|
|
|
WHAT A SMALL TO MIDSIZE BUSINESS SHOULD KEEP IN MIND WHEN PREPARING FOR A DISASTER: This week, Continuity e-GUIDE interviews Regina
Brassil, an expert in disaster recovery and business continuity who is
with Agility Recovery Solutions. e-GUIDE( Brassil: Absolutely. There have been several trends driving recovery concerns to the small and mid-sized business marketplace. First, the proliferation of LANs and desktops makes us all dependent on technology. Utilizing the Internet and VPNs to speak to customers, suppliers and others means we must depend on a network of telecommunications capability which is, quite frankly, out of our control. New regulations, including SARBOX and HIPAA are motivating many organizations to look at their situation. And, unfortunately, we have to consider the terror threat. Although the chances of an incident affecting any given company directly is very small, the ripple effect can be devastating. Just think of all those companies whose shipments were halted after 9-11, when the planes were grounded.
Brassil: Well, certainly everyone seems to understand that they need to protect their business. I think the dilemma lies in what they can do. The overriding feeling out there is that disaster recovery planning is for the “big guys”, not because mid-sized or small companies don’t need it, but because they feel that the solutions are perhaps too overwhelming or expensive to even consider.
Brassil: First and foremost, let’s set this expectation – every company wants to remain in business. If that is the case, every business should be looking at ways to make sure that both internally and externally, they can survive a hit. It begins at a very basic level – the data. Those of us who have been involved in DR planning for a long time consider data backup to be intuitive and basic…but it is the most important thing that any company can do to survive. There is no recovery of customer information, history or payment records if the data is lost. Protecting your data, however, is not really a function of disaster recovery, its prudent business. So my first recommendation is to find a way to efficiently and effectively back up the data. Have an automatic backup mechanism installed on the LAN, or if the business is small enough, make sure each PC is backed up at timely intervals. The time saved by not having to recreate or piece together critical company information may save the business. Consider running very critical applications, dealing with real time financial transactions, in a redundant environment. This can be a hot redundant server at an alternate internal location, or can be outsourced. However you keep the data live, it is equally important to determine how best to get the information (and the cash flow) back to normal. One important note – whatever type of data backup a company utilizes, they should be able to easily recall a single file, or their whole database. They should have the flexibility and scalability to respond to any scope of problem. Secondly, companies should have a complete record of their technology configuration for replacement. I can guarantee that most folks do not know the configuration of the PC on their desk, and if the IT personnel are not available, how do you know what your servers consisted of? This is important not only for recovery, but for insurance claims. Best scenario is to have a contract in place to ensure rapid replacement of that technology to ensure the quickest recovery possible. In a time of disaster, relying on the local PC superstore is chancy. They may have been hit with the same disaster, be out of inventory (especially in a regional disaster when there is a “run” on equipment) or not have what you need at the time. If you must make a rapid purchase in order to survive the disaster but its not what you need long term, it was a wasted purchase.
Brassil: Companies should absolutely cross train critical employees. Never have just one employee who knows how to perform company critical functions. Although no one likes to think about it, that person may not be available at the time of disaster. Most organizations should consider designating several high level employees who will have the authority to make critical decisions, especially regarding emergency disbursement of funds. After a disaster event, there are many spur-of-the moment decisions. If the only guy with authority to sign a check happens to be on vacation, a company is in a bind. From a facility standpoint, companies should perform a yearly inspection of wiring, plumbing and infrastructure. Make sure of the integrity of these systems. Companies should be aware of where water pipes run through walls, points of entry for electricity, etc., and place company assets accordingly. You would be amazed at how many company computer rooms reside under the restroom – the one place most likely to have an incident regarding water overflow or seepage. Companies may also want to look into surge protectors for all equipment, or better yet, a small UPS system that will allow them to power down all systems safely.
Brassil: Not surprisingly, we tend to think of assets as “things” – computers, facilities, and the like. Forgotten most often are the people, and how we communicate both pre- and post- disaster with our most critical asset. Therefore, communication becomes a key component of recovery planning. For instance, companies should know several ways to reach their employees after a disaster. Consider that depending on the situation, phone lines may be down or employees may have evacuated. Keep records of cell phone numbers, as well as likely “backup” numbers. Be proactive in communicating your situation to employees, as they may assume you are “closed” if they see scenes of devastation on TV. I have seen customers establish 800 lines that employees can call to get the company situation, or even email blasts and local radio broadcasts. Much like school closings on a snowy day, radio broadcasts can alert employees as to the plan of action. Of course, whatever method chosen to reach employees after a disaster has to be well known to the employee. Recognize that your employees may have suffered personal loss if home, property…or worse, may have suffered injury to self or a family member. In those cases, they may not return to work promptly. Also, be a good neighbor. If your organization can provide a community service at time of disaster, do so. It helps the survival of the local community and builds significant goodwill for your business. Companies may also want to designate several individuals authorized to deal with the media, and ONLY allow those people to speak to the media. It is always advisable to let customers, suppliers and important stakeholders know the status of the situation, to the extent that they need to know. Keeping people in the dark regarding the situation will generally result in a huge loss of confidence , which translates to lost business once customers can switch to a place less vulnerable. A company statement should be issued to people with a vested interest in the company, advising of what has occurred, what is being done to remedy the situation, and when they can expect the company to be back to business.
Brassil: Unfortunately, no. Companies need to consider that some aspects of their infrastructure are out of their direct control (i.e. power grids and telephone networks). In a wide-scale disaster, it may be days or weeks before infrastructure is restored. This is where perhaps some upfront money comes in - consider satellite and wireless options. Make the same provision for power. Consider generators but procure anything needed ahead of time. At time of disaster, it may be difficult to find a generator or required fuel. Depending on a company’s needs and the resources in town, they may be able to utilize a local hotel or conference center for a temporary facility. As with all recovery planning, however, this is only valid if there is a written plan agreed to by all parties.
Brassil: Regina Brassil has been working with customers to develop recovery plans since 1989. For more free tips, tools and information on recovery planning, visit www.agilitydirect.com ; or www.agilityrecoverysolutions.com
|
