On New Years Day 2020, the year ahead looked much like any other. Business was steady and the WSRB offices were a bustling hub of activity – until they weren’t.
COVID-19 struck the globe and businesses everywhere were thrown into a frenzy, scrambling to adapt to the rapidly changing circumstances. At WSRB, we quickly pivoted, transitioning from working in-office to becoming a fully remote organization almost overnight. Though it might have felt like we were trying to build the plane while we were flying it, our Disaster Recovery Plan provided a blueprint for handling these unforeseen conditions. It may not have been perfect, but it worked – and taught us a thing or two along the way.
I’m dedicating this blog to all the planners and worrywarts, all the folks who know that simply crossing your fingers is not a viable strategy. We’ll explore what a Disaster Recovery Plan is, why they are essential, and how to best formulate one that suits you and your businesses specific needs.
Pandemics and other catastrophes may happen once in a blue moon, but you never know when the year ahead will take a sharp turn for the worse. Being prepared is critical.
What is a DRP?
Let’s start with the basics…
A Disaster Recovery Plan, also known as a DRP, is a comprehensive strategy, outlining the necessary steps a business needs to take to continue operating in the face of a disaster.1 It’s your company’s roadmap for survival, the knowledge and planning necessary to ensure functionality and recovery.
As your business and the world changes and evolves, so too does your DRP; it’s a living document that grows and changes, adapting to the unpredictable nature of reality.
The pandemic underscored the importance of a flexible DRP and demonstrated the need for a broad perspective. It’s not just about backing up your data or securing your servers —it’s about safeguarding your people, fortifying your supply chain, and keeping your communication channels open and effective.
COVID-19 taught us that our DRP needed to cover all aspects of our business environment. The key takeaway? Disasters don’t affect one single part of your business; they hit everything, all at once, RELENTLESSLY, and your DRP needs to be ready.
Related:
How Updated Technology Protects Your Company
Assessing risks
Before you can craft a solid DRP, you need to know what you’re up against. Enter the Business Impact Analysis (BIA).
Step one: Identify the most likely risks, stuff like pandemics (obviously), cyber-attacks, natural disasters, alien invasions (kidding… mostly).
Step two: Analyze the potential impacts on your business. What functions are critical? What would happen if they were disrupted? How long could you continue without them?
Your BIA doesn’t need to be foolproof, but the goal is to start identifying weak spots before they become apparent during a disaster. It’s always better to check for leaks in your boat BEFORE getting caught in a storm.
FEMA has fantastic resources for developing a BIA, including a questionnaire. Check out their resources here.
Necessary considerations
Once you’ve formulated a BIA, it’s time to dive headfirst into crafting your DRP. Not every business is the same, but here are some critical elements to consider:
Operational continuity
Arguably the most important thing to consider. After all, what good is a business if no business can be done? So how will your business be able to continue operation if your office space is suddenly inaccessible?
At WSRB, we had a contingency plan: remote work.
However, it’s not just about distributing laptops and wishing everyone good luck at home; you need to make sure that all critical functions are still covered. This could involve cross-training different employees. This might require remote access. You may have to double check that your IT infrastructure can handle the load.
Redundancy isn’t important just for data – it’s essential for personnel too.
Learn more about business continuity here.
Communication
Keeping an open line to both your employees and clients is imperative – before, during, and after a disaster. Your DRP needs to determine how you’ll keep internal teams and external customers and stakeholders in the loop.
Internal communication requires more than a simple email; you must make sure employees understand what is happening, what is expected of them, and where they can turn for help. All of this is especially important in a remote work environment.
External communication ensures that all parties know you’re still in business and that, behind the scenes, you’re handling the situation.
Health and safety
Your DRP also needs to address the health and safety of your employees.
Obviously, COVID-19 is a great example of why this is important. However, any disaster can pose a threat to your employees’ safety. Any DRP should include protocols for keeping employees safe, including considerations for evacuations, lockdowns, remote work, and health checks.
Supply chain resilience
Recall when toilet paper was worth its weight in gold?
Supply chain disruptions have the potential to cripple a business without proper preparation. And while some circumstances can’t be helped, doing your best to maintain your supply chain – diversifying suppliers, maintaining extra inventory, finding alternative methods of delivery – can mean the difference between complete breakdown and a minor speedbump.
When one link breaks, you need to have another ready to go.
Related:
Small Businesses: The Importance of Cybersecurity
Testing and updating
So, you’ve got your DRP all laid out – fantastic!
Now it’s time to try and break it. Remember: a plan that’s never tested is merely a theory.
Routine testing of your DRP, utilizing drills and simulations, helps to identify weak spots. Furthermore, as your business evolves, so too must your DRP; update it regularly to account for changing risks, new operations, and lessons learned from past events (*cough* COVID *cough*)
They say the more time you spend maintaining and running your car, the further it will go. The same is true of DRPs: if you don’t maintain it and take it out for a spin every now and then, it’s not going to start when you need it most.
Learn more about disaster recovery testing here.
Leading the way through darkness
A DRP is only as strong as the resolve behind it. Leaders must prioritize disaster recovery, ensuring that all the necessary resources are available to maintain an effective strategy.
DRPs aren’t just IT projects – they’re companywide initiatives that require buy-in from the top down. At WSRB, we’ve witnessed how strong, pioneering leaders can understand the importance of preparation, empowering thoughtful risk assessment and mitigation strategies.
Disasters can come out of the clear blue sky; when they do, you need to be ready. Take action TODAY to ensure your business, and everyone associated with it, can weather the storm.
[1] Ready.gov, https://www.ready.gov/business/emergency-plans/recovery-plan
