Disaster Recovery Planning
Getting started in a disaster recovery plan may seem difficult. We’ve assembled a simple list to get the ball going.
We highly suggest having an emergency plan in place. Small companies can get started simply by creating a binder that is to be opened and used in case of an emergency. A typical binder will include:
1. A list of all hardware, software and service providers along with their emergency phone numbers and your corresponding account numbers.
2. A list of all personnel to contact in case of an emergency (executives, IT support)
3. A list of all critical systems to the firm and the order in which they should be rescued or recreated. (Get management buy in as to the order)
So typically you’ll need to document your backups. Where are they storage/located. What software you used to create them. If they are encrypted, have either that sealed in a safe place or the name and phone number of the person that knows this information.
When thinking of how you’d recover from, say, a total loss of the premises, think about what is needed to get the vital systems back up and running for the next business day. These usually include:
1. E-Mail services
2. Accounting system
3. Databases (Accounting system, ERP, CRM…)
4. Files needed for work (Documents, spreadsheets and so on)
5. CRM (so sales can contact clients which may be affected)
6. ERP
7. Web site (if hosted internally)
8. Intranet (so HR can contact employees)
Document all of your cloud based services!
- Detail the server name, URL, Master account information (Account number, e-mail address used), Phone number, Whose credit card was used (have the last 4 digits to confirm), and the associated password (or at least a hint as to who can provide this in time of need)
Insurance information:
- Keep a copy of your insurance policy along with contact information and your account number.
- Make sure that you have electronic copies somewhere safe of the hardware and software of your inventory (as mentioned above). This should include serial numbers and activation keys. Most insurance companies will ask for this information should you need to file a claim.
Here are some great documents to get you started:
Three useful ones are:
- National Institute for Standards and Technology’s SP 800-34 standard “Contingency Planning Guide for Information Technology Systems”
- International Organization for Standardization’s standard ISO 27031 (2011) “Guidelines for information and communication technology readiness for business continuity”
- International Organization for Standardization’s standard ISO 24762 (2008) “Guidelines for information and communications technology disaster recovery services”
Share you disaster recovery plans and stories with us!
If you need help, we also can recommend companies that can assist you with your planning and security audits!