A disaster preparedness plan is crucial to organisations operating in 24/7/365 environments. With zero disruption the goal, management must carefully evaluate and mitigate risks to the physical infrastructure that supports the mission-critical facility.
According to Eben Owen, Enterprise and Solutions manager for South Africa at Schneider Electric, a facility’s infrastructure forms part of a comprehensive business continuity disaster plan.
“Without a proper disaster mitigation plan for the facility’s infrastructure, the overall business continuity plan is built on a risky foundation. If a natural, human, or technological disaster strikes your facility, are you and your infrastructure prepared? Does your organisation have procedures in place to prepare for severe storms or other disasters? Surviving tomorrow’s disaster requires planning today,” he says.
Schneider Electric has put together nine Rs to ensure a successful recovery plan. These are:
1. Reason for planning
List the reasons your organisation has for disaster planning. Some common reasons include: protect human life; recover critical operations; defend competitive position; preserve customer confidence and good will; and guard against litigation.
Personnel must be trained to recognise warning signs. “What happens if someone spots water coming under the door to your equipment room at three am? Do the security guards, cleaning crews and other contractors know who to call and how to report trouble?” asks Owen.
These are the kinds of concerns to address in the recognition phase: initial reaction procedures to a disaster report; notification procedures for police, fire, medical; and notification procedures for management.
“What happens after an alarm is sounded? Who handles security? Who talks to the media? How do you distinguish authorised personnel from opportunists and trespassers? Careful planning addresses these questions,” he says.
Mobilising the executive management team (EMT); filing of initial damage assessment reports to the EMT; assisting the EMT in preparation of statements; and opening a critical events log for audit purposes, are just a few of the many actions taken during the reaction phase.
The response to a disaster will greatly affect the impact that it has on your business operation. Having the proper notification system in place will expedite recovery.
“Establish a designated emergency operation centre ‘war room’ to allow you to focus on the recovery efforts rather than locating and setting up the required resources,” advises Owen. “When conducting damage assessment it is important that you protect your human and equipment resources. Safety should be your first priority.”
Establish procedures for operations during the recovery phase. Concerns include modified signing authority for equipment purchases, procedures for obtaining cash, procedures for maintaining physical security, procedures for arranging security at the damaged site and at the recovery centre, in addition to procedures for finding and getting to the recovery centre.
The restoration phase involves coordinating restoration of the original site, restoration of electronic equipment; reloading of software; restoration of power, UPSes, and common building systems; replacement of fire suppression systems; rewiring of the building; restoring the LAN; and restoring the WAN connections.
7. Return to normal
During the return to normal phase established testing procedures for new hardware and software will be implemented; operation personnel and other employees will be trained or retrained; and a systematic migration back to the original site will be scheduled and implemented.
8. Rest and relax
“Be sure to schedule compensatory time off to provide personnel energy and clarity to focus on the future. Be sure to build-in scheduled visits to any employees undergoing rehabilitation,” says Owen.
9. Re-evaluate and re-document
Having survived a disaster, it’s time to analyse your recovery efforts and take steps to mitigate future risks and expedite future recovery efforts. Review your critical events log, evaluate vendor performance, recognise extraordinary achievements, prepare a final review and activity report, and aid in liability assessments.