We all have basic procedures, in our heads, as to what approximate steps to take when computer disaster strikes.
However, this needs to be documented and tested in such a way that any staff member should be able to read a Disaster Recovery Procedure, for events with the highest probability and the most detrimental effects and implement the documented steps, to recovery.
Step 1: Write down all the things that can affect your computer systems
Step 2: Rate the possibility each event occurring from 1 to 5 in probability, with 5 the highest
Step 3: Rate the effect on business from 1 to 5 in effect, with 5 the highest detrimental effect.
Step 4: Add up the 2 scores for each event and list them from highest score downwards.
Step 5: Assess the preventive cost of addressing each scenario.
Step 6: Assess your budget
Example
OCCURRENCES |
EVENT PROBABLY (1-5) |
EFFECT ON BUSINESS (1-5) |
ACCUMULATIVE SCORE |
Power Failure |
5 |
5 |
10 |
Server failure |
3 |
5 |
8 |
Printer failure |
5 |
3 |
8 |
Virus/ Spyware |
1 |
5 |
7 |
Fire |
1 |
5 |
6 |
Staff induced problems |
3 |
3 |
6 |
Theft |
1 |
5 |
5 |
If you are a sole proprietor and you use a Laptop Computer, the power failure will have a minimum effect and theft will have a much higher probability.
You then need to decide which risks the company can afford to tolerate and which it must pay to reduce the impact and probability. The cost is typically between 2 and 8 percent of the overall IT budget.
Money spent on prevention and minimisation is worth a lot more than money spent on recovery.
You then need to find answers to the following:
*What can we do to suppress these occurrences?
*Can I detect a threat before it hits?
*How do I minimise the impact to the business?
*How much will it cost?
*How do I reduce the potential of it occurring?
How to minimise the occurrence
of disruption to trading.
Examples:
Businesses are usually:
DISASTER RECOVERY POLICIES
Small Business/ Single Operator
Doctors Practice/ Specialist Rooms
 |
|
|
|
|
|
 |
 |
 |
 |
 |
|