9+ Steps to Disaster Recovery Planning for Small and Midsize Companies

Smaller companies face significant risk in many kinds of disasters. Plan for disaster recovery now, or risk finding that you're out of business

Fredric Paul, Contributor

November 13, 2007

2 Min Read

"A disaster is an event big enough to cause your IT services to be unavailable but small enough that restoring them is important."

"You can't plan for any particular disaster. The one that gets you will be the one you didn't plan for."

Those are the words of Howard Marks, chief scientist of Networks Are Our Lives Inc. and a past contributor to sister bMighty.com publication Network Computing, at last month's Interop New York.

I was so impressed with Marks' presentation titled "Disaster Recovery For The Small and Medium Enterprise" that I decided to interview him on video and lay out a list of his nine (plus) key steps for all to see.

VIEW VIDEO: Interview With Howard Marks: 9+ Steps to Disaster-Recovery Planning

Step 1. Take Inventory of Assets
What are you trying to protect? Most smaller companies have no idea what they have to protect, including applications, telephony/fax, phone numbers, support for IM, and other "unofficial" apps that you claim you don't support. Don't forget outside, outsourced apps as well. You need to assemble everything you'll need, including installation media, serial numbers, key codes, etc. Then you have to rank it all as Critical, Vital, Sensitive, Nice To Have, or Should Be Dead Already and attach recovery time objectives (RTO) and data loss objectives (DLO) to each one. This is a big deal; you can't do it in a few days. The security of your business assets is on the line.

Step 2. Assess Risk
What does losing this asset really mean? What is the cost of not having it for the short term? Typically, this is the cost of downtime, in dollars per hour of lost revenue. But it's a little more complicated than that. You need to include PR and customer relations costs, for example, and data reconstruction costs. Some data might not be recoverable; what does that cost? And remember, it's not a straight line. The first minute of loss has a negligible cost. But at 3 months, you're out of business.

Step 3. Assign Roles
This is pretty straightforward: Who does what. Be explicit. "Multiple people being responsible means nobody is responsible," says Marks. "Individual people get assigned to individual roles so they can be held responsible."

Read more about:

20072007

About the Author(s)

Fredric Paul

Fredric Paul

Contributor

See more from Fredric Paul
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Bald eagles, eagle in flight.
Cyber Resilience
9 Ways CISOs Can Stay Ahead of Bad Actors9 Ways CISOs Can Stay Ahead of Bad Actors
byLisa Morgan
Jul 24, 2024
9 Slides
Binary code concept pattern and big data structure.Net and source code.Abstract background of technology, science and cloud computer.
Data Management
How Much Data Is Too Much for Organizations to Derive Value?How Much Data Is Too Much for Organizations to Derive Value?
byCarrie Pallardy
Jul 22, 2024
11 Min Read
CrowdStrike Holdings, Inc. logo is displayed on a smartphone screen.
Cyber Resilience
CrowdStrike Aftermath: Lessons Learned for Future RecoveryCrowdStrike Aftermath: Lessons Learned for Future Recovery
byJoao-Pierre S. Ruth
Jul 24, 2024
6 Min Read
Calculator displaying the text "SALARY" on top of $100 bills.
IT Leadership
2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI2024 InformationWeek US IT Salary Report
byInformationWeek Staff
Jun 4, 2024
1 Min Read
Digital Security and Threat of a System
IT Leadership
11 Ways Cybersecurity Threats are Evolving11 Ways Cybersecurity Threats are Evolving
byLisa Morgan
Jun 13, 2024
11 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports