According to a survey of disaster recovery decision makers, only one-in-seven businesses continuously update their disaster recovery plan. For the other businesses, the likelihood is that recovering from a disaster will be more expensive and time-consuming than planned - with some ultimately failing to recover at all.
Every few years, Disaster Recovery Journal partners up with research company Forrester Research to compile the “State of Disaster Recovery Preparedness Report”. The latest report (PDF) shows that, although more businesses have a disaster recovery plan than in previous reports, the frequency with which plans are updated and tested has fallen over the past ten years.
The failure to update and test a disaster recovery plan can have significant consequences. If elements of a business's operations have changed since the last time its plan was updated and tested, its response to a disaster may not be as effective. Depending on the nature of the event, gaps in preparedness can result in recovery being more expensive and time-consuming than anticipated.
In terms of what gaps in preparedness might cost, a report compiled by the Ponemon Institute (PDF) put the average cost of an unplanned data center outage at $8,851 per minute once direct costs, indirect costs, and opportunity costs are taken into account. More serious disasters that can't be recovered from with the click of a mouse (i.e. hurricanes and bio-terrorism) will likely cost much more.
What is a Continuously Updated Disaster Recovery Plan?
A continuously updated disaster recovery plan is one in which the business's hardware inventory and personnel database is always kept up-to-date, and details of both are integrated into the plan in real time. The plan should contain Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs) and a priority order for software applications so that business-critical processes are restored first.
Depending on the business's tolerance for downtime, there might need to be a backup worksite for key personnel. The backup worksite needs to mirror the “everyday” worksite, so this also needs to be kept up-to-date in order to minimize the impact of a disaster. Naturally, data needs to be continuously backed up, and the plan should account for how data can be accessed during a disaster.
To overcome the potential issue of on-site data being inaccessible during a disaster, many businesses use cloud-based services to maintain an off-site copy of sensitive and business-critical data. Although it can add to the administrative overhead to maintain two disaster recovery plans in unison, this is an ideal solution for accessing data remotely and for restoring operations quickly.
Why a Continuously Used Communications System is Also Important
At the center of a continuously updated disaster recovery plan there needs to be an emergency communications system in place that is used for day-to-day communications as well as for emergencies. The reason it should be used continuously is so employees are familiar with sending and receiving messages through the system, and won´t have to deal with something “new” during a stressful event.
The system needs to be resilient against typical communication outages during a disaster (i.e. phone and email) in order to ensure key personnel and their deputies are contactable as a disaster starts, and so that all personnel are kept informed throughout an event - both on-site personnel and remote workers. The system should also support segmentation so it is easier for key personnel to prioritize messages.
For the disaster recovery communications system to be fully effective, the system should be integrated with a personnel database - particularly in a business with substantial employee churn. There also needs to be a way of monitoring message receipt so that, if key member personnel are unreachable, deputies can be quickly found to fill their roles in the execution of the disaster recovery plan.
Some organizations use a reliable mass notification system capable of sending multi-modal emergency alerts simultaneously with just three clicks on any Internet-connected device. Unlimited segmentation enables targeted, two-way communications before, during, and after an emergency; and, if your business is connected to the WebEOC system, an extension for WebEOC enables incident managers to send all emergency communications from the same platform.
The ideal mass notification system is easy to synchronize with personnel databases, plus provides the option of an SMS opt-in/opt-out capability - which is ideal for businesses receiving guests and business contacts on their premises. A user-friendly management interface enables incident managers to identify personnel who have not acknowledged an emergency alert, plus the system also supports a geotargeted poll-based alerting feature which uses polls to check on the well-being of employees in certain locations or request volunteers to cover vacant shifts.
Assuming the Ponemon Institute's calculations are correct, gaps in preparedness could cost you more than $8,000 per minute. Communication is a key component of a disaster recovery plan; and, if you have a communications system that is not kept up-to-date or used regularly, it will likely undermine the rest of your plan.
you may also like
Managing Building Security Amid Closures
May 11, 2020
In March, college and university campuses across the United States halted in person classes, shuttering on campus facilities, sending students home, and transitioning to a...