Ten Actions to Take to Protect Your Systems

By Joy D. Russell, VARBusiness

Disasters can occur in the forms of Mother Nature, like floods and hurricanes, and unforeseen acts, such as the events in New York and Washington, D.C. on Sept. 11, 2001. But there are ten steps that any sized company can use when implementing a disaster recovery plan.

It appears that most of the financial services companies that have physical locations in and around the World Trade Center did have back-up and recovery plans, says Richard Oppenheim, an account who is the founder and president of SysTrust, a firm specializing in assessing IT infrastructure.

Oppenheim urges all company executives to not only review their disaster recovery plan, but practice its procedures at least once a year.

"This is not something that if you fix it this year, it will go away," he says. "When you set up your disaster recovery plan, you've got to practice it. Just putting procedures in place doesn't mean they'll work."

Large companies have big IT staffs and very large budgets to cover various forms of IT support. Small and mid-sized companies must also include disaster recovery plans with their limited budgets. Below are ten tips from Oppenheim and the American Institute of Public Accountants.

1. Management must be involved. Executives, senior management and operations management need to be part of the planning, design, implementation, testing and continuous review of the plan. All management must be held accountable and understand that disaster recovery planning is a priority.
   
   
2. Disaster plan must be in writing. Any disaster plan has to be understood and shared throughout the organization. When it's in writing, it can be reviewed and implemented by all personnel. A copy of the plan must be maintained in a location away from the immediate region of the office. This plan includes a risk analysis and assessment of all operations.
   
   
3. Back up data daily and move one copy offsite. Disasters occur in all regions and it is critical that the back-ups are not in the same area as the original processing.
   
   
4. Practice system outage recovery. All backup IT resources need to be tested to be sure that they are functioning. This includes testing the data storage at least annually when there are significant system changes.
   
   
5. Understand who users of the IT system are and where they are located. If customers access your business through an e-commerce site, then supporting the growing global market is essential. If users are local, such as a restaurant or small store, then providing access is more physical and you must make appropriate plans for location management.
   
6. IT and business documents, including manuals for operations and training, must be in writing. If business processes are supported by memory alone, and when the person with the memory is not available, there is a risk of not being able to complete the task.
   
   
7. Personnel must also have back-ups. Disasters can result in loss of valuable people who have knowledge with system operations. It is essential that all positions have written procedures and that other people must be able to fill in for people who are on vacation, sick or not accessible. All personnel should be aware of the recovery plan.
   
8. Review contracts for outsourced support and services. These include IT services such as Web hosting, application support and contract systems development. Non-IT services also should be reviewed, such as banking and other business support service vendors. Review financial stability, third-party certification, and other due diligence work before assuming they will be available to assist your company in a disaster.
   
   
9. IT recovery needs to be consistent with business recovery. Computer operations resources must be synchronized with business operations and business recovery needs.
   
   
10. Obtain expert support as needed. If the plan and recovery issues cannot be answered within the organization, seek outside support to find the appropriate business solution.

Document Service Company
Trust the Document Management Professionals
1001 Lima Ave.
Box 952
Findlay, OH 45839

Phone: 419-422-3330

Document Service Company is a division of Findlay's Tall Timbers Distribution Center, Inc.

Development by First Communications Group, Inc.