What do you do when the unthinkable happens? A tornado has just wiped out your business. Whether you are a small business, or a large corporation, contingency planning is a must. In NIST SP 800-34 the U.S. Department of Commerce provides guidelines for creating a contingency plan for information systems. If you are a large business, most, if not all, of the guidelines would apply. If you are a small business, there are certain guidelines you don't need to worry about, such as alternate sites.
When creating a contingency plan, a business should do a business impact analysis. This analysis will provide valuable information for creating your contingency plan. It will tell you what your Recovery Time Objective is, in what amount of time are you shooting for to be back up and running. What is your Maximum Tolerable Downtime? It will also tell you what your Recovery Point Objective is, the most critical functions you want back up after a disaster.
When creating a contingency plan, make sure you have looked at all the procedures and written them down. Assign specific duties and responsibilities in the event of a disaster. Identify who makes the call that your contingency plan goes into effect.
One of the key things to remember in contingency planning is to practice. Set up tests and exercises to ensure all personnel know their roles and responsibilities, and also to ensure equipment and systems are adequate for disaster recovery. Make sure to also relook at your contingency plan from time to time to ensure it is still sufficient to get your business back up and running after a disaster.
No comments:
Post a Comment