Business Disaster Recovery Plans (DRP)
Recently we have seen unprecedented, extreme weather events that were a disaster for many areas, individuals, and businesses. I know we all hope that they can all recover as quickly as possible.
It is hard to see how we could be fully prepared should a cyclone or other natural disaster of that magnitude turn up but there is no doubt the national and local governments will be spending a lot of time and money over the next 5 years building more resilience into our water, power, communication, drainage systems and roading infrastructure.
While we can look to the authorities to do their part, we also have a responsibility to ourselves and our businesses to look at the risks we face, how we can prevent them from occurring and what we should do if they do anyway.
This is called a Disaster Recovery Plan (DRP). We are going to look at DRPs for business, but the principles are the same for us as individuals.
What are Business Disaster Recovery Plans or DRPs?
It is a plan that identifies ALL likely risks to a business, sets out the practical preventative steps we can take to lessen that risk and the actions we need to take should our preventative steps not be enough.
The risks we need to identify aren’t limited to natural disasters. They are anything that could significantly impact our businesses to the extent that it impairs our ability to carry out our business to a material level. Or even threatens its ongoing survival.
Some examples are the death of a key person in the business, the release of clients’ personal information, the actions of an employee endangering the reputation of the business, the failure of key software systems (e.g., through ransomware), employee theft, a major workplace accident etc.
How do you create a DRP?
There are many online templates that can help, you might be able to find one that is for your industry and for the size of your business.
However, the basic steps are as follows. Many tradespeople are used to this process as part of their site safety.
1. Take 15 minutes and brainstorm with somebody all the things that could happen to your business that would form a significant risk to the business’s survival. Write them all down, no matter how unlikely they seem.
2. Rank each of them by how likely they are to happen and how critical they would be if they did happen.
3. Starting with the most critical and most likely to happen, write down the practical steps you do or could implement to prevent them happening. Then identify the steps you would take should the risk occur anyway.
4. Work on any practical steps you could take to prevent the risk occurring for each one.
5. Communicate the steps that need to be taken should the risk occur to the people that need to know the plan.
6. Review the plan at least yearly.
Example: Ransomware Attack
Risk: A ransomware attack on our business is possible and quite critical. It could stop our business operating for up to a month.
Prevention:
1. Educate all employees on how to prevent ransomware attacks.
2. Review current antivirus software to make sure it is deployed and fit for purpose.
3. Make sure backups are happening and recovery is tested monthly.
4. Install software preventing any external storage media from being able to connect to any network connected device.
Mitigation: Have appropriate insurance cover in place.
Action should an attack occur:
1. Call IT support immediately on 027 XXXXXX.
2. Establish as quickly as possible RTO time.
3. Advise major clients using support email system.
4. Email staff of the situation and likely RTO.
5. Do not respond to Ransomware demand without approval by CEO and CTO.
Steps to be undertaken by a certain date and appoint people responsible for roles. Review insurance policy. Develop Employee Education program with HR and CTO.
Benefits of a DRP
• A good DRP helps us understand points of vulnerability in our business, how to fix them and improve the resilience of our business.
• It also helps identify what is beyond our control. All of this can help us sleep at night.
• There are members of BNI who can help us with a DRP like our insurance broker, accountant and IT person so reach out to them for advice.
