Do you wake up in a cold sweat, every morning, anxious that today might be that day?
The day you’ve been dreading.
The day you hoped would never happen to your business.
The day that the earthquake hit, the avalanche fell, the river flooded, or a digitally hooded cybercriminal made off with your crown jewels.
No, you probably don’t wake up worrying about that every day. Such levels of anxiety are unbearable. And your experience shows that disasters are, thankfully, rare occurrences. Unless you include coffee spills, printer jams and internet glitches, all of which seem to happen at the ‘wrong’ moment.
We’re all relieved to know that serious disasters don’t strike businesses very often.
But that’s no reason for not having a disaster recovery policy as part of your business continuity planning. Because if the worst should happen, it could be the lifesaver that keeps your business afloat.
Your disaster recovery policy
In simple terms, a disaster recovery policy is a document that sets out your strategy for mitigating the risks associated with a major unplanned event. This could be a natural disaster, a significant cyber-attack or other criminal activity, or some other unpredictable and damaging occurrence. Such as a global pandemic that shuts down entire populations for months at a time. Who expected that?
Such a policy doesn’t just address the risks to people and physical property. It also addresses the intangible, but still very real, risks to data in your systems, to your regulatory compliance, and to your reputation.
The policy is not a business continuity plan or a disaster recovery plan. But it does set out your approach for establishing, testing and maintaining these plans. The policy is the bedrock on which your survival plans are built.
What’s in a disaster recovery policy?
This policy can be a relatively short document. That’s because it’s a summary of your approach to business continuity planning, not the details.
Typically, a disaster recovery policy will include:
Purpose and scope
A clear statement of why the document exists and what business or activities it applies to. Typically, the purpose is to help ensure commercial activities can continue as near normal as possible, and any damage is controlled, and that all necessary actions are taken.
The scope will document all the stakeholders to be considered, including employees, investors, customers, regulatory bodies and any others associated with the business.
Roles and responsibilities
The document defines the various roles required as part of disaster recovery planning and makes it clear who is responsible for oversight of the disaster recovery planning process.
It will set out specific responsibilities, including:
- Identification of critical business and data assets.
- Creation of business continuity risk assessment and business impact assessment.
- Regular reviews of compliance and associated stakeholder risks.
- Setting up mechanisms for information security planning.
- Ensuring all employees are provided with the guidance, support and tools to achieve compliance with the policy.
Definitions
The policy will make it clear exactly what is meant by the various elements of recovery planning, including definitions of:
- Business impact assessment
- Business continuity strategy and plan
- Supply chain assurance
- Business continuity testing
Monitoring and evaluation
Your disaster recovery policy, and all the associated documents, should not be placed on a shelf (physical or virtual) to gather dust. They are vital to the ongoing life of the business and elements of them may be called upon more often than you expect.
Ensuring ongoing compliance with the policy, and a regular review of its appropriateness in the light of business or organisational changes is essential.
The fundamentals of your disaster recovery plan
A policy is, in itself, useless without a detailed disaster recovery plan. Failure to plan is, as they say, planning to fail. This may not be strictly true (who plans to fail?) but failure is much more likely when planning doesn’t occur.
The disaster recovery plan considers the details of your entire organisation – operations, finance, HR, IT infrastructure, premises and equipment.
Planning for the digital aspects of the business is particularly important because these are now fundamental. Most of your processes and data are highly reliant on digital technology, making this an area of significant risk. Specific areas to be addressed include:
- Data backup and recovery.
- Risks to data security and integrity.
- Impact of downtime in any aspect of the digital infrastructure.
Both physical and virtual access to computer hardware and software must be accounted for, particularly in an age of active cybercrime.
How 1RS helps take the dread out of disaster planning
What’s worse than a disaster striking your business?
This is what’s worse: when trouble strikes, you open your disaster recovery plan to discover some of it’s missing, some is out of date, some is inconsistent, and some is just plain wrong. Your route out of difficulty just got harder.
If you have a strong disaster recovery policy, and you stick to it, this shouldn’t happen. But in reality, documents like this often fall between the cracks of what’s still a largely manual process.
This isn’t what happens with our clients. We supply them with a comprehensive set of automated tools for managing governance, risk and compliance (GRC).
Using these tools, they’re able to monitor all their documents and process flows, giving them a single, comprehensive perspective on all their external regulatory and internal policy positions. They can implement controls, tests and alerts to ensure nothing is missed and everything is kept up to date.
Our software tools have been created by risk and compliance experts. They’re designed to meet the needs of today’s fast-moving businesses, from startups in fintech to more established operations.
We take the dread out of disaster recovery planning, by helping businesses build resilience and better manage risk. To learn how we can help you, book your discovery call today!
Blog
5 Ways Technology Can Help with SMCR Compliance
One of the biggest changes to FCA regulation in recent years was the need to…
How To Embrace Technology but Keep Your Humanity – Implementing A RegTech Solution
Today, the majority of our business and personal lives are dominated by our…
What are the Cost Benefits of Investing in a GRC System?
More and more organisations are currently seeking out technology-enabled GRC…
Are you ready for Consumer Duty?
With eyes firmly on the calendar for the new Consumer Duty Regulations coming…
What is CASS and who does it apply to?
If a financial services provider holds or controls client money or assets, then…
Has the Motor Finance Industry had its head in the sand?
Ever since the FCA launched a review into Motor Finance and published their…
5 Steps to Improve Your Customer Due Diligence
Last month we looked at third party due diligence and how technology can…
Guide to Operational Resilience
It’s the Monday morning you don’t want. Social media is buzzing because a…
5 Steps To Improve Your Third-Party Due Diligence
All companies use third parties as an essential component in the running of…
Regulation of Buy-Now Pay-Later is Coming
Alice wants a new laptop computer, but it will take her a few months to save…
We won! Fintech Awards 2023- 1RS voted Best Risk Management & Compliance Software Solutions
We are thrilled to announce that Wealth & Finance International have…