September is National Preparedness Month. Sponsored by FEMA, National Preparedness Month aims to educate and empower Americans to prepare for and respond to all types of emergencies, including natural disasters and potential terrorist attacks. As a business owner, this is also a good time to create a disaster preparedness plan as storms, floods, earthquakes and man-made disasters can happen at any time.
More than 40% of businesses never reopen following a disaster and, of the remaining companies; at least 25% will close in two years. With much smaller resources than large enterprises small and medium businesses have a harder time recovering from virtual and physical disasters.
An ideal IT disaster recovery plan structure contains the following:
- Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
- Conduct the business impact analysis (BIA). The business impact analysis helps to identify and prioritize critical IT systems and components.
- Identify preventive controls. These are measures that reduce the effects of system disruptions and can increase system availability and reduce contingency life cycle costs.
- Develop recovery strategies. Thorough recovery strategies ensure that the system can be recovered quickly and effectively following a disruption.
- Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system.
- Plan testing, training and exercising. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.
- Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.