Security policies outline the rules and detail the procedures to ensure company data and intellectual property, hardware, software applications, communication mediums, facilities and people are protected.
A disaster recovery plan, on the other hand, outlines what will happen when security has been breached or an event outside the control of the organization — such as a natural disaster — threatens operations.
A disaster recovery planning project is best coordinated using an iterative process, focusing on milestones that show progress and deliver results. Documentation is critical. It communicates the objectives the organization is trying to achieve, explains the rationale behind priorities and selected solutions, details the policies and procedures that will become the execution plan and identifies roles and responsibilities.
Here are some key points to address:
- Analyze the site. Evaluate everything that could go wrong and what can be affected in case of a disaster. This requires the participation of technical staff and business resources from functional areas.
- Limit the scope. Potential fault areas are prioritized to reflect their criticality to the continuation of day-to-day operations, based on a cost analysis of the impact on market share, lost revenue potential, reputation, customer satisfaction, stock price and lost productivity. Consensus will be reached based on the probability estimate of an occurrence and the organization’s risk tolerance.
- Select a solution. Review existing policies and procedures associated with targeted focus areas. Evaluate new technologies to ensure the best solution has been identified for the organization. Document the results of the analysis.
- Publish the plan. A disaster recovery plan should be available on and off site. It should detail how to monitor and detect faults, how to quickly isolate the problem, the explicit tasks to be executed to resume normal operations and the resources (people, equipment, etc.) that need to be available.
Implement the plan. Train the recovery team for each disaster situation in each business area at each site. Schedule and perform technical tests of procedures and scenario-based walk-throughs. Set clear expectations for results. Review and update the plan periodically.
Angela Llamas-Butler is president of Delta System Designs Inc. She can be reached at (724) 453-3339