Disaster Avoidance and Recovery Planning

Updated: July 10, 2009

One of the most important things for a business is to have a good disaster avoidance and recovery plan. Unfortunately, it is also one of the areas that businesses spend little time or money on. Particularly, when budgets are tight, it is easy to not spend on something that hopefully will never happen. But, if a disaster does happen, all the hope in the world may not help you.

Another challenge in this area is that people often think of a disaster as a large event, such as an earthquake or fire. While these are certainly disasters, a disaster can also be as simple as a lost piece of paper (with all the corporate admin passwords on it!).

A third concern in this area is that companies usually focus on disaster recovery, but forgo planning on how to avoid disasters. You would think this is an obvious thing to do. After all, every company would rather avoid a disaster if possible. But still, this aspect of planning is often overlooked.

Good disaster avoidance and recovery planning looks across the entire organization and develops a plan that covers the gamut of issues from the macro level (i.e. HQ is destroyed) to the micro-level (i.e. a lost diskette). Further, this planning is also a fluid activity. Once a core plan is developed, it is important to revisit it regularly to ensure that it is up to date and accurate.

Regardless of the magnitude, emergencies occur anywhere, anytime, and under any condition. They can be natural, such as a hurricane or earthquake, or they can be "man-made", such as a hazardous material release, fire, power outage, or computer virus. Regardless of the origins of the incident, for the business to survive it is essential to avoid impact to critical business operations and if the interruption is unavoidable to ensure that these systems are reestablished on a timely basis.

Often the most common disaster scenarios (e.g., data loss, data corruption, software viruses, interruptions to data transmission, patch and upgrade compatibility issues, human error, etc.) can be prevented through the practical application of proven procedures and the appropriate implementation of proper configurations, system monitoring and redundancy.

DAR planning should employ a structured, verified methodology to analyze potentially vulnerable areas, define mediation, mitigation and recovery strategies, and implement those plans. Each phase includes concrete deliverables that not only form the basis for the following phases, but also serve as templates for on-going analysis and maintenance of the DAR plans.

Phase 1: Project Initiation

In the first phase of the project, the project scope is defined, key personnel are identified, and an inventory is made of the priority business processes and data. This phase sets the project parameters and establishes executive sponsorship and ownership. The project plan is introduced and refined to a level appropriate for the size of the effort. Most importantly, the team is introduced to a DAR methodology so that each member can begin to assume their role and set of responsibilities.

Phase 2: Business Impact Analysis

After initiation, a vulnerability assessment is performed. This phase focuses on which business processes are most critical to the business and which are most susceptible to interruption. The goal of the business impact analysis is to define the operational, financial and service impact of an interruption to each of the target business processes. The deliverable identifies the cost of an outage over time and hence the recovery time objective. For example, a manufacturing company may be able to keep the manufacturing process going for up to 2 hours without the company's systems. This phase also establishes a baseline for reasonable future investments in disaster recovery planning and avoidance.

Phase 3: Strategy Development

Using the information from the business impact analysis as a foundation, business continuity strategies are formulated and budgetary costs developed. The critical time frames and impacts from the business impact analysis will be used to determine which contingency strategies are viable. Additionally in this phase, disaster avoidance plans are prepared. These plans will be developed, documented and budgeted to define contingency and implementation requirements.

Phase 4: Plan Implementation

It is essential to first develop the full set of remediation and recovery plans, as described above. Few companies can afford to invest in 100% disaster avoidance, so with the complete plans from Phase 2 and 3, the company is now armed with concrete information and data for making informed decisions about their business and how to protect it. The next step in the process is for management to prepare budgets and priorities taking into account cost/benefit and cost avoidance figures. Once this step is completed, clear objectives are set forth for each system, accounting for both disaster avoidance remediation and disaster recovery planning. Teams are assigned (serially or in parallel as appropriate) to work on each system and/or plan. It is important to attend to details throughout, for an incorrect phone number or misplaced data file can derail your recovery efforts.

Phase 5: Testing and Maintenance

Last, and probably most important, through testing and training exercises, you then verify that the plan functions correctly and will be used effectively. By including tailored user procedures, you can also ensure that your staff follows a regular, certified schedule of maintenance, testing, and update procedures. Most DAR plans fail due to lack of testing.

As a last point, it is also important to develop a DAR plan that is manageable. In one circumstance, a relatively small company had a 200 page plus DAR plan. Once they developed it, nobody ever looked at it again. It was so complex and detailed that it was overwhelming. The result, they might as well not have had the plan at all. Part of keeping the plan manageable is to remember that a plan is also somewhat of a tradeoff. It balances avoidance and recovery against cost and risk. Good luck in your planning and may your business never be down.

Featured Research
  • Harnessing the Power of Speech Analytics

    The conversations between your customers and agents contain invaluable insights—if you have the right tools to easily interpret and act on this dialogue. Unfortunately, most organizations waste time manually mining only a subset of customer interaction data, or worse yet, do nothing with it at all. Speech analytics is an incredibly powerful tool for contact center leaders. It easily delivers real-time visibility into the full customer journey and agent responses, which are essential for driving higher customer satisfaction and business success. more

  • Budgeting for BI in 2018

    Is your business ready for Business Intelligence (BI) software? As BI software continues to improve, more businesses are moving to adopt BI sooner rather than later. Before you make that commitment though, it pays to figure out exactly how much money it will cost you to implement. more

  • Gartner Report: Gartner Magic Quadrant for Contact Center Infrastructure, Worldw...

    The 2017 Magic Quadrant provides Gartner’s annual analysis of the contact center infrastructure vendors. The report examines the innovations driving the market and compares vendors based on completeness of vision and ability to execute. more

  • Forrester Report: Artificial Intelligence with the Human Touch

    Artificial intelligence (AI) can’t replicate the human touch, but it can ease your agents’ burden by handling many simple, repetitive requests. A new Forrester Consulting paper offers a look at the strengths and weaknesses of both AI and humans independently, yet how blending them together can give your customers the seamless end-to-end experience they expect. more

  • eBook: Not All Cloud Contact Center Platforms Are Created Equal

    Everyone says they’re “in the cloud,” but most technology leaders would agree that not all clouds are created equal. When evaluating a cloud contact center solution for your business, it’s important to understand the difference between a true Cloud 2.0 application and traditional software, including which features to look for and why those features are important. more