SDN Blog

Assessing risks is important first step in disaster planning

Posted on Thursday, May 08, 2014 in Data Center , Uptime University

Blog written by

Planning for the storm

Keeping key business functions alive during a disaster takes a lot of advance planning and practice.

Getting a business back up to pre-disaster level takes an even greater commitment to high-quality preparation.

When a tornado, flood or winter storm is imminent, the time for thoughtful analysis has passed. In an atmosphere of danger and chaos, rash decisions are likely. Serious accidents, cyber attacks and internal sabotage have a way of distorting the logic of victims.

The statistical evidence is clear: companies that suffer a major disaster without a good contingency plan in place are likely to go out of business.

Business continuity and disaster recovery plans are absolutely critical to the long-term success of most companies, says Cassie Baldwin, a certified continuity manager who heads up continuity and recovery planning at SDN Communications in Sioux Falls. Baldwin is also the contact center manager, which gives her experience helping other companies protect their electronic assets.

“We try to plan for the worst-case scenario and work our way back to the least disastrous events,” Baldwin says.

Disaster planning is especially important at SDN because other organizations rely on the company to help them deal with possible disruptions in their businesses.

Step one: Assess risks

Business continuity and disaster recovery are two, related survival concepts often abbreviated as BCDR or BC/DR. Business continuity refers to the need to maintain essential functions during and immediately after disaster strikes. Disaster recovery relates to the process of re-establishing normal business activity after a serious disruption.

The highly important first step in good BCDR planning is to conduct a risk assessment, Baldwin says.

As the names suggests, a risk assessment (or RA) helps an organization identify threats to its business continuity. Baldwin says some of the components of good RA include:

  • Noting critical business functions and information such as the controls in place that reduce exposure to risks.
  • Identifying the key resources, including staff members and equipment, upon which every business function depends. From there, the adequacy of current protective measures, such as staff training and backup systems, can be evaluated.
  • Ranking each business function in terms of exposure to risk. Common threats also should be identified and ranked. Then identify cost-effective strategies for reducing vulnerabilities.

Ranking threats helps a company determine its priorities, Baldwin says.

Step two: Rank functions

The second, critical step in disaster planning is to conduct a business impact analysis, or BIA, to prioritize business functions.

As Baldwin notes, a risk assessment helps a company identify its vulnerabilities and a business impact analysis identifies the consequences of an interruption.

The BIA process involves assessing the impact – financial and otherwise – of shutting down each function of an organization.

Obviously, the amount of time an organization can afford to have a system offline and the amount of data that it can afford to lose are major factors in the complexity and cost of recovery plans.

Here are some of the important questions that should be asked during the data-gathering processes:

  • What major functions are performed at each company location?
  • What are the approximate staffing levels for each functions?
  • Can any of these functions be suspended for an extended time without unacceptable consequences?
  • What level of staffing would be required to perform each function at the lowest acceptable level?

Other suggestions

BCDR plans should outline procedures to be followed in the hours before a disaster, such as a storm, if possible. Strategies for recovery also should be outlined.

Detailed employ lists should be created and constantly updated. Employee contact lists should include information such as home phone numbers and, in case of an emergency, and details about disabilities or health-related concerns.

Baldwin offers a variety of others suggestions to organizations making BCDR plans. Among them:

  • Companies should maintain paper as well as electronic copies of important documents and plans.
  • Businesses should work out agreements with other organizations in their neighborhood to provide each other’s employees temporary shelter in case of a fire, for example, or a shooting incident.
  • Keep some cash available for emergencies. In widespread disasters, customers who can pay cash for items such as fuel are likely to get priority service.

Sioux Falls Police officers have toured the SDN campus and provided a number of suggestions to help the company plan for coping disasters.

“We’re trying to be as prepared as possible,” Baldwin says.                                    

SDN offers products and services that can help businesses and organization secure their assets in disaster situations. Just check out the What We Do section of the SDN Communications website.