An estimated 80% of all companies that experience a business interruption of greater than five days — without a recovery plan in place — go out of business. That’s unsettling at best for business owners everywhere. The good news is that the overall reliability of technology solutions continues to improve; however, outages can and will continue to happen.
High-profile examples include the 8,000 Starbucks stores in North America that closed for nearly a day due to a software bug in its point-of-sale systems, and Microsoft’s lengthy nationwide outages that affected more than 50 million email users, to name a couple. While these companies suffered negative publicity and a financial impact, without the strong system design and disaster-recovery plans they had, these outages could have lasted weeks and proven much worse.
Business continuity and disaster recovery planning is a critical, ongoing process to reduce the probability of outages and minimize losses when they do occur. From a high level, there are four steps to proper technology planning:
- Perform a business impact analysis
- Conduct a risk assessment
- Develop a risk management plan
- Assess and test the plan regularly
Perform a Business Impact Analysis
Think about scenarios (both common and worst case) and what effect each would have on the business. Consider:
- What if critical systems were unavailable for a day, a week?
- What amount of data loss could be endured? Two-hours worth? 24 hours? One week?
- What is the recovery-time objective for a major disaster? Zero hours? Eight? 24?
Conduct a Risk Assessment
Consider different scenarios to help identify unique risks.
- What is the recovery plan if servers were destroyed by a natural disaster?
- What is the plan to recover from a software glitch or bug?
- What if the company has a hardware failure? Are there single points of failure?
- What if an employee deletes critical information?
- How would the business continue to operate if a network vendor had a prolonged outage?
- Where would employees work if the office or facility were destroyed or inaccessible?
Develop a Risk Management Plan
This process will take time, but start by discussing the pertinent questions, taking into account the company’s budget and risk tolerance. Use a prioritized approach to ensure the biggest risks are addressed first.
Regularly Assess and Test
The ultimate goal is to evolve into a state in which disaster recovery planning is an integral part of technology implementation, not an afterthought. Re-evaluate the plan on an annual basis to help ensure it still fits with the company’s needs.
Ideally, every business owner would hope for zero outages, downtime and data loss, or instant recovery. In the real world, that may be impossible to achieve, but the long-term effects can certainly be minimized. And even though most business owners do not have the resources of a Microsoft or Starbucks, all owners can (and should) formulate a realistic plan and strategy to protect their businesses.
Contact a member of your Cohen & Company service team for further discussion.
Cohen & Company is not rendering legal, accounting or other professional advice. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts and circumstances.