What’s worse than a disaster? How about doubling your disaster with a disastrous set of discovery plans, policies and procedures?
While no plan can account for every contingency or be totally bullet-proof, the following seven steps will help you avoid adding insult to injury from self-inflicted disasters.
1. Determine Your Core Business, Really. They call it business continuity for a reason. Everything flows from accurately determining what your core business is, including priorities, policies and procedures. Pay attention to what they focused on for both the short term and long term. A common theme is enabling fee-earners to return to generating fees for paying clients as quickly as possible. It’s easy to focus too intently on technology issues when the big concern is generating cash flow to keep paying employees and moving forward.
2. Use Scenario Planning. Wipe out the executive committee in a scenario and see how you plan works. Question your assumptions. Run your disaster plan under the Die Hard scenario and see what happens.
3. Write the Plan As If You Will Have to Read it Someday. Imagine you are not there and someone untrained has to pull out the plan and use it. Can they?
4. Negotiate Great Agreements. Firms are starting to look at outsourcing many aspects of disaster planning. What are you third party providers obligated to do under the contracts you have signed? Is it adequate or even helpful? If you do not raise and negotiate issues, I guarantee you that the terms of any contract you sign will be more favorable to the provider than they are to you.
5. Adopt a Portfolio Approach. The modern approach to financial investments emphasizes diversification and mixing low-risk, low-return (“safe”) investments and high-risk, high-return (“risky”) investments in a basket that reflects your risk tolerance. The same concepts have recently migrated into the world of IT planning. Diversify your risks, responses and procedures.
6. Focus on Failure and Redundancy. Failures will happen and it becomes important to know what happens after the failure. Look at various points in your processes and procedures. Consider what happens when a failure occurs at each of these points and the options that you may have. Can you set up some “elegant failures?”
7. Test Rigorously and Repeatedly. It’s important to test your plan, practice your procedures and do so on a regular basis. Lackadaisical practicing and testing guarantee poor results when something bad actually happens.
Conclusion. My best advice is to treat these matters as if they actually matter. Make time for disaster recovery, be a pest at getting answers to your questions, challenge assumptions, develop a thick skin for deal with the ribbing you are likely to take for being “too serious,” and keep in mind that we live in volatile and dangerous world.
[Note: This post is an shortened version of an article I wrote for the handout materials for my session on disaster recovery at the upcoming ABA TECHSHOW 2005.]