How is a disaster recovery plan different from a business continuity plan?
A business continuity plan outlines the overall strategic approach for dealing with major incidents and disasters before, during, and after they occur. It includes measures for preventing and mitigating risks, emergency response plans, and recovery strategies.
A disaster recovery plan is a component of the business continuity plan that is specifically concerned with the procedures required to get each part of the business up and running again after a disaster. The steps and procedures a business must take to resume normal business operations will differ depending on the type of disaster (think flood damage vs. supplier outage), which is why every disaster scenario requires its own plan.
Key Elements of a Disaster Recovery Plan:
- Purpose, scope, and objectives.
- Roles and responsibilities.
- Critical assets and resources.
- Insurance policies.
- Document and data backup.
- Communication plan.
- Action plan: define recovery procedures.
How to Create a Disaster Recovery Plan:
It is important to keep your employees, suppliers, business partners, investors, and customers informed of what you are doing in response to the disaster. To do so efficiently and avoid confusion or miscommunication, you will need to create a disaster recovery plan.
Define the purpose, scope, goals, and objectives.
Think about what the worst-case scenario would look like.
This will help you identify precisely how the disaster may impact your business, which assets and processes will be compromised, and what a reasonable timeframe for recovery would be.
Also, specify objectives, such as the minimum operational levels to which the business must be restored as well as the time and effort that should be committed to the recovery process.
Before getting started on a disaster recovery plan, you will have to identify the various types of disasters that could affect your business. Each scenario requires its own recovery plan.
Define employee roles and responsibilities.
Determine who is responsible for overseeing the execution of the plan.
Once this is complete, list the roles and responsibilities of other individuals also involved in the implementation process. This will help everyone have a clear understanding of their expectations.
Include disaster recovery plans in employee onboarding and training exercises.
Your employees should have a good understanding of the plan and the role they will play, including specific tasks and responsibilities. It is always good to do a regular refresher on this topic, especially after a review or update of disaster recovery plans.
List assets and resources.
Take stock of all your assets and resources.
Identify which are critical for restoring operations in the immediate aftermath of a disaster. For each business function that will be impacted by the disaster, identify what their critical resources are and what may be needed as a temporary workaround.
Examples of assets and resources:
- Office equipment and paper records.
- Technology and IT infrastructure.
- Production and warehouse facilities.
- Machinery and equipment.
- Third-party services.
Depending on the type of disaster and potential impact, outsourcing certain functions may be a consideration.
Include the cost of the assets and resources.
Depending on the type of disaster, you may need to consider whether some resources, such as raw materials and equipment, are likely to be available in the immediate aftermath of the disaster.
Evaluate your insurance policies.
Review your current insurance policies.
Review your current insurance policies with the resources and assets you listed in the previous step in mind and update them, if necessary. Comprehensive insurance coverage should include both direct and indirect costs related to the disaster. To support a quick recovery, try to find out how long it is likely to take for you to receive payouts or replacements in the case of a disaster and what the process is.
Review document and data backup.
Identify essential documents.
Identify what documents and data are essential and regularly back these up in a storage system that is not located at or solely dependent on the physical infrastructure at your business premises.
This should be an ongoing process. You will want to make sure that none of your data and essential documents are lost if, for example, a natural disaster destroys filing cabinets and technological equipment or in the case of a server failure or cyberattack.
Consider using an information and records management service.
Depending on your document and data storage needs, you may consider enlisting the services of an information and records management company, such as Access or Crown Records Management. If your business only keeps digital records, you may want to look at using a cloud service, which is a cost-effective and efficient way to keep your data secure.
Create a communication plan.
If you have a small business you will likely appoint only one person, often the business owner, to be in charge of all communication. In this case, you should, however, appoint at least one more person as a backup. If you have a larger company, it is best to assemble a team to be in charge of communication.
Collect and maintain essential information.
Collect all information needed for contacting stakeholders as well as to access and manage your company's communication platforms. Stakeholders include employees, investors, lenders, suppliers, customers, etc. Try to have at least two ways of contacting everyone.
Create a task list (who, what, when).
List the various audiences that will have to be contacted, such as employees, suppliers, customers, the surrounding community, investors, etc., along with the key messages for each group and the channels you will use. Include who will be responsible for contacting each group of stakeholders along with a timeframe for different messages to be sent.
To ensure that your communication plan is implemented without delay, you can prepare templates for the different types of messages and communication channels. This may include a press release, website notifications, emails, voicemail messages, and social media posts.
Create an action plan.
Include all procedures and guidelines.
The action plan should contain the specific procedures that must be followed to get all business functions back to the minimum acceptable operating levels. The employees responsible for the recovery process (as listed in step 2) must have a list of clearly defined steps to follow.
Example of general steps:
- Document losses and damages.
- Identify what can be salvaged and where there are crucial gaps that take priority.
- File insurance claims.
- Execute communication strategy (e.g. communicate with employees, contact suppliers regarding the way forward, inform customers).
- Implement temporary workarounds (e.g. transition employees to work remotely).
- Track recovery and report progress.
- Note what can be improved for future plans.
Review and update.
Regularly review and update your disaster recovery plan.
This is especially important if there are changes at your company, such as new suppliers and employees, changes to processes or product lines, or a change of location. Ensure that essential information and contact details are always up-to-date.
Identifying the necessary resources and assets required will give you an idea of the budget required to get back to normal operating levels as quickly as possible. While a comprehensive insurance policy may be in place, always plan for unexpected costs. Inform yourself about loans, grants, and other resources that may be accessible to you so you can react swiftly, should you need to.
In times of crisis, there are often specialized resources made available to help businesses recover. For example, during the COVID-19 pandemic, both private and government players made support and relief programs available.