As a business professional, executive, or business leader, you are always thinking of ways to connect with your team and improve your business or organization. If you’re not already, you should be concerned about business continuity and disaster recovery before disastrous events occur. As Bill Gates said, “Treatment without prevention is simply unsustainable,” and the same goes for your organization.
In the case of disaster recovery, prevention is more than half the battle toward ensuring a safe workplace that can continue to function well in the face of an emergency.
Let’s take a look at some of the most common workplace emergencies and disasters your business and personnel should be prepared for, and then we’ll talk about how to address them, what disaster recovery is, who defines it, how to create your disaster recovery plan (DRP), and how to get help if you need it.
We’ll also cover ISO 27031 and what’s required to make sure your business is compliant.
Most Common Types of Workplace Disasters
If you want specific numbers on the number of injuries and accidents that occur in the workplace, the Occupational and Safety and Health Administration (OSHA) in the United States and the World Health Organization (WHO) are great places to start. Everyone wants their businesses or organizations to be safe and healthy places to work, but as an executive or business owner, it can be hard to find time to focus on disaster recovery plans (DRPs) along with running a business daily. A strategic business partner specializing in crisis management, business continuity, and intelligence and global strategies and risks can be invaluable as your business continues to grow and risks change and increase — Bryghtpath LLC can keep your business on track and secure.
OSHA lists some of the most common workplace emergencies or disasters, including:
- Floods
- Hurricanes and tornadoes
- Fires and explosions
- Toxic gas or chemical releases
- Radiological accidents
- Civil disturbances or workplace violence leading to bodily harm or trauma
Workplace disasters are not always the result of your business policies, but may just happen — still, you and your employees need to be as prepared as possible when they occur. The best way to do this is to create, update, and follow a disaster recovery plan (DRP)
What is Disaster Recovery?
Disaster recovery is a standard set of policies and procedures that a business or organization puts in place and follows to protect itself and its personnel in the face of a disaster. Disaster recovery plans (DRPs) can help the business ensure personal and employee safety, hardware, and systems restoration, and take other steps to encourage business continuity. DRPs may include preventative measures, corrective measures, and detective measures to prevent disasters from affecting business as much as possible while mitigating the disaster outcome as reliably as possible.
Who Creates the Disaster Recovery Guidelines for Businesses?
The International Organization for Standardization (ISO) is the international organization that monitors and develops business standards and regulations, and businesses like yours depend on it for guidance on difficult topics like disaster recovery. In collaboration with organizations like OSHA, WHO, and the International Labour Standards on Occupational Safety and Health (ILO), the ISO helps prevent disasters from escalating or occurring in the first place and establishes rules and regulations that help businesses and organizations comply with its standards. Now that you know what disaster recovery is, though, how will you design a DRP for your business? Let’s define the plan and then find out how to create and adapt it your particular business or organizational niche.
How to Design a Disaster Recovery Plan
A disaster recovery plan (DRP) details all the actions you, your management team, and your personnel must take to make sure your employees and your business are safe. Depending on the size and complexity of your business or organization, you may want to have a DRP for each department which the managers retain copies of at all times. The managers may be responsible for adapting and revising these plans regularly or when necessary to stay abreast of current ISO standards like ISO 27031 and other business and safety standards.
What is ISO’s Disaster Recovery Standard 27031?
To truly understand what disaster recovery standards require, let’s take a closer look at ISO Standard 27031. This standard is focused on the information and communication technology (ITC) requirements for business continuity and disaster preparedness.
ISO 27031 includes both crucial data security and enterprise operations of an organization or business.
The four areas of ISO 27031 are:
- Plan
- Do
- Check
- Act
ISO 27031 Planning
The first step in creating a DRP is to plan and establish a disaster recovery business continuity set of policies that contains the following necessary components:
- Objectives
- Metrics
- Risk management processes
These components should increase the IT and communications departments’ ability to be ready for disaster and implement recovery in an organized and successful manner.
ISO 27031 Doing
The second step is to implement the established policies in the correct order so they are most effective. In the event of a disaster or emergency, this step must happen quickly and smoothly to prevent further disastrous consequences in your organization or business. This step cannot occur unless the business disaster actually occurs, but it can be prepared for through training and exercises involving management and personnel.
ISO 27031 Checking
The third step to enacting a DRP is to check back and ensure the procedures are having the desired effect. This means that you or your personnel must constantly monitor and assess the recovery following the disaster, ensuring that the projected objectives and metrics are hit consistently throughout the risk management process. In other words, is your DRP working? You can also ask yourself or your team what policies or procedures are not working, and improve them once the recovery is complete.
Some methods of checking on your DRP include the following:
- Audits
- Plan testing
- Plan execution and post-disaster evaluation
ISO 27031 Acting
Finally, based on the results of the audit, test, or actual event occurrence and DRP execution, your organization or business must adapt and revise the DRP to improve the DRP functioning should the disaster occur again in the future.
The ISO 27031 Disaster Recovery Requirements
The ISO provides in-depth guidance on how to design a DRP, and is a great resource if you’re trying to design your own. If you need help, Bryghtpath can guide you through the process and help direct our personnel on gathering the information you’ll need. To be compliant with ISO 27031, here are a few things you will need before putting together your DRP:
- An organizational/staffing chart
- A personnel location list
- DRP management job descriptions
- A key customer contact list
- Facility maps and descriptions
- Hardware, network, software, and off-site materials locations and inventories
- A list of critical resources needed in case of emergency
In addition, ISO 27031 requires the following processes be defined and included in your DRP: a website disaster planning form, a work plan, an audit plan, preventative measures, an incident communication plan, a social networking checklist, and a pandemic checklist.
Creating a DRP, or several of them can be intimidating, even for a business magnate with decades of experience. The time-consuming but necessary team and department collaboration risk brainstorming can seem insurmountable while you’re running your business. You know you need a DRP (or several), but you may need additional planning tools or expertise to guide your organization and management team in the right direction. Bryghtpath can effectively and simply help your business design and implement an ISO-compliant disaster recovery plan and teach your team to keep it current. We offer the following services to ensure ISO business compliance and the safety of your organization and team.
Want to work with us or learn more about Business Continuity & Disaster Recovery?
- Our proprietary Resiliency Diagnosis process is the perfect way to advance your business continuity, disaster recovery, & crisis management program. Our thorough standards-based review culminates in a full report, maturity model scoring, and a clear set of recommendations for improvement.
- Our Business Continuity (including IT Disaster Recovery) & Crisis Management services help you rapidly grow and mature your program to ensure your organization is prepared for the storms that lie ahead.
- Our Ultimate Guide to Business Continuity contains everything you need to know about Business Continuity
- Our free Business Continuity 101 Introductory Course may help you with an introduction to the world of business continuity – and help prepare your organization for your next disruption. Our paid 5-Day Business Continuity Accelerator might just be the thing you need to jumpstart your business continuity program.
- Learn about our Free Resources, including articles, a resource library, white papers, reports, free introductory courses, webinars, and more.
- Set up an initial call with us to chat further about how we might be able to work together.
Significant workplace violence incidents in the second half of 2018