Disasters are scary, and they can happen anytime to any business.
From acts of God to human malice and from natural disasters to technical troubles businesses have to be prepared for any kind of eventuality. All enterprises know this, and they invest extensively in a disaster recovery and business continuity plan. Their processes are designed and audited so that no matter what happens the show keeps going on.
This is not so for majority of small businesses.
According to data from FEMA and SBA, 40% of businesses don’t recover after a disaster and 25% fail within one year of reopening. And even more depressing is that 90% of businesses fail within two years of being hit by a disaster.
Thing is, it isn’t the lack of money or insurance that kills these businesses. It’s the lack of systems and processes.
As Sun Tzu wrote in the Art of War if you know yourself and know your enemy you can win any battle.
So before you rush headlong into setting up data backups or installing fire alarms you have to audit yourself and also prioritize the potential risks.
What you will do first is build a Business Impact Analysis which identifies the services that support essential business functions.
Grade the impact of events happening on a scale from 0.0 (no impact on business) to 1.0 (total shutdown of operations), and build something like this
Once you know the impact of these events you can now estimate the likelihood of these events occurring using the same scale (0.0 for no likelihood, 1.0 for high likelihood) and create the following table.
And then to get the risk that these events pose to your business multiply the impact with the likelihood to get the Risk Impact Assessment.
These numbers will be subjective and will keep changing with time. But after this exercise you will now know what to focus on- first, preventing a malicious attack, and next, taking precautions against earthquakes.
When you are conducting this exercise think not only about IT but look into every aspect of your business holistically.
Let’s assume that you want to build an effective IT recovery plan. Once you have carried out the Risk Assessment and Business impact analysis, here’s what you should do according to the National Institute of Standards and Technology:
Build separate checklists for each of these points. For example, the checklist for preventive controls should include, at the minimum the following items:
When you are building and implementing a DR plan you have to keep in mind two metrics: RTO (Recovery Time Objective) and MTPOD (Maximum Tolerable Period of Disruption). The timeline below will give you an idea of how these two metrics are calculated, and a good disaster response will aim to keep these times to the minimum.
Disaster recovery is a continuous process which will get more complex as your business scales and grows.
You have to secure your assets and your apps, files and the network, and actively be on the lookout for any potential security holes. This extends not only to IT but to the physical aspect of your operations as well.
Disaster recovery is a part of business continuity planning. BCPs encompass all the other processes that a business needs to implement so that business operations don’t pause even in the midst of a disaster.
To further aid your DR effort check out these links from the US Small Business Administration about how to plan for disasters.
If you haven’t yet planned for disasters start today. It’s never too late to begin, and every box crossed off your checklist takes your small business in that 10% of companies who survived and thrived two years after a disaster.
Modern IT Infrastructure Management for SMBs
Five ways for Differentiating your organization in a Post Digital World
Royalty Free: What does it mean for SMBs?
IT Priorities for SMBs in 2018
Here’s why you need to setup a PM CoE
Trading Data as NFTs: The basics you need to know
Active (Machine) Learning: Leveraging Human Experience to Improve AI
Digital Platforms for a Circular Economy
Neuro-Symbolic Learning Explained
AI Regulatory Initiatives Around the World: An Overview
No obligation quotes in 48 hours. Teams setup within 2 weeks.
If you are a Service Provider looking to register, please fill out this Information Request and someone will get in touch.
Outsource with Confidence to high quality Service Providers.
Enter your email id and we'll send a link to reset your password to the address we have for your account.
The IT Exchange service provider network is exclusive and by-invite. There is no cost to get on-board; if you are competent in your areas of focus, then you are welcome. As a part of this exclusive network you: