Developing a Disaster Plan
Disaster
planning is based around 2 activities:
1. Critical
Information Assessment, Recording and Preserving
Secure data back up
Each business has its own critical data sources though some, such as
customer inventory and supplier lists, will be common to most
businesses. Without them how long could a business carry on? Data such
as this will need to be recorded, backed up regularly, kept virus free,
and be stored in a second location off-site.
Systems redundancy
Redundancy costs money of course; if risk is high and costs low, just do
it! On the other hand low risk, high cost systems might be left aside.
The real danger is in ignoring the medium risk, medium cost features.
Other means of information recording
Other information on record can also make recovery easier such as a set
of photographs of the business premises against which damage can be
assessed.
2. The Plan
for Disaster Recovery
Following a disaster it is imperative that the business owner be able
to:
Stay focused and get critical business
processes back online
After a disaster the priority for businesses is to get critical
processes back online.
Address any issues directly effecting customer
service
The business owner needs to be free to focus on customers, suppliers and
employees. The later should not be disregarded - they too may have
suffered in the disaster or have been effected personally by the fallout
from the disaster.
Leave other issues to a support team
Support people, such as the business owner's accountant, should deal
with peripheral issues such as finance.
To ensure they are able to deal with these priorities the disaster
plan should include:
- A Directory of essential recovery services
- A Detailed plan for notifying business associates and team
- Designated contacts to start dealing with the legalities of
claims and tax matters
These provisions will allow an immediate swing into action.
Business Information System Reviews
Of all possible disasters the most likely these days will be loss of
information housed on a computer system. Accountants are uniquely
qualified and situated to help business owners conduct business computer
use reviews to ensure that adequate IT security plans exist and are
followed.
Reviews typically cover:
Security Planning and Management.
An initial assessment of the risks to hardware and data leading to
decisions on what policies and controls are needed.
Software Protection
Systems need to be in place to protect both applications and system
software from modification and unauthorized access.
Access Level Determination
Establishing different access levels for different personnel depending
on their need to access information ensures against unauthorized access
and deletion or alteration of data. Setting up an organizational
structure and associated polices in regard to the segregation of duties
also helps pinpoint the source of damaging input.
Redundancy and Backup
Provisions to ensure that when unexpected events occur, critical
operations continue without undue interruption and vital and sensitive
data is protected.
|
