Recent events have not only highlighted the vulnerabilities of businesses around the world, but also the importance of having a comprehensive and effective disaster recovery plan for your business.
Undoubtedly, cages have been rattled since the beginning of 2020. Puerto Rico was shaken by earthquakes and the Taal Volcano in the Philippines showed signs of erupting in January. From the possibility of a Third World War starting, to wildfires and floods, the world seems to have had no rest.
Aside from showing empathy to what was happening on the other side of the world, did South Africans consider what would happen if a natural or other disaster was to happen locally? From a business perspective, does the same nonchalant attitude apply?
Think about how power failure, natural and infrastructure disasters, technological failures and major workforce disruption – due to a pandemic, for example – could negatively affect your business revenue stream and reputation. What would the effects be of security attacks such as computer viruses and phishing scams? What would happen if you lost critical information?
The more resources you rely on, the greater your exposure to risk. It is not possible to reduce this risk beyond a point, as you may need people, facilities, computer systems, telecommunications, equipment and stakeholders such as product providers to do business.
As disasters cannot always be avoided, having a comprehensive disaster recovery plan is therefore essential. A disaster recovery plan helps to reduce potential damage and quickly restore operations. It will assist your business to reassign resources, communicate effectively both internally and externally, and minimise the impact of the interruption on your products or services.
Content of disaster recovery plans
If your disaster recovery plan looks the same as it did 10 years ago, your plan is unlikely to meet current requirements, as risks have changed over the past decade. It is therefore important to actively monitor and develop your disaster recovery plan to ensure it meets your current business needs.
Disaster recovery plans should focus on IT, as incidents of hacking and data breaches make the headlines almost daily and the consequences of cybercrime can be significant. While the natural reaction is to think the obvious targets of online predators are big business, smaller businesses are not immune to cybercrime. Your plan should therefore include details on how to restore information systems after a business interruption.
To maximise effectiveness, disaster recovery plans should also focus on how to restore other critical resources after an interruption. Looking at past incidents in your business and understanding how these have been handled may also provide valuable learnings.
You could also ask your staff for input. Apart from getting practical feedback from the front lines, this process can boost their confidence in your business’s ability to maintain ‘business as usual’ in the aftermath of an unfortunate event. Also ensure staff members are aware of what is expected of them. It therefore follows that an operations manual forms part of a disaster recovery plan.
Having a disaster recovery plan should not be considered a tick-box exercise for compliance. Due to the risks that businesses face and the interdependency of stakeholders, it is a necessary activity for all.
Masthead can assist you to draft a comprehensive disaster recovery plan. Please contact your compliance officer for details.