This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
It is worth remembering that misfortunes befall unawares. Disasters, being unpredictable by nature, can strike anywhere and at anytime. Disaster is a sudden, unlooked for event bringing great damage and loss to the personnel, buildings and the routine organisational structure of an organisation. Such damage is beyond the control of the organisation's staff and the management. Disasters can strike any organization, large or small. It completely disrupts the normal day to day working of an organisation. Recovering from disaster can be stressful and time consuming, especially for those who have not planned for such possibilities.
Disaster recovery has always been about dealing with a single disaster or potentially disastrous situation. Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure, critical to an organisation after a disaster. Disaster recovery must consider how a business is run and the different elements needed to keep the business going. These needs differ from business to business and a good disaster recovery plan should be designed, according to the needs of the individual's business.
Disaster can come in the form of storm, flood, fire, a terrorist bomb or only a quality control failure. The business will be put out of order for a short or long period, if the disaster is huge. Advance planning taken by a company will determine whether the business will recover or not. The time frame for disaster recovery should also be kept in mind. A much more detailed planning is needed in advance, if the company needs to be able to recover almost immediately after the disaster. Though it is not possible to plan for every event, yet a concrete disaster recovery plan can make a lot of difference. Although disaster recovery plan is a difficult aspect, yet it is crucial for a successful business.
CLASSIFICATION OF DISASTERS
Disasters can be classified into two broad categories: natural disasters and man made disasters.
- Natural disasters include flood, fire, earthquake and hurricane etc. Though preventing a natural disaster is very difficult, it is possible to take necessary precautions to avoid losses.
- Man made disasters are caused due to human error and comprises of accidents, walkouts, sabotage, burglary, virus and intrusion.
The greatest threats to most organisations are from fire, burglary or vandalism. In case, premises are in low-lying land close to a river, there is a danger from floods and serious storms. Some businesses face risk from animal rights or terrorists because of their links with overseas countries. Therefore, all organisations face risk from one type of disaster or the other.
Why 80% of businesses fail after a major disaster?
Most large companies spend some portion of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT data. However, it is seen that 80% of businesses fail after a major disaster.
There are very few major organisations today that do not make some plan to deal with the effects of an untoward disaster. Planning makes a substantial difference to the chance of surviving an incident. If any organisation takes a logical view of the threats facing it and then plans out how to react to them, this will help to mitigate the effect of the disaster.
Small businesses are more likely to be successful if they recognise and adapt themselves to the changed situation, as compared to companies those simply try to reopen and carry on business as usual. The companies must either adapt to the new circumstances or face the consequences of risk failure. Moreover, survival is not dependent on the physical damage suffered by the company. Several factors are critical to the survival of a small business after a disaster:
- Impact of the disaster on the company's customers- It is difficult for the business to survive if the customers are forced to leave the area following the disaster.
- Easy availability of convenient and substitute goods - It will be difficult for the business to maintain its customer's base, if substitute goods are easily available.
- Extent of the loss of financial resources of the company -If the company has lost financial resources during the disaster and has less resources to rebuild and relocate, there will be less chances for the company to survive.
- Earlier trends of the company - If the company's business is declining, it is unlikely to recover.
- Adapting to the changed environment - If the company is able to adapt itself to the changed environment and subsequently make required changes, the company is likely to survive.
Therefore, businesses are likely to recover in case the business owner makes wise decisions about recovery. The largest losses to the business do not come from the direct damage of the disaster itself, but from the years after the disaster. It usually takes the same level of commitment and energy to revitalise a business that has suffered following a disaster. So, companies must not rush to reopen, unless it makes very good business sense.
How to mitigate risks in your organisation?
All businesses need to assess risks and undertake a risk assessment for all areas of importance to the company. The company should first look for any flaws in the organisation and rectify them to reduce the impact of a disaster. The following are the areas to be looked into by an organisation:
- Financial planning
- Security, fire and safety;
- Computers and its record keeping;
- Raw materials and other essential supplies;
- Staff and personnel matters.
If a company has a plan, it will be halfway down the road to recovery when disaster strikes. It is important for a company to identify its assets (anything that's valuable to your organisation), vulnerabilities (weaknesses that might result in the failure of a control that affects the integrity or availability of assets) and threats (likely events those may actually compromise your data if a corresponding vulnerability exists). A risk occurs when an asset has vulnerability and there is the presence of a corresponding threat.
After a risk assessment has been completed, it is important to manage risk. There are four options for managing risks: mitigation, acceptance, avoidance and transference.
- Mitigate risk - Risk can be mitigated to an acceptable level by implementing appropriate controls. For example, risk of fire might be mitigated by installing a fire suppression system.
- Accept risk - It is possible that a company might just want to accept the risk and do nothing about it. For example, if your business is situated in a state that experiences minor earthquake, you may accept the risk of an earthquake.
- Avoid risk - Another option is to change the business practices so that you are no longer exposed to risk. In case, you have a computer located in your lobby and worry about it being stolen, you may decide to avoid the risk of theft by removing the computer.
- Transfer risk - A company can transfer risk to an insurance company by purchasing fire insurance.
This is how disaster can be planned and a risk assessment can be conducted. This hard work in advance will pay off in a big way.
General steps to follow/create disaster recovery plan
Disaster recovery planning is a part of a larger process known as business continuity planning and includes resumption of applications, data, hardware and other IT infrastructure. A business continuity plan is the creation and validation of a logical plan of how an organisation will recover partially or completely after a disaster. It includes planning for non-IT related aspects such as key personnel, crisis communication and also disaster recovery plan for IT related infrastructure.
The following steps must be followed by a company to create a disaster recovery plan.
1.Drawing up a plan
Initially, objectives are set out and work is started on drawing specific parts of the plan. It is important to consider the following points while drawing up a plan:
- It is better to have shorter plan
- No plan can ever cover all eventualities
- Plans should be drawn up by people within the business, as no consultant can understand your business better.
A plan should incorporate an introduction, post plan activities, main part containing data protection and recovery arrangement, procedures for back-up, details relating to customers and suppliers, forecast of needs and security concerns like site protection, reception of emergency services and supporting annexes such as call-out sheets, staff welfare etc. The disaster recovery plan can be customised according to the needs of the business requirements.
2. Senior management support
The completed plan must be approved by the senior management and a clear statement to this effect must be placed at the beginning of the plan. Top management's approval is crucial, as otherwise no useful work can be done beyond the initial planning stage.
3. Role played by each department
In case of disaster, each department will need to understand its role in plan and be prepared for the action. The obvious people to take part in the management of the disaster must be the Board and the second-tier managers who enjoy the confidence of the immediate bosses.
4. Training and exercises
A paper plan without training is of no use. Training of all those who have a role in the plan is essential. There should be formalised sessions covering the contents and aims of the plan, so that all those involved in the plan are familiar with it.
5. Revision of plans
A common misconception in creating a disaster recovery plan is that once a plan is written, it is complete. Plan needs regular reappraisal and revision as flaws and omissions in the plan will always be disclosed during exercises. At the same time, changes in organisational structure need constant revision and updating of the plan and further training.
One of the most interesting things about disaster recovery is that just by starting to plan; the company will automatically improve the risks of its survival. The company will be able to take simple cost effective measures to control the hazards. Moreover, by getting the concept of disaster recovery aired in the organisation, it is likely that if something serious goes wrong, the initial delays which take place in such circumstances will be absent. The people of the organisation will more readily adapt themselves to the new range of circumstances. Moreover, if the organisation also trains its people in implementing these plans, it will have a fair chance of surviving the disaster.