Disaster recovery is something that’s planned and usually not something that happens.Studies in the U.S. and the U.K. have shown that when a disaster occurs in a small business causing a total loss of data or halting operations for a period of ten days or longer, fewer than ten percent of these firms survive. They may linger on for a while – in some cases up to two years, but full recovery after a disaster is rare.

Of the small percentage of businesses that do survive a disaster, most have been able to successfully implement a disaster recovery plan that was in place before the disaster struck. Putting together a workable disaster plan is a time-consuming job but a project that every organization should complete.disaster-recovery-planning

There are many kinds of disasters and while some are geographically-specific, other can happen to any business, anywhere at any time. The tragedy of the terrorist attacks of September 11, 2001 was in many ways a wake-up call that highlighted the vulnerability of businesses to forces well beyond their control or even seemingly outside the realm of possibility. No business can consider itself immune.

Natural disasters such as earthquakes, storms and floods are often related to specific areas. San Francisco has earthquakes, the American midwest has severe storms, and floods are a fact of life in low-lying flats adjacent to rivers. These kinds of disasters are relatively easy to anticipate.

Other kinds of disasters, man-made and natural, exist and aren’t related to a location or any other characteristic by which a business can be classified. Bombings have occurred in cities around the world, including Oklahoma City and London, and even if businesses weren’t specifically targeted they can be put out of business simply by being in the wrong place at the time of an attack.

Take a hypothetical financial services business that’s trading profitably and that has burglar alarms, a fire alarm and sprinkler system, insurance cover and a computer system that’s fully protected against external intrusions. It sounds safe enough, but think about some of the vulnerabilities:

– The building itself can be destroyed by an act of terrorism
– A disgruntled employee can delete data stored electronically
– The CEO can be killed in an accident
– A power outage can cause vital equipment to fail
– A key employee joins a competitor and takes half of the customers with them
– The insurance provider can be wiped out by a catastrophic event

Each of these scenarios constitutes a potential disaster for the business, and each requires a separate and effective plan of action if the business is to recover from the impact. This means developing a disaster plan that clearly identifies each possible disaster, then determines the resources, actions and other elements that will allow the business to continue trading afterwards.

The biggest problem is to keep the business going. Businesses usually need cash on a daily basis, and a plan that requires weeks to come into effect is likely to be inadequate. Time is critical and solutions need to provide adequate funds within a sufficient period of time or they aren’t really solutions.

It is possible to access “ready-made” disaster plans that are generic and are really just outlines for businesses to follow in creating their own recovery plans, but these aren’t likely to be sufficient. Every business is unique and has its own risks and its own solutions; by seeking a “one size fits all” disaster recovery plan a business places itself at a tremendous disadvantage.

The best results, regardless of the firm’s size, will be to form a team from within the business to work with an outside expert in preparing disaster recovery plans. Together they will find the answers to such questions as:

1. Which functions are critical to the business?
2. Which personnel are essential to the business?
3. What disasters can happen to them?
4. What will maintain or replace these functions and personnel if it does happen?
5. How will this be achieved?
6. Who will manage this process?
7. What will fund the costs?

Once the plan has been established it should be communicated to all key people in the business. The plan must be easily understood and capable of implementation by as many individuals as possible; the “survivors” can’t always be predicted.

The disaster recovery plan should be regularly reviewed and tested as thoroughly as possible to ensure its effectiveness. Most importantly, it should give everyone from the CEO downwards the confidence that the business will be able to continue employing them regardless of any disaster that may strike.


Copyright 2005, RAN ONE Inc. All rights reserved. Reprinted with permission from www.ranone.com.