From fires and floods, to data breaches and acts of terrorism, a disaster could be ruinous to your business—harming employees, destroying infrastructure, and causing severe business disruption. Developing a plan beforehand to deal with such catastrophe might make the difference in your business surviving the event.
It's important to consider how your business would respond in an emergency or disaster. Here are some steps to take to develop a disaster recovery plan.
Assess Your Business
Disaster recovery plans should not be seen as one-size-fits-all. Indeed, you will be assessing specific risks for both your business and its local environment.
A law firm, for example, will have a different risk profile than a gas station, and a business located in an area prone to specific kinds of natural threats such as earthquakes, tornadoes, and floods will need to incorporate the risks of such events into its disaster recovery response.
While your insurance company can offer general guidance on preparing for disaster, as well as tips (and insurance policies) for mitigating any damage from disaster events, it's crucial to have thought through your specific business's requirements for getting critical systems, such as communications and IT, back up and running.
Gather Stakeholders and Establish an Emergency Response Team
As you consider your business needs in the light of potential disasters, you will want to communicate with stakeholders from across your organization to gather insights for your disaster recovery plan and establish expertise among your employees (such as determining who has medical training or other useful skills in the event of a disaster).
From there, you will want to establish your emergency response team, assigning a point person and members of the team various tasks to execute during a disaster. In most cases, your legal and IT departments should be two departments represented on your emergency response team.
Budget for Disaster
A disaster could be financially ruinous, and even the best insurance policies may not cover all the disruption incurred by your business.
Depending on your business and the type of disaster, your disaster recovery budget could include funds for emergency supplies, redundant communications systems to communicate with employees, office relocation, outside emergency consultants, petty cash accounts, and other similar expenses.
Write the Plan
Now that your emergency response team has been established and you have budgeted for a potential disaster, you can now set about writing the plan. Your emergency response plan will typically include:
- An executive summary outlining the disaster recovery plan and a delegation of authority
- The emergency response team roster, including contact information and roles and responsibilities during prior to, during, and after a disaster
- Situations and circumstances in which the disaster recovery plan is triggered
- Employee roles and responsibilities during a disaster
- List of relevant government and emergency contacts, including police, fire, and medical services
- Contingency, evacuation, and relocation plans
- Means of accounting for employee safety and assessing damage
- Communications and public relations strategies
- Contact information for insurance carriers and potentially relevant government agencies
Finalize and Test the Plan
After your plan has been developed, you should put your plan to the test.
One method of testing your disaster recovery plan is with "tabletop exercises," in which a disaster is simulated and employees react according to the plan. Although lacking in the strange unpredictability of an actual emergency—and thus not quite as effective in rooting out possible shortcomings of the disaster recovery plan as an actual disaster—tabletop exercises are a fine way of evaluating your disaster recovery plan while providing employees with emergency training to simulate an actual disaster.
Communicate the Plan to Employees
After you have developed and tested your disaster recovery plan, your next step should be communicating your plan to your employees.
This communication should be done over a variety of media such as email, intranet, and hard copy, with periodic training sessions to ensure that employees know when and how to access the disaster recovery plan.
Periodically Update the Plan
As your emergency response team and other key personnel change over time, you will need to change your disaster response plan to reflect these changes. Also, your disaster recovery plan should incorporate changes in other contact information for external parties like government agencies and insurance carriers, as well as accounting for new risks your business may face.
Key executives and the board of directors should be apprised of significant changes in the disaster response and business continuity plans. You also may choose to engage an attorney to review your plans.
As the old saying goes, an ounce of prevention is worth a pound of cure. A disaster recovery plan is that ounce of prevention and can provide an invaluable road map during a crisis to ensure that your company can survive an otherwise lethal disaster.