activating the network) and finally complete Disaster Recovery tests to ensure full functionality
- Coordinate and manage live Disaster Recovery tests
- Post Disaster Recovery tests follow up and maintenance to improve overall program
Potential Risks
The greatest risk of an organization lacking an implemented and tested Disaster Recovery plan is cessation as a business entity when a disaster occurs that render operations unrecoverable. A company lacking a tested Disaster Recovery plan risks violating compliance requirements from regulatory statutes (e.g. HIPAA, Sarbanes Oxley, PCI) and incurring fines/penalties. A business entity without a tested Disaster Recovery plan in place risk the loss of existing and potential clients due to either contractual requirements or loss of confidence. Lastly, an organization without such a plan risk bad publicity and loss of goodwill.