Preparedness - probably not something often thought about by many, unless you are a boy scout. Of course, when you start thinking about it, you likely have a smoke detector at home, maybe one at the office. Maybe you also have a fire extinguisher hanging on the wall near the water cooler - has it been tested? Does anyone know how to use it? Does everyone? Do you have a designated employee with a certificate in first aid?
The recent events in Japan - a 9.0 magnitude earthquake, subsequent tsunami and ensuing nuclear emergency has brought to light the need for both personal preparedness and disaster planning for your business. Planning out the steps to maintaining business continuity when the unforeseen happens is not as simple as it may seem, but with a little research and some preparation ahead of time, having a plan may be worth it's weight in gold should the need arise
Not All Disasters Are Created Equal
What constitutes a disaster? Well, in this context the term disaster is going to encompass any event that can interrupt regular business operation. A fire, a broken water main, a viral outbreak, in fact one of the first steps in your planning is to identify all the possible scenarios so you can develop a plan that covers most if not all contingencies. Things to think about are local factors, such as geography (floods, fires, earthquakes, mudslides) and local hazards (chemical plants, power stations, refineries) and weather (heat waves, ice storms, tornadoes). You may also want to consider human activity, civil unrest, terrorism, and so on. Those are the big events, things causing local or regional issues that can interrupt your business. Now narrow things down to events within your business, a wayward car in your lobby, an electrical fire in the closet, bad shrimp at a company brunch. Once you have a good idea of all the things that can throw a wrench in the works, you can start to develop a plan to counter all those possibilities.
In much of the disaster planning documentation I have read - there is one thing I don't hear enough of and that's the human cost. Save the people first - people are more important than anything else, put their safety first. The first part of your plan should be about what the staff should do, egress plans should they need to exit the building, rally points for them to gather in to make it easier to get head counts and manifests and seating maps to assist first responders in locating those who may be missing. Delegate responsibilities, if the building has to get evacuated, who is to grab the critical papers from the safe? Where is the latest backup tape? Should any equipment be shutdown gracefully?
Keeping the Lamps Lit
How are you going to continue to serve your customers, possibly in a reduced capacity, when you have limited resources and perhaps no brick and mortar location? What is your tolerance for lost days - do you need to be up and running in 24 hours, 3 days, a week? Do you have any spare equipment (servers etc.) set aside at another location that can be brought online to take over. There are organizations like Sungard, who operate Availability Services, and can provide work space for your staff, as well as equipment. Not everyone likes or can afford this option though. For most of us, the key components are a TAM file server, workstations and/or a terminal server and working phone lines. You may also need a domain controller, printer, a SQL server etc. This is definitely an area where Virtualization can really shine - a single VMware or Xen Server can, in a pinch run all your essential services. The downside is having to budget for a server that sits around and does nothing and with any luck, never will. If you have multiple offices that are geographically dispersed, you can setup a DR data center at one of them and even have the spare servers put to some use. There is also the task of re-routing phone calls, if you cannot call forward, or otherwise route the calls to another location, your telco can likely help.
There is definitely much to think about and getting the plan drawn up will take some time and when it's all said and done you can pat yourself on the back and hope you never have to use it. You should, however, pull it out once a year and review it to see if anything in your business has changed significantly enough to warrant a revision of the plan. It would also be wise to ensure there are multiple copies in the hand of key individuals and at least one off-site.
Where to get more info:
I follow @Get_Prepared on twitter, the companion to http://www.getprepared.gc.ca/ (Canadian)
FEMA in the US http://www.fema.gov/
http://www.sungardas.com DRP services
Also your local TV and radio news
Most businesses still rely on the venerable tape drive and tape media for backup and archiving, but what is your strategy for those tapes when not in the drive? Bare minimum is to rotate tapes offsite to prevent a building fire or other disaster from wiping out all your data. Some people will take them to their personal residence, but there are also storage services that will pickup and drop-off tapes according to a set schedule and even securely store multiple copies - perhaps monthly and yearly archives, for a fee.
Some popular rotation techniques:
Also remember to test your backup by doing a full restore periodically - the tapes are not going to do you any good in an emergency if the data is not there as expected.