5 Tips to Build an Effective Disaster Recovery Plan

In 2011 alone, the Northeast weathered a tornado, a hurricane, an earthquake and an autumn blizzard. While these natural disasters can devastate the natural environment, they can also devastate a company’s IT infrastructure. Yet, Gartner estimates that only 25 percent of small to mid-sized businesses have a comprehensive disaster recovery plan (DRP) in place.

What is a DRP?  It’s a documented process or set of procedures to recover and protect your small business IT infrastructure in the event of a disaster.

With the tornadoes, hurricanes and snowstorms that sweep through the U.S. each year, it’s critical for businesses to develop a comprehensive DRP, which can save significant amounts of time and money in the event of a disaster. Keep in mind disasters may encompass more than weather – think Internet threats and theft.

Following these disaster recovery plan tips can help you to create a DRP that addresses both human-generated threats and environmental disasters.

5 Essential Disaster Recovery Tips

1. Disaster Recovery Plan Basics

A company’s DRP should include a thorough document that details the ins and outs of the plan, from emergency contacts through succession planning. While creating this plan may require a significant up-front investment, it can prevent companies from becoming one of the unfortunate 10 percent that eventually fail because of a disaster.

2. Understanding Threats & Consequences

One key piece of developing an effective DRP is to understand the threats that your organization may face and the impact those threats can have on both day-to-day operations and your long-term business success. For example, if your company’s phone system were to fail, personal cell phones could provide a temporary solution. This is a seemingly minor challenge with a relative simple fix.

Large-scale disasters require more careful planning on behalf of the business owner and management team(s). How can business continue if a storm strikes and power goes out for more than a week?  What will happen if the data backup storage center fails?

To address these concerns in the DRP, start by creating a list of potential disasters and ranking each one based on the likelihood of occurrence. With the list and rankings complete, identify the level of impact each one would have on your business and briefly outline the specific consequences for your business. This will provide a framework for what issues you need to include in the plan.

Remember, there isn’t a one-size-fits-all disaster recovery plan. Likelihood and impact rankings will vary widely by industry, geography and company size. For example, a company in California that is located near a significant fault line is considerably more likely to experience an earthquake than a company on the Northeastern coastline.

3. Prevention, Detection & Correction

Your company’s disaster recovery plan should include three key types of measures: preventative, detective and corrective.

Preventative measures are designed to mitigate or prevent an event from happening. These measures may include keeping data backed up and off site, using surge protectors, installing generators and conducting routine inspections.

Detective measures may detect or uncover unwanted events. These measures include installing fire alarms, using up-to-date antivirus software and holding employee training sessions.

Lastly, corrective measures focus on fixing or restoring the systems after a disaster. Corrective measures may include keeping critical documents in your DRP or securing proper insurance policies.

These measures are particularly important for small businesses since a recent National Federation of Independent Business National Small Business Poll revealed natural disasters have affected more than 30 percent of all small businesses in the U.S.

4. Address Data Loss

A study by Kroll Ontrack reveals that 65 percent of organizations experience frequent data loss from virtual environments. As more companies transition to cloud-based solutions, without the proper precautions, this problem will become increasingly common.

What causes data loss? Oftentimes, the loss is due to file system corruption, deleted virtual machines, internal virtual disk corruption, storage/server hardware failures and deleted or corrupt files. The good news is that proper data backup can prevent these problems from disrupting workflow or losing key data.

If your company works with an outside vendor for its IT backup, ask the following questions before surrendering all physical access to files:

  • Who exactly is managing my data?
  • How is my data backed up?
  • What happens if you lose my data?

5. Test the Plan

Once you have created the initial DRP, it is important to test the plan. Employees should be thoroughly trained on their role(s) in executing the plan and feel comfortable fulfilling their role(s) in the event of a disaster. Be sure that all employees have virtual and remote access to these positions and job functions in the event of a disaster.

Immediately following the test, address any shortcomings or failures. Since a company’s business and IT environment are both constantly changing, it is important that you consistently update the plan to reflect these changes. This minimizes the potential for workflow interruption and data loss in the event of a disaster.

While building a DRP requires small businesses to make a significant investment of time and, in some instances, money, the DRP is critical to the continued success of the company. As the old adage says, hope for the best and prepare for the worst.

Bill Abram is founder and president of Pragmatix, Inc., which helps nonprofits, corporations and small businesses use information technology to improve business performance. A 20-year IT veteran, Bill frequently shares his insights on IT trends and best practices on the Pragmatix Blog.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!
Small Business Computing Staff
Small Business Computing Staff
Small Business Computing addresses the technology needs of small businesses, which are defined as businesses with fewer than 500 employees and/or less than $7 million in annual sales.

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.