“Disaster Recovery” has taken on a larger meaning in recent years, expanding from technology-oriented recovery procedures to a focus on the continuation of mission-critical business processes enterprise-wide.
More often than not, the word disaster conjures up Armageddon-like images in our minds … tornadoes leveling a whole city block or hurricanes cutting power to the city for weeks. But something much smaller and more localized could impact your company’s ability to continue business-as-usual.
What if your office flooded tonight and no one could access the building to retrieve computers or paper files? What if there was a power outage that lasted two days? Would your company send everyone home or would the company be scrambling to figure out how to keep things going? What if that two days occurred during accounting close?
With an uptick in man-made and natural disasters making headlines across the country, planning for business continuity and disaster recovery couldn’t be more imperative. The good news is that companies can establish basic continuity plans without incurring significant cost and resources which in turn can make a tremendous impact on how an organization fares during and after an unlikely disaster.
Originally, the term “Disaster Recovery” was used to describe procedures and processes meant to recover and restore key computer systems. However, since these systems are meaningless without the business processes and personnel that depend on them, companies now employ a more holistic view called “Business Continuity Planning” or BCP.
Besides the obvious benefits during an actual disaster event, BCPs can provide a competitive advantage, increased confidence in the company by employees, customers, business partners, and investors, compliance with laws and regulations and potential positive impact on insurance among other value-adds.
During the BC planning process, a business impact assessment is performed to identify the company’s critical business processes and develop the priority for resuming those processes after a disaster. Next, an information technology assessment and gap analysis are conducted to compare the organization’s current system recovery abilities to management’s desired system recovery time and in turn, a disaster recovery plan is developed to address loss of power, equipment or connectivity and how users can continue working from an alternate location.
The Business Process Recovery Plan is then designed alongside a communication plan, identifying emergency response team members, roles and responsibilities. The final phase of BCP development is plan testing which reveals any weaknesses in the ability of the company to support the recovery plan. Plan testing methodologies might include a structured walkthrough, table-top exercise or simulation testing.
Business Continuity Plans require ongoing maintenance and should be updated annually or when a business undergoes change. Maintenance examples could encompass contact updates, validating that key processes are included, communicating any changes to employees and confirming the Disaster Recovery Gap Analysis is still accurate.
Is your business ready to suffer a loss you can’t afford? Stinnett’s 11 certified Associate Business Continuity Professionals (ABCP) help clients prepare for and recover from disasters or events that significantly impact staff, IT systems or facilities. Learn more about the benefits of BCP by clicking HERE.
Jennifer Brandt is a Principal with Stinnett & Associates and based in Denver, Colorado. She has over 20 years of experience in Information Technology and is involved in numerous aspects of clients’ IT risk management. Jennifer is a Certified Information Systems Auditor, Associate Business Continuity Professional and frequently sought-after speaker for the Institute of Internal Auditors (IIA), Information Systems Audit and Control Association (ISACA), Association of Certified Fraud Examiners (ACFE) and Institute of Management Accountants (IMA).