Will your business survive a disaster?

The attack on the World Trade Centre and the Pentagon on 11 September will force many IT directors and business managers to...

The attack on the World Trade Centre and the Pentagon on 11 September will force many IT directors and business managers to analyse their emergency planning and disaster-recovery strategies.

Research shows that up to 80% of businesses without IT security contingency plans do not re-open in the aftermath of disasters such as fire, flood or structural damage.

Some of the most developed disaster-recovery programmes are to be found in financial institutions. The Edinburgh headquarters of the Bank of Scotland, for example, is linked to another main branch in the city via high-capacity fibre optics, allowing both branches to mirror each other's data in real-time.

In the event of an unforeseen crisis at one site, the other can assume full control, justifying the multi-million pound cost of implementing the project.

There is, however, much that can be done without the need for expensive infrastructure changes.

Mike Howbrook, the UK managing director of the business continuity group Survive, which numbers British Telecom, the BBC, the National Westminster Bank and the London Stock Exchange among its 3,000 members, said: "People are the first consideration of any disaster recovery or business continuity plan.

"They are the most important aspect of any business, but we often tend to think of disaster recovery as simply an IT function when it is actually part and parcel of the wider business practice.

"One of the major problems in this country is that we tend to think, 'It will never happen to us'. The [IRA] bomb in [London] Docklands in 1996 taught us a lot of lessons, and the biggest was that even the simplest plan is better than nothing."

Independent research suggests that 42% of managers have little or no faith in their own disaster recovery plans. "Most of our members come to us after a disaster and many of them found that the plans they had in place were just not effective," said Howbrook.

Creating a disaster recovery or business continuity plan is a complex task, but Howbrook suggests three steps that are easy to implement:

Think ahead
All businesses should have a written plan detailing specific steps to take in a crisis. This is particularly important because it is estimated that insurance policies will generally cover only 60% of any disaster claim.

Any business continuity plan needs people who will implement it and revise it as the company changes over time. Create an efficient team that can fill the vacuum effectively in the event of absentees on the day of the crisis.

Initiate change
Work out the simplest method of running your business, assuming the worst-case scenario. Test this plan at least twice a year. This will help you to spot any weaknesses and allow you to make improvements. According to the Institute of Directors, 62% of firms do not test disaster recovery plans on a regular basis..

Read more on Managing IT and business issues