Just in case: Develop a disaster recovery plan for your association
By W. Charles Oakley, ISG Solutions, Rockville MD
The following article was
published in Association Trends, December 21, 2001.
Disaster recovery planning has taken on a new importance over the past
several months. If your assn is one of the many that are revisiting their
disaster recovery and business continuance plans, here are the steps you need
to take to make sure you have a solid plan in place.
Analyze risk. The first step is to identify what business processes
occur in your assn. For example, most assns have processes for handling new
mbr application forms, meeting registrations and dues payments. Then identify
the associated IT infrastructure resource requirements: software, hardware,
network, database, etc. Prioritize the processes according to their importance
and time sensitivity.
The next step is to identify potential threats. Traditionally these threats
have fallen into the following categories: fire/heat damage, water damage,
power failure, network (LAN and telecommunications) failure, hardware/software
failure, and accidental or deliberate destruction or corruption of computer
systems. However, it might be appropriate to include others. Assume that an
outage will happen at the worst possible time, and allow for the possibility
of multiple disasters. Fire, for example, is often accompanied by water
damage.
Develop a plan. A good way to design a plan is to organize recovery
procedures by business process. This allows for a flexible implementation in
stages. Here are some items that should be addressed in your plan:
Hardware, software, network. A typical objective would be to get
critical applications up and running at emergency service levels within hours.
So first, you have to determine which applications are critical, and then
define what is an acceptable emergency service level. What IT hardware,
software and network capability will be required to function at that level?
Several alternative sources of supply should be identified.
Data. For most organizations, ensuring the availability of key data
is even more important than maintaining hardware and software capability. Data
should be routinely backed up and transferred to off-site storage. Don't
forget that all data is not electronic. Key data that exists on paper needs to
be backed up too.
"Hot" site. Plans should include a way to transfer data
from off-site storage to a recovery center. A number of companies offer
facilities where you can rebuild your systems. Lately, application service
providers have begun offering this service and offer a cost-effective
alternative to other recovery centers. Remote access should be included, since
for many types of disasters it will be desirable to allow telecommuting.
Emergency action. Your plan should include procedures for
decision-making authority, creation of a mgmt command center, evacuation
procedures, and methods of communicating with staff, mbrs, chapters or
affiliates, and key partners or vendors.
Education and training. For your plan to work, every staff mbr must
know what his responsibilities are for safeguarding assets and reporting
events, and what specific actions should be taken when an emergency occurs—as
well as what constitutes an emergency.
Test and update the plan. Now that you have completed your plan,
it's time to move on to the next step: regular testing and maintenance. A good
plan is a living document, one that has to be updated on a regular basis to
incorporate ongoing changes in business processes and IT requirements. Testing
is the best way to discover inadequacies in the plan and changes in business
processes that no one thought to mention. It also reinforces your plan in the
minds of staffers and allows you to benchmark recovery times during optimal
conditions.
Congratulations! You now have a solid disaster recovery plan, which you
will probably never need. But if the worst does happen, you'll be prepared and
able to recover critical business operations as quickly as possible.
Details: W. Charles Oakley can be reached at 301/519-3776
or coakley@isgsolutions.com.
|
