The Ultimate Disaster and Business Recovery Plan Checklist

 

The Ultimate Disaster and Business Recovery Plan Checklist.jpg

In the 2017 Horizon Scan Report from the Business Continuity Institute, respondents reported a daunting array of business disruptions that they had experienced over the past 12 months:

  • 72 percent had an unplanned IT or telecom outage.
  • 43 percent experienced adverse weather, such as a tornado, flooding or snow.
  • 40 percent saw their utility supply interrupted.
  • 35 percent were hit with a cyber attack.

The wide variety of these threats illustrates how important it is for organizations like yours to be prepared for anything. Having a well-executed plan for disaster and business recovery could mean the difference between ongoing success and sudden closure.


To help you create or update your plan, we’ve compiled the ultimate business recovery plan checklist:

 

Identify the risks

  • Conduct a business impact analysis (BIA) to determine the top threats for your organization.
  • Determine which business processes, services, data, and applications are mission-critical. Decide which must be recovered first in order to facilitate a seamless disaster response.
  • Identify potential vulnerabilities to your organization’s physical infrastructure.
  • Consider any rules or regulations that impact your business. Determine which functions are necessary to remain in compliance during a disaster.
  • Select two of the biggest threats from your BIA and begin drafting recovery plans for each.
VIEW INFOGRAPHIC: Audit Your Disaster Recovery Plan With This Decision Tree

Set aside resources

  • Establish a budget that includes the potential costs of downtime. At any time, be prepared to make a business case for investing in disaster and business recovery.
  • Identify the individual or team that will be responsible for disaster preparedness and response planning.
  • List all essential employees, such as department heads, who would help lead disaster recovery initiatives.
  • Determine which technology components enable the mission-critical processes, identify who is responsible for each, and establish a plan to protect/recover them.
  • When necessary, establish redundancies for key technology systems. Otherwise, work to create layers of contingencies, such as manual work-arounds.
  • Ensure you have un-interruptable power supplies for critical systems.
  • Consider if you would benefit from cloud-based recovery services for key technology assets.

Identify all stakeholders

  • Establish who would be impacted by each potential disaster scenario (e.g., employees, business partners, customers, subcontractors) and ensure your plans account for each group of stakeholders.
  • When appropriate, partner with local first responders, including police and fire departments, to share your plans and ensure you understand their capabilities and roles in the event of a business-impacting event.

Create a path to recovery

  • Once you have your resources and stakeholders identified, set specific recovery timelines for each business area.
  • For each plan, assign responsibilities to key stakeholders (e.g., the disaster recovery team coordinates the overall response, while IT initiates back-up resources and HR evacuates affected buildings).
  • Meanwhile, create “roles” for remaining stakeholders depending on their business functions, levels of expertise, etc. Roles may range from helping situate recovery resources to taking customer service calls to simply helping fellow coworkers safely exit the building.
  • Establish meeting places for physical disasters (floods, hurricanes).
  • When appropriate, create flowcharts or checklists to detail those tasks that are required to mitigate damage and encourage recovery.

Consider emergency communication

  • Decide which stakeholders should be contacted immediately with critical information. This might include your disaster recovery team, members of leadership, and the director of public relations.
  • Determine what information should be delivered to the rest of your stakeholders and when.
  • Develop a communication strategy for the company at large. Ideally, you should be able to contact all employees at any time—not just if they are sitting at their desks. A mobile crisis management app allows your team to push alerts directly to all employees’ mobile devices, ensuring they receive notifications regardless of when or where a crisis occurs.

Stay prepared

  • Ensure that each stakeholder has anytime/anywhere access to the most up-to-date disaster and business recovery plans. Consider digitizing your plans in a mobile crisis management platform to allow stakeholders instant access to all relevant documents.
  • Conduct regular audits of your plans to ensure they remain current.
  • Test your plans at least once a year. Hold both tabletop exercises and full mock disaster scenarios and then thoroughly assess the plans’ performance. Adjust accordingly.
  • Regularly train and retrain all employees and other stakeholders so that they understand their roles in disaster recovery.
  • Consider sharing best practices with other business leaders or associations in your area. This will help elevate the overall response to disasters that impact your broader community.

Now that you have completed the checklist, ask yourself this: Would you say your disaster recovery plan is actionable? If you’re worried it’s not, use our decision-tree audit to find out.  

Audit Your Disaster Recovery Plan