Disaster Recovery Planning Is Business-Critical

By Paul Chisholm

E-mail Story
Print Story
JULY 2008 - According to Info-Tech Research Group, almost 60% of North American businesses do not have a disaster recovery plan in place that would resume their information technology (IT) services in case of crisis. The seriousness of this problem is supported by research from Faulkner Information Services, which found that 50% of companies that lose their data due to disasters go out of business within 24 months.

Tips for IT Disaster Recovery Planning

Devise a disaster recovery plan. Once a disaster recovery plan has been established, it should be viewed as a living, breathing document that can and should be updated frequently. First, define what is important to keep the business running, and the “recovery time objective”—how quickly the company needs to be up and running after a disaster. Other key plan components to consider are as follows: Who within the organization declares the disaster? How are employees informed that a disaster has occurred? What method of communication should be used with customers to reassure them that the company can still service their needs?

Test the plan. The effectiveness of the disaster recovery plan can be assessed only if rigorous testing is carried out at least once a year in simulated but realistic conditions.

Perform off-site data backup and storage. As part of establishing a backup data solution, every company should use an off-site, secure data storage center. Additionally, businesses need to determine their recovery point objective (RPO)—the time between the last available backup and when a disruption could potentially occur. Every company should back up its data at least once daily, but should strongly consider more frequent backup or “continuous data protection.”

Perform data restoration tests. The backup software and hardware should be checked daily to verify that backup has been completed successfully. Companies should store backup tapes in an offsite location that is secure and accessible. Disk-based systems should have an offsite replication if the backup is not run offsite initially. Moreover, companies should perform monthly tests in order to validate that data can be restored in case of a disaster.

Backup laptops and desktops. Backing up laptops and desktops protects critical data that are not stored on the organization’s network in the event of a lost, stolen, or damaged workstation.

Be redundant. Establishing redundant servers for all critical data, and providing an alternate way to access that data, can bring disaster recovery time down to minutes rather than days.

Invest in theft recovery and data-delete solutions for laptops. Theft recovery solutions can locate, recover, and return lost or stolen computers. Data-delete options can enable companies to delete data remotely from lost or stolen computers, preventing the release of sensitive information.

Consider hiring a managed services provider. For small to medium-sized organizations, implementing a sound disaster recovery plan is often prohibitively expensive. Managed services providers (MSP) have the technical personnel to design, implement, and manage complex disaster recovery projects, and they have the server, storage, and network infrastructure to manage a true disaster recovery plan.

Paul Chisholm is chairman and CEO of MindShift Technologies (www.mindshift.com), a leading provider of managed IT services to small and medium-sized organizations. He can be reached at paul.chisholm@mindshift.com.





















The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices