According to Info-Tech Research Group, almost 60 percent of North American businesses do not have a disaster recovery plan in place to resume IT services in case of crisis.
Ensuring that sensitive information, such as tax or financial records, not only remains protected during a crisis, but is accessible following a crisis, becomes particularly important to CPAs who have to maintain impeccably accurate records of such information for their clients. Following are key tips companies should consider for IT disaster recovery planning.
Devise a disaster recovery plan - Define what is important to keep the business running and the "recovery time objective" or how quickly the company needs to be up and running post-disaster. Other key plan components to consider are who declares the disaster, how employees are informed of a disaster, and the best method to reassure customers of the company's continued ability to service them.
Test disaster recovery plan - Determine the effectiveness of the disaster recovery plan via rigorous testing that is carried out one or more times per year in simulated realistic conditions.
Perform off-site data backup and storage - Every company should perform off-site data backup and storage. Companies need to determine their "recovery point objective" - the time between the last available backup and when a disruption could potentially occur. Every company should backup its data at least once daily, but should strongly consider more frequent backup or "continuous data protection."
Perform data restoration tests - The backup software and the hardware on which data resides need to be checked daily to verify that backup is completed successfully. With tape backup, companies need to store the tapes in an off-site location that is secure and accessible, while disk systems need to have an off-site replication if the backup is not run off-site initially. Moreover, companies need to perform monthly test restoration to validate that a restoration can be accomplished during a disaster.
Be redundant - Establishing redundant servers for all critical data and providing an alternate way to access that data can bring disaster recovery time down to minutes rather than days.
Consider hiring a managed services provider - For small- to midsized organizations, it is often cost prohibitive to implement a sound disaster recovery plan. Managed services providers have the technical personnel to design, implement and manage complex disaster recovery projects, and have the server, storage and network infrastructure in place to manage a true disaster recovery plan.
Paul Chisholm (paul.chisholm@mindSHIFT.com) is chairman and chief executive officer of mindSHIFT Technologies, a leading provider of managed IT services to small and midsized organizations.
