Disaster Recovery Planning For Your Organization Provided by: The McGovern Consulting Group, LLCYour Local Sage 100 Fund Accounting Business Partner 888-876-1544 | www.mcgoverncg.com
Agenda• Who is the McGovern Consulting Group?• What is your current plan?• Basic questions you need to ask• Common mistakes organizations make• How to develop a plan – steps involved• Repeating the cycle• Methods to developing plan• Options to consider in developing the plan – Simple to Advanced
Learning ObjectivesGoal - Understand Disaster Recovery Best Practices
Why Do We Need A Disaster Recovery Plan ?The National Archives & Records Administration reported that 93% of the companies that lost their data for 10 days or more filed for bankruptcy within one year of the disaster
Basic Questions• What options do we have available to us?• What is the cost involved in each method?• What are the ramifications of each method?• How much data can the organization afford to lose?
More Basic Questions• What if we have an event at the building?• Would we be able to restore the information to another location with ease?• Are the only backups we have of our data all stored within one location?
Common Mistakes• Not involving the day-to-day users• An incomplete plan• Plan not tested• No plan at all
Disaster Recovery Plans• Developing a Written Disaster Recovery Plan – Information Gathering – Plan Development – Plan Testing – Maintain the Plan
Disaster Recovery Plans - Information Gathering• Organize your Project Team – Appoint Project Leader – Identify Planning teams – Set Project Deadline• Conduct Business Analysis – Identify functions, processes and systems – Interview Personnel – Analyze results to determine critical systems, applications and business procedures – Prepare impact analysis
Disaster Recovery Plans - Information Gathering (cont’d)• Conduct Risk Analysis – Review backup system/procedures – Review data security – Identify systems that support critical mission functions (Payroll!) – Identify vulnerabilities (floods, hurricanes, fires, etc.) – Assess Probability of system failure or disruption – Prepare risk and security analysis
Disaster Recovery Plans - Information Gathering (cont’d)• Develop Strategic Outline for Recovery – Detail steps in workflow for each critical function • POLICY and PROCEDURE MANUAL • Make sure the workflow shows enough detail that someone else could perform task without supervision – Identify the minimal requirements if a disruption did occur – Identify alternate methods of processing – (Processing payroll Manually) – Identify any processes with very little tolerance for downtime – Identify primary contact for each critical function – Identify alternate contact if primary person for that role is unavailable – Identify key vendors
Disaster Recovery Plans - Information Gathering (cont’d) • Review Onsite and Off Site Backup Procedures – Can records be created from other sources – Are backups stored offsite – Number of backup generations available both on and off-site – Are there more than one person that has authorization to retrieve off-site backups? – Data backups are not enough • Have copies of mission critical application software stored off-site • Have all installation/user keys stored off-site • Have contact information for Vendor/Support stored offsite – Determine how much downtime you can afford to have
Disaster Recovery Plans - Information Gathering (cont’d)• Take Inventory – Equipment • Computer and storage devices (Workstations and Servers) – Annotate the functions and applications that are used on each – Rate each resource as critical or disposable – Critical resources are those that cannot be rebuilt quickly from new hardware and a backup (app servers, database etc) – Disposable resources are those that can be recreated from backups and installed disks easily – Focus your attention on plans to recover from failure of only the critical resources as your first step – Do it this month • Cell Phones & Contracts • Funding Source Agreements
Disaster Recovery Plans - Information Gathering (cont’d)• Take Inventory – Update Inventory (Fixed Asset) – Last maintenance date – Serial Numbers – Replacement costs – Insurance – Pictures for insurance – Notes
Disaster Recovery Plans• Plan Development – Criteria for invoking the plan • Who decides to implement plan – Implementing plan can be costly – Roles and Responsibilities • For every member of the organization should someone not be available • No task is too small to document – Procedures for operating in contingency mode – Criteria to return to normal operations – Procedures to Return to normal operations
IT Related Recovery Plans• Hardware• Power• Internet• Email• Phone Service• Applications (Do you have media and license keys?)• Data recovery from backup? (Do you have backups offsite?)• Tech support contact information? (Vendors – phone number)
People Related Recovery Plan• Who knows how to contact vendors?• Who knows how to cut payroll checks?• Who knows how to process credit card payments?• Is there more than one person who can perform each critical business transaction?• Do you have cell phone numbers to reach employees/volunteers/Board Members/other critical people
Assignments and Execution• What steps need to be taken to restore this process?• Who has the authority with vendors to do so?• Who has the required knowledge or training?• Is there a backup operator to execute the plan if the primary is unavailable or unreachable?• Who can make decision to enact the plan?• Assign roles and communicate expectations to staff
Preconditions/ Preventative Plans• What needs to be part of your regular operating plan to enable your disaster recovery plans?• Set these actions in motion as part of your finished recovery plan
Never Ending Cycle
Disaster Recovery Plans• Plan Testing – TEST – TEST – Re-TEST• Test each business process in your section when finished and at least annually after that!• Make sure that your interactions with your vendors work as planned• Streamline your plan based on your test results• It is unlikely your plan will work exactly as you have planned it, do not be disappointed and focus on making corrections for the next test.
Still Not Sure Where to Start?• Method One – “Follow the Money” planning methodology • Trace how money flows through your organization • Start with income (donations grants, revenue, etc) • Map where that money goes as expenditures • Document the process flow and include all the systems used to process the transactions• Method Two – “Committed Services” planning methodology • Identify services your organization provides (meals, counseling, etc). • Map how raw materials used in that service become usable and delivered (groceries, people, transportation). • Document the process flow and include all the systems used to process the transactions
Decide Criteria for Invoking the Plan• What is the maximum amount of time a process can be unavailable before action must be taken• At what point does the cost of executing the plan become secondary to the outage?
Disaster Recovery Plans• Review your business processes at least annually• Update the processes for changes in how things work• Plan Maintenance – Review changes in technology – Review changes in environment – Review changes in procedures – Review changes in staff roles and responsibilities – Update documents – Develop Maintenance triggers and procedures• Examples: – Did you add new software applications – Add new vendors you rely on? – Are there new processes or services to constituent you need to protect?
Gosh Where Did I Put That Plan?• Here in my desk• On 3 duplicate and encrypted USB drives carried by 3 different key Director team members (updated monthly)• Available on encrypted secure storage on the internet to select Director team members
Backing Up• Tolerance for data loss• Backup system• Verify backup system
Options – Data itself and Processing• Simplistic Ways – Copy Item to USB Jump Drive – External Hard Drive – Online backup• More Advance Ways – Cloud Storage – Dedicated Hosted Server – ASP – SaaS – *** If you still need further explanation on these, let us talk after this session or we will provide a follow up web meeting
Tools Available to You• www.techsoup.org/toolkits/disasterplan• Techsoup Disaster recovery guide (PDF)• Disaster planning: what organizations need to know to protect their tech (webinar)• Disaster planning backup backup backup
Take Away - Fix Your Backup Strategy• Find out if you are doing backups at all• Make a list of additional data that needs backing up• Get a plan in place to backup everything on the list weekly• Store your backups offsite• Do it this week
Start Talking About the Need for a Full Plan • Your Executive Director and Board of Directors should easily realize the need • Pass around this presentation for education • Ask for assignment of a project manager / owner • Begin a project plan • Ask for a budget
Take Away• Outline of a plan we found online that has been helpful for us develop our own internal plan• Should you need assistance in facilitating the completion of the plan please let us know.
CONNECT WITH US Get Connected With The McGovern Consulting Group Today To Learn About Upcoming EventsTwitter – www.twitter.com/McgovernCGFacebook – www.facebook.com/McgovernCGLinkedIn – http://www.linkedin.com/company/mcgovern-consulting-group-llcYouTube – www..YouTube.com/McGovernCGSlideShare – www.slideshare.net/mcgoverncgBlog – www.mcgoverncg.com/blog 888-876-1544 | www.mcgoverncg.com