Do you have a DRP?
February 19, 2013
Does your company have a DRP (Disaster Recovery Plan) that is not outdated and obsolete? In these of climate change, asteroids coming close to the Earth, and warfare you should ensure that it is ready to go at all times.
Not having an updated Disaster Recovery Plan is tantamount to giving the Uni-bomber a chemistry set and telling him to play nice! It just isn’t going to be very effective.
So what do you have to do in order to prepare for disaster, no matter the kind you may encounter? Each part of the country has its own risks and therefore your DRP needs to reflect. You won’t have a plan for tornados in New York nor will you have hurricane plans for California.
Below is a short article I wrote for a magazine article last year. I never got the article, so I’m sure the writer never used it. And it was written for an educational institution but it can be easily translated to business.
First of all, the institution absolutely must have a plan. If you don’t develop a plan and know how to implement it, then you’re lost no matter what happens. This plan needs to be coordinated between all departments in the institution. From administration, security, faculty, & even students at times. And while industry standards (i.e. ASIS) should be considered, they don’t have to be the be all to end all.
Specifically, the records that you must save in case of a disaster are few and simple. Student records such as personal information. Their academic records should also be kept. Not all of the notes or ‘homework’ that an instructor gives them but the basics. By the basics I mean the classes they attended, their grades at the time of disaster, and if they have done any ‘extra credit’ work, and if they passed or failed the course. And in the case of for-profit schools their payment of tuition. This is where your coordination team comes in.
You have to prioritize what records you’ll keep. In a large University you can’t possibly keep everything in terms of a disaster, it would take far too much time and space, not to mention money. So prioritize what you’re going to save. And despite the fiefdom’s and turf wars that erupt, the team has to keep focus on the task at hand.
As for instructors keeping information on their laptops or office computers, that is fine and appropriate. If they are university property, then the university should pay for the back-up service and no personal information should be allowed to be on it. And if it, then the cost should be split if they utilize an outside service i.e. Carbonite. If it is the property of the instructor, then they should split the cost. Using Carbonite is fine, but with any service you use, you have to ensure that it is an automatic daily back-up. That way, if the instructor forgets in the middle of a bad night, class, or whatever, then it will still get done.
As for the large store of information from the University, they should consider some sort of off-site storage of their records. And actually completely out of the region is preferable. The reasoning for this simple, Joplin, MO. And Xenia, OH.
If you want to store paper records then contract with a company that does cold storage. If you live along a major river, that shouldn’t be an issue, as in the Kansas City, MO. Area – there are hundreds of caves being used for that purpose. But there are literally hundreds of these sites across the country
Another important factor in writing a DRP is figuring out what your 3 areas of risk may be. Wha…? What is your vulnerability to an incident? Figure out what disasters are most likely to occur to your facility and then plan according.
The criticality of whatever you need to defend is also of paramount concern. What is the most vital and critical parts of your business or facility that need to be secured. As you saw above, you need to think about both paper and computer records. And there are myriad of other things as well to think about with this to the probability of such an incident happening. Sure a hurricane can be totally devastating and shutter your business for a long time, if not forever. But is it really going to hit exactly where your business is? No one ever thought a hurricane would hit New York City, and the probability is low, but they’ve been hit twice in 5 years. Your probability has to be reassessed if things change.
I’m sure you remember the old adage ‘The only thing around here that never changes is the amount of change’. It sounds like an oxymoron, but it really isn’t Circumstances change all the time, no one storm is ever the same, nor does it travel the same path. And the same holds true for every single natural disaster in the world.
Likewise there is no one incident or event that is man-made that is ever the same. Certain things remain constant enough to plan for. And certain things are still done the same way. But nothing will ever happen exactly the same way twice.
Therefore your plans are critical to your survival in a disaster, whether it be man-made or natural. And you’ll never know if your plans are adequate until you test them and train your employees.
Look for an article I did decades ago on this subject. You’ll see that I was ahead of my time with some of it and it’s just as relevant now as it was then.