Disaster Avoidance and Recovery Planning

Updated: July 10, 2009

One of the most important things for a business is to have a good disaster avoidance and recovery plan. Unfortunately, it is also one of the areas that businesses spend little time or money on. Particularly, when budgets are tight, it is easy to not spend on something that hopefully will never happen. But, if a disaster does happen, all the hope in the world may not help you.

Another challenge in this area is that people often think of a disaster as a large event, such as an earthquake or fire. While these are certainly disasters, a disaster can also be as simple as a lost piece of paper (with all the corporate admin passwords on it!).

A third concern in this area is that companies usually focus on disaster recovery, but forgo planning on how to avoid disasters. You would think this is an obvious thing to do. After all, every company would rather avoid a disaster if possible. But still, this aspect of planning is often overlooked.

Good disaster avoidance and recovery planning looks across the entire organization and develops a plan that covers the gamut of issues from the macro level (i.e. HQ is destroyed) to the micro-level (i.e. a lost diskette). Further, this planning is also a fluid activity. Once a core plan is developed, it is important to revisit it regularly to ensure that it is up to date and accurate.

Regardless of the magnitude, emergencies occur anywhere, anytime, and under any condition. They can be natural, such as a hurricane or earthquake, or they can be "man-made", such as a hazardous material release, fire, power outage, or computer virus. Regardless of the origins of the incident, for the business to survive it is essential to avoid impact to critical business operations and if the interruption is unavoidable to ensure that these systems are reestablished on a timely basis.

Often the most common disaster scenarios (e.g., data loss, data corruption, software viruses, interruptions to data transmission, patch and upgrade compatibility issues, human error, etc.) can be prevented through the practical application of proven procedures and the appropriate implementation of proper configurations, system monitoring and redundancy.

DAR planning should employ a structured, verified methodology to analyze potentially vulnerable areas, define mediation, mitigation and recovery strategies, and implement those plans. Each phase includes concrete deliverables that not only form the basis for the following phases, but also serve as templates for on-going analysis and maintenance of the DAR plans.

Phase 1: Project Initiation

In the first phase of the project, the project scope is defined, key personnel are identified, and an inventory is made of the priority business processes and data. This phase sets the project parameters and establishes executive sponsorship and ownership. The project plan is introduced and refined to a level appropriate for the size of the effort. Most importantly, the team is introduced to a DAR methodology so that each member can begin to assume their role and set of responsibilities.

Phase 2: Business Impact Analysis

After initiation, a vulnerability assessment is performed. This phase focuses on which business processes are most critical to the business and which are most susceptible to interruption. The goal of the business impact analysis is to define the operational, financial and service impact of an interruption to each of the target business processes. The deliverable identifies the cost of an outage over time and hence the recovery time objective. For example, a manufacturing company may be able to keep the manufacturing process going for up to 2 hours without the company's systems. This phase also establishes a baseline for reasonable future investments in disaster recovery planning and avoidance.

Phase 3: Strategy Development

Using the information from the business impact analysis as a foundation, business continuity strategies are formulated and budgetary costs developed. The critical time frames and impacts from the business impact analysis will be used to determine which contingency strategies are viable. Additionally in this phase, disaster avoidance plans are prepared. These plans will be developed, documented and budgeted to define contingency and implementation requirements.

Phase 4: Plan Implementation

It is essential to first develop the full set of remediation and recovery plans, as described above. Few companies can afford to invest in 100% disaster avoidance, so with the complete plans from Phase 2 and 3, the company is now armed with concrete information and data for making informed decisions about their business and how to protect it. The next step in the process is for management to prepare budgets and priorities taking into account cost/benefit and cost avoidance figures. Once this step is completed, clear objectives are set forth for each system, accounting for both disaster avoidance remediation and disaster recovery planning. Teams are assigned (serially or in parallel as appropriate) to work on each system and/or plan. It is important to attend to details throughout, for an incorrect phone number or misplaced data file can derail your recovery efforts.

Phase 5: Testing and Maintenance

Last, and probably most important, through testing and training exercises, you then verify that the plan functions correctly and will be used effectively. By including tailored user procedures, you can also ensure that your staff follows a regular, certified schedule of maintenance, testing, and update procedures. Most DAR plans fail due to lack of testing.

As a last point, it is also important to develop a DAR plan that is manageable. In one circumstance, a relatively small company had a 200 page plus DAR plan. Once they developed it, nobody ever looked at it again. It was so complex and detailed that it was overwhelming. The result, they might as well not have had the plan at all. Part of keeping the plan manageable is to remember that a plan is also somewhat of a tradeoff. It balances avoidance and recovery against cost and risk. Good luck in your planning and may your business never be down.

Featured Research
  • EHR Implementation

    More and more medical practices are selecting and implementing electronic health records (EHR) than ever before. In fact, statistics show that the number of practices who have purchased an EHR has doubled in just three years. That being said, many practices fail to prepare for their new EHR and thus do not gain the full benefits that come with implementing a solution. more

  • Selecting the Right EHR for Your Practice

    The purchase and implementation of an electronic health record (EHR) system is no small feat and is a big step for a practice, small or large, to take. Selecting your new EHR is one of the most important decisions that you will make for your practice. more

  • 8 Ways Business Travelers Can Save with VoIP

    Do you or any part of your workforce travel for work, or even telecommute? If that answer is yes, then you should be utilizing mobile VoIP. With VoIP, businesses have been found to save as much as 40% on local calls and a whopping 90% on international calling expenses. more

  • Top 10 Contact Center Tools for an Unforgettable Customer Experience

    It should come as no surprise that consumers have only increasingly become less and less brand loyal in the modern age. In fact, 89% of them have switched brands within the last year due to a poor customer experience. One of the major steps to preventing this customer churn is to invest and invest heavily into improving your customers' experience. Now the major question to ask yourself is, "of all the contact center tools available, what are the ones that I should be utilizing for my business?" more

  • The Future of ERP

    Today's business decisions are data-driven and the difference between success and failure can be boiled down to utilizing the correct data. Now more than ever, companies have access to not only robust data but consumable data as well, through Enterprise Resource Planning (ERP) software. more