Wednesday, April 25, 2001 |
Keep your business in business: Disaster-proof your computer system
There is no absolute protection against sabotage to your business or the consequences of a natural disaster, such as a hurricane or earthquake. However, the Georgia Society of CPAs points out that having a disaster recovery plan in place can help minimize the disruption and possible damage to your company that can result from an unexpected disaster. A disaster recovery plan is a comprehensive statement of actions to be taken before, during and after a disaster. The primary purpose of disaster recovery planning is to protect an organization in the event that all or part of its operations, computer systems and services become unusable. While most small- or even medium-sized businesses would not consider themselves targets for terrorist attacks, they can be vulnerable to other types of disasters that can put them out of business temporarily and if they're not prepared, even permanently. Power outages, hardware and software failures, fires, and floods are among the events that have compelled companies to declare disasters. Disaster recovery planning is about being prepared for such events to minimize the negative impact on your business. In large organizations, the disaster recovery plan is part of a larger document called a contingency plan, which lays out how a business will approach any unusual interruption in activities. In smaller organizations, the disaster recovery plan may be the only contingency plan in place and may be a very simple document. Although disaster recovery plans can vary widely, common features include the following: Risk Assessment To develop an effective plan, an organization first needs to assess the risk and business impact from potential disasters, including natural, technical and human threats. The plan should evaluate the safety of critical records and vital documents and determine the potential consequences to information and services under various disaster situations. Processing and Operations Priorities Next, it is important to consider the critical needs of an organization that is, the necessary procedures and equipment required to continue operations should a department, computer center, main facility or a combination of these be destroyed or become dysfunctional. Once the critical needs have been documented, management can set priorities for the overall recovery of the organization based on those activities that are "essential," "important" or "non-essential." Recovery Team A recovery plan also should list all employees and their skills which can be mobilized when responding to or recovering from a disaster. Data Collection It's important to document all computer hardware and software and consider equipment replacement provisions. In addition, be sure to document the following: software and data file backup and retention schedules; off-site storage locations and respective inventories; temporary locations you plan to use in the event of a disaster; and the names and contact information of your recovery team staff as well as the names and locations of key vendors. Recovery Procedures This is the cornerstone of the plan and outlines recovery procedures in other words, what will be done, in what order, and by whom? It should identify the location of all backup equipment and focus on the most practical and cost-efficient alternatives for processing information should a disaster occur. In addition, it should identify who will be responsible for administrative functions, logistics, user support, computer backup, restoration and other important areas of the organization. To determine whether any procedures need to be corrected or changed, it's vital that all recovery procedures are tested. Finally, CPAs point out that it is important to keep several copies of the disaster recovery plan in various locations, including an off-site location, so that it is always accessible. The GSCPA is the premier professional organization for CPAs in the state of Georgia. With over 10,000 members throughout the state, the purpose of the GSCPA is to promote the study of accountancy and applicable laws, provide continuing professional education, maintain high ethical and work standards, and provide information about accounting issues to the membership and the public. For more information, access our web site at www.gscpa.org. |