A disaster recovery plan is essential to the continuing operations of all businesses. As we can see with the current disaster in New Orleans, we must be prepared for anything. Days without operational functions can be utterly destructive to any business, but weeks or months are unacceptable. Companies must have a sound disaster recovery plan in order to ensure the survival of their business.
A disaster recovery plan must be in place for cities to save lives during an unexpected disaster. There are eleven disaster recovery teams in the Louisiana area, and it took nearly a week to begin the recovery (FEMA). Likewise, a contingency plan must be designed, tested, implemented, and maintained in order to sustain companies during an unexpected disaster. Disasters could include fire, flood, hurricane, any natural disaster, or things such as a hardware crash. The city of New Orleans is not the only city that does not have a sound plan; even Los Angeles has begun to review their disaster recovery plan.
In the case of a major earthquake, the mayor has stated there would be no possibility of evacuating the mass congestion of people that live in the Los Angeles area. Currently, there are no colleges or businesses located in New Orleans that are able to function outside of the city. The amounts of lives that have been lost are unimaginable, and there is no recovery in site. A business must possess a contingency plan in the case of this type of disaster. They should at the least, have a cold site or warm site to relocate to; this would ensure that the company could be functional within months at the most.
Types of Disaster Recovery Plan Templates
There are many types of disaster recovery plans; many of them can take years of designing and testing along with millions of dollars in costs. Depending on your companies size, resources and operations you must choose the most suitable plan for the company. The contingency plan can range from a gym in a far off location or a fully functional mirrored image of your organization. Your first step would be to build a business continuity management team. This team would survey the situation and make a decision on the most suitable plan. They must choose to what extent their information will be backed up, where it will be stored, how many times the media can be used, and who will transport the media.
If operation is critical, and the business would not survive for more than a few days with operating, the team should choose to use a hot site. This would provide the company with a mirror image of their organization including data, hardware, software, and all the necessities. If an organization’s operations are less critical, they should choose a warm site. This would provide an offsite location where the company could begin operations within a few days or weeks. For smaller companies with very low critical functions, they would only need a cold site. This is only a location that contains essential needs such as electricity and shelter. This would prevent the company from operating for months.
Disaster Recovery Plan Template Explained
The disaster recovery plan that the team chooses can range from very simple to very complex. This will also depend on the size and resources of your organization. The Massachusetts Institute of Technology has a sample plan which gives you an idea of areas that should be considered. After the team has been chosen, two leads must be assigned to be available twenty-four hour on call. These individuals should be accessible by phone or pager twenty four hours, seven days a week. If a problem was to occur, the lead should be contacted by pager. The individual should call the organization to find out the details and the extent of the problem.
Does the problem prevent normal access, occupation or usage of any critical parts, or does the disaster disrupt service provided by telephones, the network, or the mainframe computers? If it does not, wait until further assessment. If this occurs overnight, find out if the affected area will last into normal business hours. If the answer is yes, the business continuity management plan must be activated. The members must be contacted and they should meet at a designated emergency operations center. Once the team is together they must begin to implement the disaster recovery plan. The plan should be tested twice a year to ensure that in the case of a disaster, it will be successful (MIT).
Disaster Recovery Plan Example
The Great Lakes Chemical Corporation has based their disaster recovery plan of IBM. It is designed to minimize the monetary and operational impacts of a disaster by ensuring the continued availability of critical business systems and by safeguarding the information assets of GLCC. They have ensured that IBM will restore the business critical SAP applications from the last successful back up and provide global access to the application within the agreed 48 hours service level. They also have ensured that the data will be authenticated and then update the system with any transactional data acquired during the time from the SAP system being unavailable to the last data backup restore.
This company has created many sub plans. They have a plan for worst case interruption; this would cover a case where all computer and communication equipment was unusable. The minor interruptions plan is designed for the worst case, but also has the ability to recover from a minor interruption. They have a level of plan detail that provides for a sufficient IBM staff to implement recovery. The plan is written at a level of detail that will accommodate a staff familiar with information systems. The file backup entails all data files that are required to effectively recover all critical systems that are backed up on a regular basis. The off-site inventory plan covers the items that are available for recovery in an off site location that is sufficiently remote and will not be affected by the same event. Items off site are to be considered the only resource for recovery. The communication network plan is to ensure a recovery network is available to meet the stated requirements for critical systems processing. GLCC has performed a business impact analysis to identify the critical assets that will be affected and to what degree. This is essential for all businesses to develop a contingency plan suitable for their organization.
Disaster Recovery Plan Conclusion
Each and every company must develop a plan that is suitable for them. This can take years to accomplish, and the plan must be tested and maintained. The organization must do a risk analysis to decide on the detail and size of the plan. Obviously, you would not want to spend 10 million dollars to protect 5 million in losses. As we can see from the current hurricane disaster, a well developed plan must be in place for security. Not only are these plans essential for disaster recovery, but as Brown Forman realized this year, a hardware crash can be just as damaging. We had a hardware failure that caused the loss of 7 terabytes of data. This caused the company to go without email, all shared drives and personal drives for five days. This cost the company hundreds of thousands of dollars. Brown Forman does currently have a disaster recovery plan and a hot site in Philadelphia but this event did not warrant activation. The system was restored after four days because we were unable to locate a hard disk of that size. As you can see, all companies must be prepared for all types of disasters.