September 2013 has been deemed National Preparedness Month (NPM) by President Barack Obama. The White House press release notes that FEMA intends to build and sustain national preparedness in the face of natural disasters, such as hurricanes, tornadoes and floods to cyber incidents, like when hackers attacked major news outlets and federal agencies.
While not every incident is predictable or preventable, organizations can create a comprehensive business continuity plan for their mission-critical data and application security. Within a business continuity plan lies four major steps:
Business Impact Analysis (BIA)
A BIA should include a risks assessment to determine what kind of assets are at risk – including people, property, critical infrastructure, IT system, etc., as well as a measurement of the financial/operational damage depending on the time of the year. Financial and operational impacts may include the loss of sales, brand credibility, specific industry compliance fines, legal fees, PR (public relations) management, etc.
Another important aspect of a BIA includes mapping out your business model to determine where interdependencies lie between different departments and vendors that support your company. The larger a company, the more complex the business model tends to be; making it more difficult to identify workflows and resources.
Create an inventory of documents, databases and systems used on a day-to-day basis to generate revenue, then quantify and match income with those processes as part of your recovery strategy and business impact analysis.
In addition to data recovery, a recovery strategy should include personnel, equipment, facilities and a solid communication strategy to effectively recover and restore business operations in the event of a disaster or outside attack.
An important part of the overall plan development includes documenting an IT disaster recovery plan. While only a subset within a business continuity plan, IT disaster recovery involves a strategic plan to restore IT infrastructure, including servers, networks, devices, data and connectivity.
A data backup plan involves choosing the right hardware/software backup procedures to fit your company; scheduling and implementing backups; and checking/testing for accuracy.
Testing & Exercises
Develop a testing process to measure how effective and fast your plans can be carried out, including training for your company and IT team. Be sure to fully test a disaster recovery plan at least annually.
In our Disaster Recovery White Paper, we also provide a case study of the switch from physical servers and traditional disaster recovery to a private cloud environment; with significant differences in cost, uptime, performance and more.
Recognize National Preparedness Month by establishing your company’s IT disaster recovery plan before the end of the year, and effectively protect against the rising number of data breaches and unpredictable natural disasters.
Watch our previously recorded Disaster Recovery webinar series:
FEMA: The National Preparedness Community
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.