Good engineers plan for failure. So do good attorneys. Perhaps this is why "disaster planning" is an area I tend to spend a lot of time on. One planning approach I utilize to start businesses thinking about this topic involves an imaginary "hit by a bus" scenario. Basically, the question asked is "how well positioned will the organization be if [insert name here] is hit by a bus tomorrow and everything they carry around inside their head is suddenly lost to the business?" The real answer to this question can have a tremendous impact upon family members, employees, customers, investors, and many others.
Business owners and entrepreneurs work with us because they want to build and grow their business. Disaster planning is rarely high on their priority list -- especially when most answer the "hit by a bus" question with platitudes such as "we'd be fine" or "all our key info is written down somewhere." The more a business grows, however, the more important such planning becomes. The earlier you can make "disaster planning" a part of normal operations, the better positioned you will be for sustainable success (not to mention the added value it provides should you ever wish to raise outside capital or sell your business -- good planning across all aspects of your business reflects overall competence and stability, both of which will positively influence prospective deals).
Technology is at the core of most critical business operations for just about every company (think point of sale system, accounting system, company website, customer contact information, work product, etc.). It also tends to be taken for granted. For this reason, it is a prime candidate for my "hit by a bus" list. I know the headline promises the top 5 questions. To paraphrase Captain Barbosa from "Pirates of the Caribbean," however, they're really more like guidelines. It's all about embracing the process 🙂
- What do you own and use? These days, many businesses use a combination of hosted services and purchased software to run their operations (not to mention the hardware and network connections that make it all accessible). There should be a central place key players can reference to determine what all these "things" are, along with a general description of the unique configurations established for your business.
- Who do you rely upon? Once you've identified what you've got and how it's used, you need to identify the vendors and service providers that help keep things going (along with all their contact info, including any data access or security information needed to engage their services). Access to copies of service agreements and similar contracts is also important.
- How do you take care of it? Like a car, your technology infrastructure requires regular maintenance to be reliable. Hopefully you've got an outside vendor or internal person (or both) taking care of things for you. Daily, weekly, monthly, quarterly and annual checklists that detail what's being done, how it's being done, when it's being done, and by whom are ideal. It's also good practice to assure checks and balances are built into your procedures so this information is updated as your business grows and changes.
- How is access and security managed? Federal and state regulations governing personal data privacy and protection are ever expanding. External threats (such as viruses, spam and hackers) need to be guarded against, but so do the ones from inside your business. For many small businesses, key administrative ids and passwords are kept by one person (if at all). Losing this information, or failing to manage the level of data access provided to vendors and employees, can compromise your business in more ways than one.
- Are we prepared to recover? To answer this question adequately, you need to answer a number of related ones first :: Do you regularly back-up data (including all workstations and laptops -- information assets that usually get lost in the shuffle)? Are your back-ups stored off-site? Who can retrieve them and how? What software and hardware is used to back up the data? Is the same combination needed to restore your data? Are regular attempts made to restore all or parts of your backed up data to assure your system is working as intended?
As I recently mused on another topic, successful business leaders manage risk. Each business needs to recognize and assess its key touch points in order to make intelligent choices about how to best manage risk within the context of available resources (time and money). Hopefully, this short list can help move you further down that path.