Tweet

Keys to Survival Disaster Recovery Planning Checklists

Guest post by: Michel Leconte

Article Overview: Nearly 6 years on, seldom progress has been made on the business continuity front. Whether it's natural or human based, detailed planning is critical in order to ensure a business remains functional even during the toughest of times. Implementing a disaster recovery plan is a strategic, moral, and legal corporate obligation. Legal factors, Prevention and Mitigation are 3 critical elements of disaster recovery planning. We will discuss each of these within this article.

Keys to Survival Disaster Recovery Planning Checklists

In the wake of September 11th, the question that came to the mind for every executive in charge of business continuity was "What if?"

Nearly 6 years on, seldom progress has been made on the business continuity front. Whether it's natural or human based, detailed planning is critical in order to ensure a business remains functional even during the toughest of times. Implementing a disaster recovery plan is a strategic, moral, and legal corporate obligation.

Legal factors, Prevention and Mitigation are 3 critical elements of disaster recovery planning. We will discuss each of these within this article.


Legal Factors
Let's first start with the legal factors involved in business continuity. The legal factors in corporate contingency planning can often be very confusing. In effect, all companies require a certain 'standard of care'-legally. The planners in most small and medium sized businesses are not expected to be lawyers but they are expected to understand the current regulatory environment and legal consequences of not having a comprehensive disaster recovery plan. Although there are no laws that specifically address the need for companies to have a disaster recovery plan or what should be included in one, there are many civil statutes that are applicable.

Some industries do have their own statutes, such as the financial industry's Banking Circular BC177; however, normally courts will look for precedents set by other cases. An example of this is the Foreign Corrupt Practices Act or FCPA. This act requires corporations to keep accurate books and records that reflect the transactions and dispositions of assets. This act was originally designed to eliminate bribery and destruction of corporate documents to cover up a crime.

Even if your organization isn't exposed to an Enron-like investigation there is still room for fault. Since all these statutes are based on the moral/legal obligation called 'standard of care' a certain level of corporate obligation is always present and necessary.

Excerpt from the FCPA "...directors and officers owe a duty to the corporation to be vigilant and to exercise ordinary and reasonable care and diligence and the utmost good faith and fidelity to conserve the corporate property; and, if a loss or depletion of assets results from their willful or negligent failure to perform their duties, or to a willful or fraudulent abuse of their trust, they are liable, provided such losses were the natural and necessary consequences of omission on their part...." (Reference: Corpus Juris Secundum, Volume 19, Section 491)

The FCPA holds corporations as well as the officers/managers of a corporation personally responsible with personal fines adding up to $10,000 and corporation fines adding up to $1,000,000. These fines can also include prison terms of up to 5 years.

Even Errors and Omissions (E&O)* policies will not alleviate managers and officers of legal responsibility and, thus going to court, as they cover only consequential damages and do not relieve corporate responsibility and accountability. Courts determine liability by weighing the probability of a loss compared with the magnitude of harm balanced against the cost of protection. There are enough legal precedents for the courts to estimate if 'standard of care' and/or due diligence was exercised in an attempt to mitigate any effects of a disaster effecting a company's critical business operations. All in all, a disaster recovery plan makes sense for any business. It's not an end all solution to legal entanglements but it's definitely something that should be included in a company's arsenal.

*We will discuss Errors and Omissions policies in further detail later in the document


Preventive Measures

Preventive measures for business continuity usually involve a thorough Disaster Recovery plan. In light of current economic conditions, Activsupport understands that it's difficult to invest time and money into something that is only of use in the unlikely event that a disaster occurs. This may sound like a hard pill to swallow: however building a good Disaster Recovery plan may help an organization by more than just offering protection in the case of a flood or earthquake.

The following, are two common situations that can be covered under a well-designed plan:

-> How many of us have had their ISP end their services over the past few months? Yes, a disaster recovery plan includes ISP contingency planning, and can be applied not only in the event of an earthquake, but also when a supplier goes out of business.
-> How fast and accurately can you document a claim that involves digital assets with your insurance carrier? A good disaster recovery plan can help you recover your losses more efficiently.


Disaster Recovery planning can be of use in many other ways, even as a competitive advantage...

For example: As an insurance broker, imagine the following scenario:

An earthquake hits San Francisco, communication is disrupted and businesses are struggling to turn their business continuity plans into reality in the disaster's aftermath. As an insurance broker your ability to communicate and process data at this time will be your greatest asset. Some businesses will contact their broker's only to find busy signals if any signal at all. However, if you have a well-designed Disaster Recovery plan you will come out well ahead of the competition. This could be a great way to differentiate your brokerage from another.

Basic Disaster Recovery planning includes procedures for backup & restore, user access, and security policies. As mention earlier, it can also include ISP contingency planning.

Backup/restore policies and procedures are probably the most basic elements of proper planning. However, many companies don't use any concrete methods for conducting daily, weekly, or even monthly backups. Many organizations don't even take the tapes offsite for safe storage. And what about those tapes? How do you choose a safe repository for your tapes? Which provider do you choose? How do you choose them? You may initially consider shipping the tapes out of the region in case there is an earthquake in the Bay Area. But what if it takes forever to get your data back from the provider when you really need it? How safe is your data in a repository anyway?

But backup is only part of the equation; organizations must also think about their internal policies with regard to where data is stored. Often many organizations don't monitor their employee's data storage habits. This leaves a great deal of important information on individual's desktops and on CD ROM's that may just be thrown in someone's desk drawer.

Disaster Recovery planning can be frustrating and difficult, seemingly an overwhelming task. If and when a disaster occurs, all the effort will seem worth it. The easiest way to develop a proper plan is to break it down to the most basic elements. Let's start with the easiest element, tracking down contributors. Having multiple directories is a must and having a few people responsible for making copies of the corporate directory every week to their palm pilot is a start. At least you will be able to contact your customers when your systems are down.

It's also important to think about the accessibility of your business systems. Can you access your business systems from the web? Are you using client server architecture? Will you be able to re-image your systems at a pre-selected location? Will you be able to get your data backup and running?

When developing a plan it's important to remember that you're not just preparing yourself in the case of a natural disaster but also man-made ones too, such as security breaches. With the right plan you can avoid embarrassing and potentially destructive situations no matter which type of disaster you experience. This is why ActivSupport's Next Generation Disaster Recovery Planning services include a review of your current security efforts. We ensure that all efforts are made to protect your business no matter what happens. From earthquake to disgruntled employee, a proper plan can prevent costly consequences.


Mitigating Factors

In this third and final part of the article, we'll discuss some mitigating factors, specifically the last wall of defense; insurances, their average costs, usual coverage limitations, and how to reduce their costs. Five categories of coverage are available to most businesses;
Assets, Business continuity (aka. business interruption), electronic data processing, power & communications, and cyber peril coverage.

Assets coverage is one of the most popular insurance among small businesses, however it inner workings are often not thoroughly understood. For instance, elements that one should take into consideration are whether you have included the value of tenant's improvements performed over time at your location in your insurance limit. In addition, you should make sure that you are covering the value necessary to the purchase of
brand new equipment, as you will most likely not have the leisure to go bargain hunting in the event of a disaster. Other considerations include a careful review of your business software licenses acquired over time. In most instances, software makers will ship you new media at insignificant costs if you can accurately document legal ownership.

As a consequence, use a system to manage software licenses accurately in order not to have to insure software assets at their purchase prices, but rather at media costs. (FYI: ActivSupport's IT Help Desk solution provides this type of system.) And finally, as a general rule of thumb, stay away from insurance coverage's that are offered with leases they are usually not cost-effective. Premiums for assets coverage run for about $2,500 for each $1 Million of coverage.


Business continuity insurance is not nearly as common as assets coverage, however if you have not reviewed this element for some time, or think that you do not need it, consider this fact: 90% of small and medium size businesses hit by a major catastrophic event never recover because of a lack of cash cushion. Given its cost, you need to define an insurance limit that is reasonable but not over killed. This coverage replaces the cash needed to keep you afloat while your business is shut down. Be conservative in estimating the length of a potential shutdown. It will probably take you 2-3 times longer than you would think. The coverage limit is developed based on the following 3 elements: loss of net profits or increase in net loss + continuing expenses such as payroll + extra expenses such as the cost of temporary leases and rent. Now would be a good time to review your location lease as well; find out whether you would need to pay for continuing rent in a disaster situation, even if the space is not usable. In this case you may want to make sure your coverage includes the Extra Expenses feature listed above. An important refinement of the coverage is Extended Indemnity Period to pay for the loss of income you suffer even once you are back in business. You may be back in business, but that doesn't mean all of your previous customers have come back. It is likely that your revenues will be down following your return to business and you can insure this continuing income loss. Also, you might want to consider extending the coverage to include increased rebuild times due to building code changes if you own a building, and losses caused by power interruptions discussed below. Business continuity coverage premiums run for $5 to $7K per $1Million. Extended coverage runs at about $2.5K per $1Million.

Electronic Data Processing covers damage to computer related property including hardware, software and data. The key to this coverage is that it covers a broader range of losses than provided for common business property. These include losses specific to sensitive electronic equipment such as power surges and in some cases virus attacks. While nothing beats a good back up system, the potential cost of extracting data from Hard Drives and re-creating data sets can be extensive. Don't forget to include the anticipated cost of data recovery in your EDP limit. EDP coverage runs for a typical $3K to $6K per $1 Million but can vary greatly based on specifics. Electronic data processing coverage might be offered as part of assets coverage, some policies don't make a distinction between the two.


It does not take great observation skills to realize that the income stream of today's businesses increasingly rely on their uninterrupted ability to communicate and operate powered equipment in a continuous fashion. As we've seen in the recent history of deregulated telecommunication and energy industries, Internet Service Providers and
Telephony providers go out of business. They forget to provision service for your new location, or enact rolling black outs. In addition, most infrastructures are designed according to a hub and spoke schema. With this type of schema, they are increasingly vulnerable to adverse conditions when approaching customer premises (the last mile). To illustrate this point; on 9/11/01 WorldCom customers in the area of the World Trade Center lost the ability to communicate, not because their buildings were physically hit, but instead because their provider had located their own network operations at the World Trade Center. These businesses were not directly affected by a catastrophic event; however this is a classic case for when Power & Communications coverage plan can come in handy. A very simple refinement to your business continuity coverage can prevent uninsured losses due to loss of power and communication services. In addition, you should consider equipment breakdown coverage to insure against both the cost of making unexpected repairs to equipment that breaks down, and the resulting loss of revenue that could occur if your business is shut down due to an equipment breakdown. To obtain Power & Communications coverage, you should pad 10% of the premium for business continuity coverage on top of your insurance budget.

Cyber Peril coverage or E-property policy is a relatively new type of coverage. As such, it is rather expensive. The argument made to distinguish Cyber Peril from other risks is that in most situations, catastrophic cyber losses do not damage assets. Distributed DNS, viruses, hackers, and unauthorized access to data are among some of the losses covered under this type of policy. Underwriters may require you to perform a security audit at your own cost before providing coverage. FYI; ActivSupport does provide this type of security audit service. Premiums for Cyber Peril coverage are high, from $15K to $30K per $1Million.

In addition to these five types of policies, Differences in Conditions (DIC) Coverage might be considered in addition to your standard "all-risk" or Special Cause of Loss Form Coverage. A DIC policy can be used to add coverage for earthquake and flood if needed. (FYI... doesn't cover wear & tear) Typically, DIC Coverage premiums range from $10K to $13K per $1 Million.


Finally, a few elements that can help minimize the cost associated with securing appropriate coverage as part of a disaster recovery plan. Lower your costs by installing fire sprinklers in the building, by increasing the coverage deductible based on the likelihood of a given type of a catastrophic event occurring and its impact on your business, and by having a good disaster recovery plan in place. These are all major cost
factors that may affect your premiums. You should be aware that as much as 20% to 25% of the premium is subjective. For small and mid-size businesses that subjective portion usually accounts for 10% of the premium. Still, given the rising costs of doing business and securing proper coverage for your business, we are likely talking about thousands
of dollars. A proper disaster recovery plan can therefore pay for itself in premium reductions alone. To accomplish this you need to help your insurance broker tell the "story" to the insurance underwriter; in a nutshell why you are running superior operations and are prepared in the event of a disaster.


As a final thought, keep in mind that the question is not whether a disaster will ever strike? It is just a matter of time before it does. The question is; do you want to be part of the 90% of small and medium size businesses that never recover when a major disaster strikes?

Related Articles
  Do You Know Where Your Disaster Recovery Plan Is
  Data Backup and Recovery
  Planning for the Unthinkable
  Virtualization: A Small Business Perspective
  Business Continuity Plan
  Inventory Management - Automated Systems
  Thinking of buying or selling your business in the New Year, how is your Disaster Recovery Plan
  Inhibitors to Success: Natural Disasters
  10 Things You Need to Know About Your Website
  A Backup Plan For Your Business: How Good Is Your Second Serve?
  Working From Home - Plan Ahead For When Disaster or Tragedy Occurs
  SBA Loan Programs
  Data Retrieval
  The Best Data Recovery Software
  Should I ask that my loan application be submitted as a Recovery Act loan?
  Backup Software Solution is a Joke
  The Fundamentals of Crisis Communications
  Data Recovery Tools – Do They Work?
  Top 2 Efficient Ways For Windows 7 Password Recovery
  SBA what is the Transition Phase Alert System?

Article Tags:



Related Forum Posts
Contingency Planning and Disaster Recovery: A Small Business - Contingency Planning and Disaster Recovery: A Small Business Guide Donna R. Childs, Stefan Dietrich 2002 "Among the countless tragic lessons of 9/11, an overlooked but important discovery was the lack of preparedness among small and midsized businesses for responding to disaster. While most of the media attention was naturally devoted to...., the very existence of thousands of small businesses was determined by whether or not they had adequate insurance, sufficient technological support, and viable disaster contingency plans." (People who live in hurricane prone areas need this as well...and who knows when a fire might not strike...) Table of Contents 1. Preparation 2. Response 3. Recovery 4. SAmple IT Solutions Basic safety practices Okay, the TOC isn't [i:2fu76idt]too [/i:2fu76idt]helpful, but there's lots of valuable info in this book, as to ensure that [i:2fu76idt]your [/i:2fu76idt]losses won't be catastrophic. How people cope with suddenly seeing their homes and all their possessions gone, what kinds of insurance to get, etc. etc.
Books for Women Entrepreneurs - There's a thread for good books in the Resources folder, but it doesn't target books for businesswomen particularly, so I figured I'd start such a thread here. It doesn't matter how successful you are in your business - it's always possible to learn something new. In subsequent posts I give Table of Contents and brief descriptions for various titles - most of them devoted to the businesswoman - and sometimes a review. If anyone else has read a review, or has read the book and found it useful, please comment! 1. The Old Girl's Network 2. Mother's Work 3. The 7 Greatest Truths About Successful Women 4. Pitch Like A Girl 5. Workplace Warrior 6. Treasure Hunt: Inside the Mind of the Modern Consumer 7. Contingency Planning & Disaster Recovery 8. She Wins, You Win 9. Napoleon On Project Management 10. Why Good Girls Dont' Get Ahead, But Gutsy Girls Do 11. Comeback Moms: How to Leave Work, Raise Children, and Restart your Career even If you Haven't Had a Job in Years 12. The One Minute Millionaire 13. Talking From 9 to 5 14. Soloing: Realizing Your Life's Ambitions 15. 101 Best Home Based Businesses for Women: Everything You Need to Know About Getting Started on the Road To Success 16. Work With Passion: How to Do What You Love for a Living. Revised and Expanded 17. Fail-Proof Your Business: Beat the Odds and be Successful 18. Confidence: How Winning Streaks and Losing Streaks Begin and End 19. Women Don't Ask: Negotiation and the Gender Divide 20. Millionaire Women Next Door: The Many Journeys of Successful American Businesswomen 21. Start Small, Finish Big: Fifteen Key Lessons to Start - and Run - Your Own Successful Business 22. Rewired, Rehired or Retired: A Global Guide for the Experienced Worker 23. The Martha Rules: 10 essentials for achieving success as you start, build or manage a business 24. The Essentials of Entrepreneurship: What it takes to create Successful Enterprises 25. Net Ready: Strategies for Success in the E-conomy 26. The Promotable Woman 27. Leave The Office Earlier: The Productivity Pro shows you how to do more in less time and feel great about it 28. The Work At Home Balancing Act: The professional resource guide for managing yourself, your work, and your family at home 29. Secrets of Six-Figure Women
Re: How do you back up your computer? - I am a backup-olic. I use several Disk-On-Keys and I also back up on a DVD.
Re: Has anyone a good idea to sort this problem? - HI Michelle....... Keys and cellphones always end up at the bottom of the purse! That happens to me and other woman most of the time, for sure. So I would say put it in the side zipper area inside of the purse. Most Purses have that compartment. That usually helps it separate from all the other bulky things we carry in our purses, like make-up- bag, day minders, hand santiizers (whatever!)
Re: How do you make the most of your day? - Planning, To Do lists, and deadlines all help me. Also being self critical of my own time management helps me raise the bar. I still check email too often though.


Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Name:
Email:

Popular Articles

When the Going Gets Tough, the Tough Log On

Selling What Sizzles vs. Delivering Real Value

What is Give Back Marketing?

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.