“I’m so glad that never happened to us.”

“We’re really not big enough to have a disaster.”

“There isn’t so much here that we couldn’t recreate it.”

Does this sound familiar? Have you caught yourself thinking these thoughts in the back of your mind when debating the various ways you could and should protect your business.  All of us subconsciously believe that nothing bad could ever happen to us – it only happens to other people. It’s part of human nature. If only this were true. Disasters happen to people and the reality is, no one every thinks “Oh, that disaster, it’s going to happen to me so I’m going to make sure I’m prepared”.

Disasters can strike any business at anytime, but with some advanced planning, it doesn’t have to be a true “disaster”. Think about the other areas of you life where you plan ahead and protect yourself. You have health insurance in case you get sick; and you know at some point that this is a real possibility, so you make sure that you are prepared when it happens. You have car insurance in case you get into an accident, whether it’s your fault or not. You have homeowners, or renters insurance in case something happens to your home or its contents.  In all likelihood, you spend hundreds or thousands of dollars a month on these protections for yourself, your car, and your place of living. You should protect your business in the same manner, because if you don’t, you may find yourself seriously regretting it. You should be prepared for when a disaster occurs, because at one time or another it probably will. It may be something catastrophic like an earthquake, fire, or flood. Or, it may be something less visible, but more insidious, like a computer virus, disgruntled employee, or hacker who infiltrates and corrupts your data.  Regardless of the cause, the effect is the same.  Lost data.  Downtime.  Negative impact on revenue, brand, and customer service. The potential to go out of business.

So, how do you prepare for a disaster?  By realistically evaluating your business, prioritizing your systems, and documenting the policies and procedures for restoring everything to an operational status.  We recommend a 5 Step process for ensuring your business is prepared in the case of a disaster.

Step 1:  Validate the Need

Forrester Research estimates that small-to-medium business allocate about 7% of their total IT budget to business continuity and disaster recovery. [1] In addition, 36% of SMBs plan to increase their spending in this area.  This level of investment signals the clear need for disaster recovery plans for SMBs.

Step 2:  Conduct a Business Impact Analysis

Your BIA will establish a prioritized list of assets and determine which parts of the business should be restored first.  A well-crafted BIA include an environmental assessment (types of hardware, software, and networks) and process review (dependencies, critical path, and alternatives.)

Step 3:  Determine the Return on your Investment

A standard ROI calculation involves costs and benefits.  Assuming the benefits outweigh the costs, you have a positive ROI.  Benefits include both hard and soft costs and must be quantified along with the costs associated with developing and deploying the plan.

Step 4:  Create Your Plan

Your plan will strategically prioritize all systems and formulate the recovery sequence necessary to keep your business operational.  Your documentation should also include all the tactical details needed to execute the plan should it become necessary.

Step 5:  Test Your Plan

Through virtual and live tests, many companies discover that aspects of their processes, procedures, and documentation are missing, insufficiently detailed, or lacking important information.   That’s the point behind testing – to identify problems before they occur in a real disaster scenario.

[1] Forrester Research, Global IT Budgets, Priorities, And Emerging Technology Tracking Survey, Q2 2010

Justin Moore