I am the biggest proponent of backing up data. Backing up data is simple, easy and is a must for businesses.
However, an IT disaster recovery plan is only a small part of an overall business continuity plan (BCP), continuity of operations plan (COOP), or comprehensive emergency management plan (CEMP).
The most important aspects of an effective disaster recovery is planning and training, which both need to be done far ahead of the event.
For example, designate several personnel who will oversee employee communication, and several that are responsible for customer communication. When developing your plan, consider your organizations vulnerabilities, which can include location, security threats, etc. Your disaster plan should include:
- Methods of contact and communication. This should include multiple methods for the entire company.
- Determine the chain of command.
- Designate disaster authorities.
- List of your alternative works spaces including primary base of command/operations.
- Data backup: This should include a detailed description on how data is backed up normally (day-to-day) and where it can be found and “turned on” for the company in an event of an emergency. In addition, there should be emergency back-up instructions in the case of evacuation or the like.
- What/where vital equipment and supplies are to keep running your business. What are the mission critical functions of the organization?
Your main goal in a Disaster Recovery Plan is to set policies and standard operating procedures (SOPs) to guide management and employees during a disaster that will ensure your organization’s survival. The disaster plan does not tell you how to do your job, but rather how to do your job in a compressed timeframe, under stress, and possibly without all your organizations resources in place.