It is highly recommended that your Disaster Recovery – Business Continuity plans be updated on at least an annual basis and more frequently if the pace of change at your enterprise dictates. Have you updated all of your plans in the last year? No resources? No experience? The Disaster Recovery – Business Continuity Template is what is needed.

The Disaster Recovery – Business Continuity Template can assist you achieve your goals and objectives.

The objectives of a disaster recovery and business continuity plan are first to protect your businessÂ’ human and physical infrastructure and second to stay in business...no matter what happens. Have you met the major objectives of a disaster recovery and business continuity plan?

Regardless of all your good efforts--without advance Business Continuity Planning (BCP)--your business may be closed due to an overt or covert terrorist attack, a cyber attack, severe electrical storm, hurricane, earthquake, wildfire, flood, epidemic or other cause.

The questions that the Disaster Recovery / Business Continuity Plan template help you answer are:

• How well protected is your business against future hurricanes, tornadoes, earthquakes, floods, a pandemic event or a terrorist attack?
• How prepared is your business to reopen within 24 to 48 hours following a natural or man-made disaster or epidemic?
• What is your disaster Recovery-Time Objective (RTO: your targeted time-limit to get critical operations/systems back up and running) following a local disaster?
• Have you formulated a plan and strategies to limit the impact of risks to your business?
• How quickly can you return from incremental business resumption to normal business operations after a minor disaster? After a major disaster?
• Do you believe that insurance will take care of the losses?
• Where will your customers/clients, vendors/suppliers go, during downtime, when your building is destroyed or employees are quarantined and your business is knocked to its knees?
• Will your management team, employees, suppliers, and customers be well informed about impact, on the bottom line, if there is no Business Continuity Plan?

• Lesson One: Have a Succession Plan - Start immediately to work with your current executives to create a succession plan. This is not an implied threat, but rather an appropriate leadership responsibility. Prudent and diligent management will provide a clear process in the event of a planned or an unexpected vacancy.
  
  That plan, actually part of the wise management of your organization, should contain systems that capture and preserve the institutional memory of your organization. Too often, executives have treasures of knowledge that are never recorded, entered into the database, or placed in the donor files. When they go, they walk out of the door with those treasures.
  
  Second, make contact with individuals or firms that provide interim executive leadership. This is a growing service being provided by a number of professionals that will allow your organization to have experienced leadership during the transition to your next placement. Having an interim executive managing the organization can free the directors to focus their energies on the search for a permanent leader.
  
  Finally, become knowledgeable about the talent pool in your community and have a list of potential all-stars youÂ’d like to recruit. Pay attention to the success and failure of the other nonprofits in your area and your field. Learn who the players are and donÂ’t be hesitant to keep track of the up-and-comers. Look beyond just other executive directors. I would recommend that top fundraisers might be great sources of potential leaders.
• Lesson Two: When your radar says itÂ’s going to be bad - get out - For many potential disasters, signs of trouble are visible before you feel the wind in your face. One of the intriguing notions about business failures is that you know days in advance that theyÂ’re out there. Trouble often gives plenty of notice, and yet many of us let complacency seduce us into inaction.
  
  Trust your early warning system. Most effective leaders have good intuition that can provide time to head off disaster or to make appropriate preparations.
• Lesson Three: No matter what anyone says – you are on your own - Waiting for the rescue team to get to you is not an option. Solving the problem of executive transition lies firmly (and appropriately) in your hands.
  
  Tackling this matter now, rather than in the throes of the disaster, can be a critical factor in recruiting your next leader. You are demonstrating the kind of management acumen that will attract strong executives. The well-documented shortage of qualified executives will mean the competition for these top candidates will be intense. The way you manage this transition can speak volumes to prospects and will place your organization in the best possible light.
  
  Have a worst-case scenario plan, use and trust your intuition, and take the initiative in managing a potential transition. Face your reality and begin now planning for the unexpected. We all know it will come.

This can be complex and demanding. To assist in this area therefore there are a number of tools available. The most widely known of these is COBRA, which employs a method aligned to various international standards.

The science of risk assessment is currently beyond the scope of this portal, but hopefully the information presented below may give you some insight into this task and some guidance in terms of what is included.

Part of the risk process is to review the types of disruptive events that can affect the normal running of the organization.

There are many potential disruptive events and the impact and probability level must be assessed to give a sound basis for progress. To assist with this process the following list of potential events has been produced:

      Environmental Disasters
          o Tornado
          o Hurricane
          o Flood
          o Snowstorm
          o Drought
          o Earthquake
          o Electrical storms
          o Fire
          o Subsidence and Landslides
          o Freezing Conditions
          o Contamination and Environmental Hazards
          o Epidemic

      Organised and / or Deliberate Disruption
          o Act of terrorism
          o Act of Sabotage
          o Act of war
          o Theft
          o Arson
          o Labour Disputes / Industrial Action

      Loss of Utilities and Services
          o Electrical power failure
          o Loss of gas supply
          o Loss of water supply
          o Petroleum and oil shortage
          o Communications services breakdown
          o Loss of drainage / waste removal

      Equipment or System Failure
          o Internal power failure
          o Air conditioning failure
          o Production line failure
          o Cooling plant failure
          o Equipment failure (excluding IT hardware)

      Serious Information Security Incidents
          o Cyber crime
          o Loss of records or data
          o Disclosure of sensitive information
          o IT system failure

      Other Emergency Situations
          o Workplace violence
          o Public transportation disruption
          o Neighbourhood hazard
          o Health and Safety Regulations
          o Employee morale
          o Mergers and acquisitions
          o Negative publicity
          o Legal problems

Although not a complete list, it does give a good idea of the wide variety of potential threats.

• Enterprise Strategy
• Enterprise Management
• Internal Customers
• External Customers
• Help and Service Desk Management
• Help and Service Desk Staff

Certain projects offer IT organizations the greatest opportunity to increase operational efficiency and save company dollars. These include power management, which provides both actual energy cost savings and per-asset utility rebates; patch management, which reduces staffing requirements and eliminates second-pass remediation; software asset management, which avoids inflated licensing costs by enabling you to use only what you need; and infrastructure consolidation, which reduces the number of consoles and number of Full-Time Employees (FTEs) needed to manage them.

• All Skype traffic is encrypted using proprietary encryption, so none of the communications can be logged. This could be a violation of Sarbanes-Oxley, mandated record management policies, and HIPAA.
• Skype file transfers may expose the enterprise network to viruses, spyware or other malicious code.
• Skype file transfers may also expose enterprises to the risk of confidential information being leaked to outside parties.
• As video data is bandwidth-intensive, Skype users can consume a sizeable amount of bandwidth on an enterprise network.
• Use of Skype PCs as part of a Botnet of PCs to launch denial-of-service and other attacks.
• Skype users may use its Instant Messaging (IM) functionality to evade enterprise IM controls and send out confidential data.