How Can You Prepare: The Disaster Prevention & Recovery Plan
To help you begin preparing, you should ask yourself a few questions concerning, what would happen if...? Do not just think of what could happen in the near future, but also the possibilities of the long term. For example, what if the industry of your business went through a recession in twenty years from now? Also, look at the issues of, say, global warming: will this effect your business? How mould you react to another petrol crisis like the latest in 2001?
When listing potential disasters, the attitude you should not take is, "...it will never happen": nothing is impossible as proved on September 11th 2001.
In order for you to prepare, you should compile a ‘Disaster Prevention & Recovery Plan’ to reduce the risk of such events and minimise the amount of loss that could result. Although the creation of the plan will be detailed to you in more clear steps, it should identify all potential disasters with a view to your facilities, industry and geographical location. It should also outline actions to take before, during and after a disaster has taken place to ensure a quick and cost-effective recovery.
Who Should Get Involved In Making The Plan?
You should include the top level management (if not yourself) to develop the plan with the assistance of all key functional area managers/supervisors/staff. It would further be advised to
use a consultant who specialises in such an area to integrate their expertise into the plan. Employees should also participate as they may identify areas of threat that are unknown to you.
Management should determine the maximum length of time they would expect the business to be disrupted for each case, and the amount of money they are prepared to invest to provide back-up for potential losses. The management should also be responsible for prioritising tasks and actions within the plan and to make sure that they are completed effectively throughout (not forgetting to cover for the loss of the disaster organizer).
The time taken to complete the plan should not be restricted and you should take as much time as necessary. It is an important job and is therefore worth making a priority to those tasks that can be temporarily overlooked. Once the task has been completed, it shouldn’t be seen as something that is “done and dusted”. It should be seen as an on-going commitment that needs the direct attention of everyone involved.
Formatting the Plan
The layout of the plan should be consistent throughout so that it can be easily followed and modified when required. This is particularly important if more than one person is writing the plan so that they do not change the format to their preference. The different sub-headings of the plan should be made clear and stand out for easy reference.
Keep the plan down to less than c. 20 pages in length otherwise you’ll find that most people will be put off reading it. A copy of the plan should be kept by all key personnel in your business.
Using a Risk Assessment
A risk assessment will (1) identify and evaluate the potential level and areas of business disaster and (2) the impact it would have should anything happen. The assessment can therefore be split up into these two categories. When evaluating the risk, do not waste time trying to determine the probability of something happening: instead use a rating system although there are many variations of doing this.
The assessment should be carried out for each function of the different areas (or departments) of your business, and every potential disaster should be included. Those things at high risk can then be identified.
Use a ‘Low, Medium, High’ rating to determine the level of threat for potential disaster. Example: Low: Small chance but unlikely, to High: Could happen at any time.
Use a ‘1-5’ rating to determine the level of impact if the disaster happened. The level of impact will be determined by the amount of information that could be lost or the machines/facilities that could be damaged therefore putting a stop to operations.
Example:
1: No impact - business can carry on as usual
2: Short-term impact – 1/2 hours
3: Medium impact - operations of the business could be stopped for up to 24 hours
4: High impact – more than one-day, less than one-week
5: Extreme impact - possible relocation or complete business failure
When evaluating, you should consider the following to give a more accurate rating:
The frequency of the disaster occurring
The advanced warning of the disaster
The safety of the information/machinery/facilities concerned
The duration of the disaster
The consequences of the disaster
The financial loss that would result
Depending on your location, the threat of disasters will vary but the most common threat that you should consider is breakdown, crime, vandalism and fire. The amount of on-line computer crime is also increasing including fraud, theft and hacking, and is becoming a huge threat for web site based companies.
Article Index
1
Introduction2 Disaster prevention
3
Recovery strategies4
Benefits of preparing
