Disaster Recovery Planning
From the events of September 11, 2001, the sobering facts are that disaster
recovery is a critical consideration for all companies. It is a well
documented fact that almost half of the companies that lose most of their
important records, or critical personnel due to fire, or some other disaster
fail to get off the ground again.
This is a quick summary of how to prepare for the worst.
1. Get management approval to prepare a plan, and action steps for
2. Solicit input from all areas of the company. In middle to large
companies, this is best done by forming a committee with representatives from
all areas, and/or including an outside specialist. Find out what systems
are critical, what roles fill by people are "irreplaceable",
what contingency plans are already in place, and what the business
impact of failures are on the various areas of the company.
3. In coming up with the report and action steps keep in mind the following
a. Alot of attention will focus on the IT areas, and financial
systems. All critical systems should have an automated way in which
they are backed up to a secure location on a periodic basis. Every
time the automated backup occurs, an independent process should verify that
it was done, and report to several administrative people that it was done.
b. Alot of knowledge resides in peoples heads. Redundancy of critical
data does little if you lose the people who are the only ones who know what to
do with the data. Your first priority is the safety of the people.
However, make sure that processes are documented, and make sure that multiple
people know how to recover and run critical processes.
c. Remember that electrical power, phone connectivity, Internet
connectivity, physical location, are all vital to your organization.
Identify options to deal with the temporary loss of any of these basic
d. Contact information for vendors, employees, and emergency agencies all need
to be accessible assuming the worst case scenarios. Any other pertinent
and critical documentation should be accessible as well.
e. Do not count on a human response during a disaster. It is not a
viable option to have critical information in a set of files that someone will
carry outside in the event of a fire. The first priority is saving human
4. Once approved, implement the action steps required to get the company
prepared for disaster.
5. Test all the systems in the plan. Do not wait for a disaster to
occur before finding out that the backup programs were not functioning
correctly. The plan should contain the basic steps required to effect the
6. Review the plan every 6 months. Your business is continually
evolving, and as new systems are put into place, adequate recovery systems
should be put into place as well. A regular review cycle will assure this
is happening. The plan should be updated to reflect any new changes.
Some useful links for finding out more about Disaster Recovery:
Founded in 1988 to provide a base of common knowledge in contingency
planning. DRII also administers a certification program for qualified
business continuity/disaster recovery planners.
Periodical and a central resource for technology, products, services,
information, and management strategies that support business continuity
to safeguard the physical, informational, and communication assets of a
business; ensure the safety of employees and the public; and protect the
financial well-being of the company.
An entire journal dedicated to the field of disaster recovery and business continuity.
Over 50,000 subscribers. The DRJ also sponsors two annual conferences
that pull in over 2500 disaster recovery professionals from all over the
world, which makes their conferences the largest in the entire industry.
An independent agency of the federal government, reporting to the
President. Since its founding in 1979, FEMA's mission has been clear: to
reduce loss of life and property and protect our nation's critical
infrastructure from all types of hazards through a comprehensive, risk-
based, emergency management program of mitigation, preparedness,
response and recovery.
The MIT Business Continuity Plan
University of California Campus Business Continuity Planning