It’ll never happen to you! Or could it?
“If we’ve said it to ourselves once, we’ve said it a hundred times: we must make disaster planning a top priority if we are to prevent data loss and maintain our business continuity in times of crisis.”
Sounds familiar, unfortunately at many small companies, day-to-day operations often soak up the time that we might otherwise devote to critical disaster planning efforts. Of course, when disaster strikes, it is often too late to think about the plan that might have been.
Events, such as the huge Earthquake/Tsunami in Japan, the London bombings of 2005 and the oil terminal fire in the UK, show how huge disasters can affect hundreds of businesses and thousands of people’s livelihoods.
How many businesses can survive this sort of disaster today? Well, many more than would have survived 10 years ago, but unfortunately not all of them. There are so many facts banded about with regards to business survivability after a disaster, …94% of organisations that experience a major data loss subsequently cease trading, …97% of respondents to a survey admitted that they could not survive a system outage for more than a few hours,…36% of UK technology businesses are still without a disaster recovery plan, with 1 in 4 companies questioned having no immediate plans to implement one, …some 72% actually had a plan, but hadn’t even tested it!
Of course, it is not only the ‘big’ disasters that affect businesses, these are the ones that you hear and read about. Sometimes it’s mundane day-to-day incidents that escape the headlines, but still have the potential to put a company out of business.
For example, what about the case of the backup tapes that were so old, only random data was being copied to them. Combined with out of date software, only when a file was required for restore was the error discovered.
However, there is more to a successful Disaster Recovery Plan (DRP) that just a set of backups (tapes/disc’s/cloud)! IT systems failures, office fires, burst water pipes, power & heating failures are sadly all to often the cause of companies failing to survive. Also, do not forget the ever-present threat of Viruses, Trojans and Worms entering your IT systems via employees’ emails or web browsing.
In a 2011 global survey carried out by Symantec earlier this year about Small & Medium Business (SMB) Disaster Preparedness it was found…
- That only half (50 percent) responded that they already had a plan in place and fourteen percent did not have a plan, nor did they have any intention to create one. Also there were some differences according to company size. Fifty-seven percent of small businesses did not have a plan, compared to 47 percent of medium businesses.
- When those who did not have a plan were asked why not, roughly half (52 percent) didn’t think computer systems were critical to their business! Forty-one percent said that it never occurred to them to put a plan together, and 40 percent said that disaster preparedness was not a priority.
- The survey also found that SMB content/data information was not protected. Only half of companies surveyed backed up at least 60 percent of their data, and less than half backed up their data weekly or more frequently and only 23 percent backed up their content daily.
- For SMB’s with a disaster preparedness plan, half (50 percent) implemented the plan due to either an outage or data loss and although fifty-two percent put together their plans within the last six months, only 28 percent have actually tested their recovery plans, which is a critical component of disaster preparedness.
- Disasters can have a significant financial impact on SMB’s and also have a considerable effect on SMB customers. The survey showed that downtime also caused customers to leave with 54 percent of SMB customer respondents reporting they switched SMB vendors due to unreliable computing systems.
Full details of the survey can be downloaded from here. (You will be taken to a non Araman Consulting website to download the report).
As can be seen from the results of the survey, many SMB’s continue to leave their businesses open to risk of collapse by not implementing any Disaster Recovery or Business Continuity Plans and whilst large companies typically have more resources and time to plan for disasters, in a small business where resources and time are often in short supply, a DRP can be high on the ‘To Do’ list; but somehow never gets implemented. This is where Araman Consulting can help your business.
Using a combination of past experiences in developing DRP’s and a tried and trusted framework of documentation, Araman Consulting can deliver a thorough and effective DRP that should ensure your company’s survival following the occurrence of a disaster.
Disaster recovery is not just something to think about, it is a fundamental and indispensable part of your entire business survivability.
The Disaster Recovery Plan (DRP)
Typically there are five phases to a successful DRP.
Risk assessment – This is typically where we assess the overall potential risks to your business, evaluate them and understand how each risk may impact on your business and ultimately your profitability and discuss how they may be avoided before they occur.
Business process impact assessment – This is where we work with your managers to identify, in priority order, each of your critical business processes that if interrupted could cause significant impact to your profitability. This is so that you can identify which of the business processes need protection, how that protection can be realised and in which order. We also review any DRP plans you may already have in place.
DRP strategy and plan – This is where we determine what actions are needed (by company personnel or technology intervention) when different types of disasters strike. Such as identifying who are the key stakeholders that know your business and what their actions should be in case of a disaster occurring. How quickly can backups be retrieved and reloaded? How to ensure that your IT systems move over to alternate power or communication lines etc. Of course, the list of items is not exhaustive. From the strategic plan come the detailed policies and procedures needed to ensure that your business would survive a disaster.
Implementation – This is where the DRP policies and procedures developed in the above phase are tried and tested, revised and improved. This is also where company personnel are made aware of the importance of their own roles in the overall DRP, including any training that is required. Also it is this sense of ownership and involvement that will increase the assurance of your DRP being successful.
Maintenance – As we mentioned previously, a DRP is not just a one-off event to be implemented and put on a shelf. Just like a business that must change to meet its market needs, the DRP must also be constantly reviewed and updated to reflect those business changes. Part of the maintenance must also deal with DRP testing. A DRP is only as good as the next time it has to be used, so updating and testing must be carried out whenever the need arises.
Of course, there are many additional items that need to be addressed under the above headings, which Araman Consulting would be pleased to discuss with you and your company.
Please feel free to contact us for further information.