July 8th was an anxious day for some and a fearful one for others. During the course of a four-hour span, three well-known institutions – United Airlines, the New York Stock Exchange and The Wall Street Journal – were suddenly offline, leaving their customers, partners and the global market fretting over a possible larger-scale issue.
While each of these organizations continue to consider the effect of these outages and what could have been done to prevent it, all businesses can learn a valuable lesson from this calamity. Ask yourself: Are you prepared for a disruption to your business?
The ever-increasing reliance on technology has brought business continuity and disaster recovery to the forefront of many businesses, presenting a challenge to IT and business leaders as to how to create an effective disaster recovery (DR) plan.
The first step in creating a DR plan is identifying and understanding the types of common disaster events that can affect your business, including:
- Environmental – tornado, hurricane, snowstorm, flood, and fire.
- Deliberate – terrorism, sabotage, theft, arson (internal personnel or external).
- System Failure – hacker, employee destruction.
- Other Emergency Situation – public transportation, governmental, legal.
Once these events have been classified, establishing a DR checklist is the next step. Below is a standard outline of a checklist:
- Justification – Define the Executive Sponsors. Executive Sponsors are the business leaders within your organization responsible for creating a DR plan. Business leaders must determine the timeframe for recovery (how long can the business be unavailable), as well as establish a budget to support the initiative. In general, this phase begins the process of establishing a business impact analysis, which is a risk assessment of the impact to your business should a disaster occur.
- Inventory – Document your entire IT environment (applications, network elements, access points, data, etc.). You will also need to understand how the applications and data are being accessed and used by employees, partners and customers.
- Prioritization – Prioritize applications in tiers, from the most to least critical.
- Budgeting – Forecast the initial setup fees (capital expense) as well as the operating cost of managing a disaster recovery plan. Operating costs include training, testing, fees to host the DR environment and the applicable software licensing fees.
- DR Planning – Formalize an action plan in the event a disaster impacts your business. Elements of this plan should include an appropriate alternative location to operate from (technology platform and people), processes and procedures for declaring a disaster, and individual and/or team-based responsibilities in the event a disaster is declared.
- Maintenance – Be diligent in revising the plan as technology and your business evolve and change. Test your DR plan annually and review the outcomes to understand what gaps occurred and what risks can be mitigated, and update the plan accordingly.
Once the dust settled from the outages of July 8th and the cause of each disruption surfaced, the concern of a terrorist cyber-attack was diminished. It was revealed United Airlines suffered a network outage that caused the carrier to ground flights by more than an hour, the NYSE’s online trading platform crashed due to a misguided software update and WSJ.com was overwhelmed by traffic due to investors and the market seeking information as to why the NYSE trading environment was offline.
Even a small scale disaster can impact business on many levels. In the event of a disaster or disruption to your business, do you have a plan in place to continue your day-to-day operations?
David Saliba is vice president of Expedient, a leading provider of cloud computing, managed services and colocation in Cleveland.
This article originally appeared in the August 3, 2015, edition of Small Business Matters.