Disaster Avoidance and Recovery Planning

Updated: July 10, 2009

One of the most important things for a business is to have a good disaster avoidance and recovery plan. Unfortunately, it is also one of the areas that businesses spend little time or money on. Particularly, when budgets are tight, it is easy to not spend on something that hopefully will never happen. But, if a disaster does happen, all the hope in the world may not help you.

Another challenge in this area is that people often think of a disaster as a large event, such as an earthquake or fire. While these are certainly disasters, a disaster can also be as simple as a lost piece of paper (with all the corporate admin passwords on it!).

A third concern in this area is that companies usually focus on disaster recovery, but forgo planning on how to avoid disasters. You would think this is an obvious thing to do. After all, every company would rather avoid a disaster if possible. But still, this aspect of planning is often overlooked.

Good disaster avoidance and recovery planning looks across the entire organization and develops a plan that covers the gamut of issues from the macro level (i.e. HQ is destroyed) to the micro-level (i.e. a lost diskette). Further, this planning is also a fluid activity. Once a core plan is developed, it is important to revisit it regularly to ensure that it is up to date and accurate.

Regardless of the magnitude, emergencies occur anywhere, anytime, and under any condition. They can be natural, such as a hurricane or earthquake, or they can be "man-made", such as a hazardous material release, fire, power outage, or computer virus. Regardless of the origins of the incident, for the business to survive it is essential to avoid impact to critical business operations and if the interruption is unavoidable to ensure that these systems are reestablished on a timely basis.

Often the most common disaster scenarios (e.g., data loss, data corruption, software viruses, interruptions to data transmission, patch and upgrade compatibility issues, human error, etc.) can be prevented through the practical application of proven procedures and the appropriate implementation of proper configurations, system monitoring and redundancy.

DAR planning should employ a structured, verified methodology to analyze potentially vulnerable areas, define mediation, mitigation and recovery strategies, and implement those plans. Each phase includes concrete deliverables that not only form the basis for the following phases, but also serve as templates for on-going analysis and maintenance of the DAR plans.

Phase 1: Project Initiation

In the first phase of the project, the project scope is defined, key personnel are identified, and an inventory is made of the priority business processes and data. This phase sets the project parameters and establishes executive sponsorship and ownership. The project plan is introduced and refined to a level appropriate for the size of the effort. Most importantly, the team is introduced to a DAR methodology so that each member can begin to assume their role and set of responsibilities.

Phase 2: Business Impact Analysis

After initiation, a vulnerability assessment is performed. This phase focuses on which business processes are most critical to the business and which are most susceptible to interruption. The goal of the business impact analysis is to define the operational, financial and service impact of an interruption to each of the target business processes. The deliverable identifies the cost of an outage over time and hence the recovery time objective. For example, a manufacturing company may be able to keep the manufacturing process going for up to 2 hours without the company's systems. This phase also establishes a baseline for reasonable future investments in disaster recovery planning and avoidance.

Phase 3: Strategy Development

Using the information from the business impact analysis as a foundation, business continuity strategies are formulated and budgetary costs developed. The critical time frames and impacts from the business impact analysis will be used to determine which contingency strategies are viable. Additionally in this phase, disaster avoidance plans are prepared. These plans will be developed, documented and budgeted to define contingency and implementation requirements.

Phase 4: Plan Implementation

It is essential to first develop the full set of remediation and recovery plans, as described above. Few companies can afford to invest in 100% disaster avoidance, so with the complete plans from Phase 2 and 3, the company is now armed with concrete information and data for making informed decisions about their business and how to protect it. The next step in the process is for management to prepare budgets and priorities taking into account cost/benefit and cost avoidance figures. Once this step is completed, clear objectives are set forth for each system, accounting for both disaster avoidance remediation and disaster recovery planning. Teams are assigned (serially or in parallel as appropriate) to work on each system and/or plan. It is important to attend to details throughout, for an incorrect phone number or misplaced data file can derail your recovery efforts.

Phase 5: Testing and Maintenance

Last, and probably most important, through testing and training exercises, you then verify that the plan functions correctly and will be used effectively. By including tailored user procedures, you can also ensure that your staff follows a regular, certified schedule of maintenance, testing, and update procedures. Most DAR plans fail due to lack of testing.

As a last point, it is also important to develop a DAR plan that is manageable. In one circumstance, a relatively small company had a 200 page plus DAR plan. Once they developed it, nobody ever looked at it again. It was so complex and detailed that it was overwhelming. The result, they might as well not have had the plan at all. Part of keeping the plan manageable is to remember that a plan is also somewhat of a tradeoff. It balances avoidance and recovery against cost and risk. Good luck in your planning and may your business never be down.

Featured Research
  • The Role of Self-Service in Modern Contact Centers

    By 2020, 85% of customers' relationships with companies will be managed without any contact with human services representatives. What does that mean for your business? The data shows that companies need to offer effective self-service options in order to remain competitive. However, many contact centers are confused about how their core contact center software fits into self-service. more

  • 7 key questions to ask any ERP provider

    Having a fast-growing business is good. Having to overhaul your technology every time you need to scale is not. Upgrading to a more complete Enterprise Resource Planning (ERP) solution can help, but how do you ensure the solution you choose is exactly what you need? To help you with your search, we’ve pulled together 7 key questions every fast-growing business should ask before choosing a cloud-based ERP solution, including: more

  • How Finance Leadership Pays Off

    Oxford Economics recently surveyed 1,500 finance executives and it’s clear that small and midsize companies are growing significantly faster than larger companies. But, there are also big opportunities for finance to increase efficiency, boost financial performance, and work more strategically. Why is that? more

  • Professional Services Audience – Improve Profitability Infographic

    As a Professional Services Organization (PSO), you know the importance of customer satisfaction. In fact, 47% of PSO leaders say managing changing customer expectations is their top challenge. That’s why many firms are engaging smarter project management technology, even before deals are signed, to ensure project profitability. How are these leaders utilizing technology? Find out now. more

  • 9 Tips for a Compelling Video Presentation

    Face-to-face communication is the most effective way to collaborate and bring ideas to life in your business. Because of this, many businesses invest heavily in travel budgets so they can meet in person to create and nurture business opportunities. However, video technology has become more accessible, affordable, and user-friendly over the years. In fact, the enterprise video business market will reach $36.5 billion by 2018. more