September 29, 2017 Practice Points

6 Items Every Disaster Recovery Plan Should Include

By Leonard Wills

Businesses should have a disaster recovery plan to help prepare for, respond to, and mitigate the impact of disasters. A business that lacks a comprehensive disaster recovery plan may suffer negative business and legal consequences when a disaster strikes. On the business side, a lack of planning can result in delayed or failed business operations, failed IT infrastructure, revenue loss, and loss of personnel. As to the legal consequences, a business may breach its fiduciary duty because of a failure to implement a disaster recovery plan.

A business should perform a risk assessment before beginning a disaster recovery plan. A risk assessment determines the critical needs of business operations. For instance, IT systems are a critical business need, and IT infrastructure should always be protected. Critical IT infrastructure, systems, and networks require redundancies that backup and protect data. The types of backup and data protection needed should be included in a disaster recovery plan.

Disaster recovery plans differ based upon the needs and circumstances of a business. Below are a few select items a disaster recovery plan should include.

  1. As a mentioned earlier, know the relevant regulations that address disaster recovery, and describe how the business will meet those regulatory requirements.

  2. Create a communication plan for all key stakeholders such as directors, suppliers, other business partners, customers, etc.

  3. A business must keep an open line of communication with employees before, during, and after a disaster. Without employees a business cannot operate. Make sure your employees know their roles and duties in the recovery process. Inform employees as soon as possible on whether business operations can continue, are delayed, etc.

  4. Create an IT plan to safeguard data, critical IT infrastructure, systems, and networks.

  5. A disaster recovery plan should also hold information such as bank accounts, customer and employee lists, inventory lists, etc.

  6. Review insurance coverage before a disaster occurs, and know what coverage the business needs.

The unfortunate devastation of Hurricanes Harvey and Irma, and countless other disasters demonstrate the impact such events have on human life, infrastructure, and economies. Depending on their business role, attorneys have a responsibility to ensure that their clients have a comprehensive disaster recovery plan. Disaster recovery planning should not be viewed as an addendum to running a successful business operation, rather it should be integral to business operations.

Leonard Wills is a city council fellow in Washington, D.C.