Disaster planning is based around 2 activities:
1. Critical Information Assessment, recording and preserving
Secure data back up
Each business has its own critical data sources though some, such as customer inventory and supplier lists, will be common to most businesses. Without them how long could a business carry on? Data such as this will need to be recorded, backed up regularly, kept virus free, and be stored in a second location off-site.
Redundancy costs money of course; if risk is high and costs low, just do it! On the other hand low risk, high cost systems might be left aside. The real danger is in ignoring the medium risk, medium cost features.
Other means of information recording
Other information on record can also make recovery easier such as a set of photographs of the business premises against which damage can be assessed.
2. The plan for disaster recovery
Following a disaster it is imperative that the business owner be able to:
Stay focused and get critical business processes back online
After a disaster the priority for businesses is to get critical processes back online.
Address any issues directly effecting customer service
The business owner needs to be free to focus on customers, suppliers and employees. The later should not be disregarded – they too may have suffered in the disaster or have been effected personally by the fallout from the disaster.
Leave other issues to a support team
Support people, such as the business owner’s accountant, should deal with peripheral issues such as finance.
To ensure they are able to deal with these priorities the disaster plan should include:
- A Directory of essential recovery services
- A Detailed plan for notifying business associates and team
- Designated contacts to start dealing with the legalities of claims and tax matters
These provisions will allow an immediate swing into action.
Business Information System Reviews
Of all possible disasters the most likely these days will be loss of information housed on a computer system. Accountants are uniquely qualified and situated to help business owners conduct business computer use reviews to ensure that adequate IT security plans exist and are followed.
Reviews typically cover:
Security Planning and Management.
An initial assessment of the risks to hardware and data leading to decisions on what policies and controls are needed.
Systems need to be in place to protect both applications and system software from modification and unauthorized access.
Access Level Determination
Establishing different access levels for different personnel depending on their need to access information ensures against unauthorized access and deletion or alteration of data. Setting up an organizational structure and associated polices in regard to the segregation of duties also helps pinpoint the source of damaging input.
Redundancy and Backup
Provisions to ensure that when unexpected events occur, critical operations continue without undue interruption and vital and sensitive data is protected.
Article courtesy of RAN ONE: http://www.ranone.com/Press_room/pr_031001_disaster.asp