Last year, British Airways suffered an IT failure which stranded 75,000 passengers, cost up to £150m in compensation and damaged its global reputation. The incident highlighted how essential IT systems are in business today. We need constant access to technology tools and data to do our jobs. What would we do if they were not available? And would it damage our business? This is why all firms, big and small, need a reliable IT disaster recovery plan.
An IT disaster recovery plan documents how you will recover data and IT systems after an outage, according to CIO. It outlines the actions necessary to prevent, detect and correct an IT disaster, and minimise the effects of any interruption in IT services. Follow our five-step process to put together a robust plan and reduce the risk of disruption to your law firm:
Audit your current IT equipment, systems and data
TechDonut suggests that the first step is to work out what IT assets you have. Include physical assets like laptops and mobile phones but don’t forget about intangible but valuable assets, such as data and intellectual property.
Identify what information is stored where and who has access to it. Do you have servers and other hardware in your office? How is your data backed up and where is it kept? For example, if it’s stored in the cloud, you know that it is kept offsite and can be securely accessed from anywhere.
Assess the risks of downtime
Work out which applications are critical to the running of your practice and assess how long could you cope without them. Estimate the impact on productivity, revenue and reputation. If you rely on third-party suppliers for essential services, what Service Level Agreements do you have with them? Where are you most vulnerable? Are there issues that you can deal with now to mitigate some of the risks?
Plan for every eventuality
Now you can start to write your plan by considering all the scenarios and how you will manage them. TechDonut suggests asking ‘what if…?’ and documenting line by line what you would do in each case.
CIO suggests that you should include both a short-term plan that deals with urgent priorities and a longer-term plan that gets you back to full IT capacity. Make contingency plans for core business functions. For example, how will you take calls or access your emails? Where can you work if your workspace isn’t available? What equipment will you need?
Communications are frequently overlooked when it comes to disaster recovery planning, according to Tech Republic, but it’s really important to decide who will communicate with who. Who will keep staff informed? Who will update customers? Who will liaise with suppliers?
Communicate your plan
Everyone will need to do their bit in the event of an IT disaster so make sure that key members of staff have a chance to input into the plan and understand their roles and responsibilities when it is complete.
Test and update regularly
This is arguably the most important part of creating your plan: testing it works. There is no point having a plan if it proves to be ineffective when disaster strikes. Cloud Tech suggests doing both tabletop tests, essentially role-playing different scenarios with key staff, as well as full-scale technical tests which check that you can restore backed up data, applications, etc. Regular tests will highlight any weaknesses and changes you need to make as your practice evolves.
When we say the word disaster, we automatically think of rare natural events, like floods or earthquakes. However, most IT disasters have far more common and mundane causes, like hardware failure, human error or viruses. These can and do happen regularly, so you must be prepared. By following the steps above, you’ll get peace of mind that you can rely on your IT disaster recovery plan when you need it.