Frequently asked questions about Disaster Recovery and Business Continuity Planning
Simply put, to survive a disaster (large or small), you need a plan to get critical data and operations back as quickly as possible. Without a plan your business can suffer lost sales revenue, lost data and loss of confidence. But beyond the IT considerations, where would your employees go if your office was flooded? Would you have a backup office space available, or a phone line that would be accessible outside the office to direct calls or messages? These are simple considerations, but ones that can start the conversation on business continuity.
Historically, it used to be that the "IT guys" had the responsibility for creating a plan. Because it was on the shoulders of the IT team it tended to deal only with network and IT functionality. While this is definitely part of the process, leaving the planning to the network/IT/IS team can leave the needs of the rest of the business exposed. So while it's good that your network is active again, you can't ignore special equipment, communications systems, work space and inventory, customer information, paper backup, receipts and critical resources. It's become clear that a disaster recovery plan must take business process into consideration so that the full spectrum of business requirements can be understood.
- 1. Stored data about customers, business processes or products.
- 2. Rely on email, phone systems or computers for keeping your business active.
- 3. Are a public company, or have investors.
- 4. Customers or partners who rely on your products and services.
- 5. If you have any company directors who would be liable for damages should a business interruption cause loss of customers, revenue or cause a business shut down.
- 6. Workspace where employees conduct their jobs.
Short answer: yes. No matter the size of the company, a BC/DR plan is smart. If you rely on your business for income, or others rely on you, it's time to consider some "what if" scenarios and put together a plan that's "right"-sized for your business.
All disaster recovery and business continuity plans include information about how to maintain important business processes, like phones or email, workspace, order processing, delivery, paperwork, people, special equipment or safe evacuation. Disasters aren't just about your workspace or your IT center, they are a combination of both.
As a public company, you are required by the SEC to have a BC/DR plan. Backing up data at a second site is not enough. A formal plan with satisfy your SEC requirements and give your business the ability to survive is any type of interruption may occur.
- Management needs to know how much time and effort is required to develop and maintain an effective recovery plan.
- Management needs to commit to supporting and participating in the effort.
- All the business functions must provide recovery requirements; not just the IT team.
- Conduct an audit of all the ways an extended loss to operations and key business functions could impact your company.
- Focus on disaster prevention and impact minimization, as well as orderly recovery.
- Select project teams that will ensure a proper balance across the organization.
- Create a continuity plan that's understandable, easy to use and easy to maintain.
- Consider how your planning activities will tie into business planning and system development processes so your plan remains viable over time.
We will develop, or support your development of a plan that's unique to your potential business interruptions. So we could include any of the following or more depending on all the factors that are unique to your business.
- Employee Strike
- Malicious or accidental employee damage to systems
- Hardware or software failure
- Theft or robbery
Disaster Recovery Planning (DRP): refers to the recovery of IT services following a major hit or service interruption.
Business Recovery Planning (BRP): a superset of DRP and refers to the recovery of IT and all other aspects of the business. This includes everything from finance to administration to engineering to manufacturing.
Business Continuity Planning (BCP): includes BRP and highlights vulnerabilities that might cause losses to your business and plans for the continued conduct of your business. These vulnerabilities can include things such as poor security procedures following a disaster or the lack of effective backup procedures.
Emergency Response Planning (ERP): includes all aspects of DRP, BRP, and BCP but adds evacuation planning, medical aid, and security issues.
Continuity of Operations Plan (COOP): refers to the preparations and institutions maintained by the United States government to ensure survival of federal government operations in the case of a catastrophic event.
This is a brief primer of some of the key terminology that is integral to understanding how you need to prepare your business in the event of a disaster. By clearly understanding this basic terminology, you are ready to take the next step and start considering how to best approach protecting your business.
But nope, they're not all expensive and we can help you put together a package that makes sense for you.
Some Software-Specific FAQs
Every organization has it's own unique set of requirements. For this reason, our products are offered with a variety of user levels, and additional optional features. As such, there is one no single "off the shelf" price. Our consultants will work with you to learn what you need to build the right planning solution for your needs, and from that the costing associated with it. It can range from a one-time purchase of under $5,000 to $25,000+ for an enterprise-level solution with addition features such as mass notification. There is no cost involved in the initial discussions and proposed pricing, so please contact us if you'd like to explore the best fit for your needs.
Shield uses encryption and security on par with that of online banking, with redundant back-ups on totally separated grids, on opposite sides of the continent. We will be happy to provide you with full details of our security & encryption measures on request, but rest assured- your data is fully secured.
Our software has been developed to be simple to learn and use without requiring weeks of training, as can be the case with some other packages on the market. We provide free introductory training via web screen-sharing sessions, and we're always available by phone & email for additional questions as you continue to use the tool and it's various functions.
Yes. Our flagship tool, "Shield", is a hosted system. So, as long as you have an internet-enabled device, you can access your plan and support documents from anywhere, anytime. In the event of an incident, you can pull up your plan on an iPhone from the parking lot.
Yes. Shield has very robust Permission controls. As the Administrator, you can specify who has read/write access, and who has read-only access. This can be done on a section-by-section basis of the plan, giving you the ability to fully customize who can see or edit sensitive areas of the plan.
This is a common request, and very achievable. As every software has it's unique structure, there is no "instant migration" to automatically import your plan into Shield, but with more information from you as to what software you're currently using and the amount & type of content, we can create a migration path to Shield that will allow you to pick up where you left off.