Technology plays a critical role in our job functions, and this dependence on technology creates risks. Sure, you back-up your devices, change your passwords constantly (to the point you can’t remember any of them!), and try to avoid those pesky phishing emails, but are you really prepared if something goes wrong?
A disaster recovery plan includes policies and procedures to follow to allow for the recovery of significant IT systems in the event of a natural or another type of disaster, including data being compromised or corrupted. Because governmental entities provide vital resources to the public, it’s critical to be proactive when it comes to this risk.
A disaster recovery plan involves more than just backing up data. A thorough plan considers different types of disasters that could occur, potential consequences, and how to respond. Here are several factors to consider when establishing this contingency plan:
- The forming of a disaster recovery team which should include personnel from all departments that are responsible for performing critical business processes. Each individual assigned to the team should be aware of their responsibilities in the event of a disaster. It is important to maintain a list of individuals and contact information in a location that is accessible offsite.
- Create an incident response plan which outlines a set of instructions to help IT staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work.
- Develop a communication plan which outlines steps for communicating any IT disaster event or incident to affected internal personnel or 3rd parties.
- Establish recovery priorities, considering the critical business processes of the organization.
- Maintain an inventory of critical software and hardware. This list should include technical support contact information.
- Back-up computer data regularly and store the back-up files offsite. Address the frequency and security of backups in the plan, including encryption of data files. Backing up to the cloud is an excellent method because it is cost-effective, back-ups can be scheduled to occur automatically every night, and files can be accessed remotely.
- Consider alternative methods of processing data should there be a significant recovery time for restoring critical business processes.
- Consider purchasing business interruption insurance to help offset any costs sustained for recovering critical business processes.
It’s essential to regularly test the plan to ensure that it is working properly. Testing the plan can determine areas of the plan that can be improved, promote confidence in the entity’s ability to recover, and provide training to team members. Depending on the type of disaster, it’s also critical to document costs associated with disasters, as some of these costs may be reimbursable by emergency management agencies or through business interruption insurance.