Disaster Recovery: Risk Management

Risk Management: Disaster Recovery

In essence, disaster recovery has got to do with protecting an organization against events of a negative nature and their effects/impact. Such events include, but they are not limited to, failure of equipment, serious cyber attacks, and natural disasters such as hurricanes and earthquakes. All these put the operations of the organization at risk. This text concerns itself with practical risk management. In so doing, it will, amongst other things, address the need for disaster recovery and highlight the key components of a disaster recovery plan.

The Need for Disaster Risk Management

The relevance of disaster risk management cannot be overstated. This is particularly the case given that disasters put the continued operations of an enterprise at risk. It is important to note that in the past, many businesses have had to contend with huge losses when disasters strike. This is more so the case when it comes to the ensuing replacement costs of damaged items, storage of retrievable items, business interruption costs, disaster restoration site costs, etc. (Doig, 1997, p. 41). It is for this reason that there is need to invest in disaster preparedness, as this ensures that the impact of disasters on the operations of an entity is minimal. Essentially, disaster preparedness comes in handy in disaster risk reduction; with the latter being an aggregation of all those measures undertaken to bring down or suppress the damage brought about by events classified as disasters. Most businesses find it impossible to continue in operation after disasters strike. This is particularly the case given the huge losses often associated with disasters, some of which have been highlighted above. It is for this reason that a number of entities have in place what is referred to as a disaster recovery plan (DRP).

This particular document lays down the procedures, policies, as well as actions that are deemed necessary to limit organizational disruptions occasioned by disasters. In basic terms, a disaster recovery plan (DRP) not only supports, but also aids an organization in its efforts to restore normalcy and, therefore, limit losses as a result of a disaster.

Disaster Recovery

Disaster recovery does not have an assigned definition. This is to say that no definition of disaster recovery has been generally accepted as the universal representative of the same. Various authors have, in the past, given their own definitions of disaster recovery. In this context, the definition suggested by Rodriguez, Quarantelli, and Dynes (2006) will be adopted. Disaster recovery, in this case, is seen as "the differential process of restoring, rebuilding, and reshaping the physical, social, economic, and natural environment through pre-event planning and post-event actions" (Rodriguez, Quarantelli, and Dynes, 2006, p. 237). As the authors further point out, in addition to giving a clear description of the outcomes linked with sustainable disaster recovery, this definition also acknowledges the fact that disasters impact on institutions, groups, as well as individuals differently. In that regard, therefore, the entire recovery process, as Nakagawa and Show; Nigg (as cited in Rodriguez, Quarantelli, and Dynes, 2006, p. 238) point out, "is not linear, nor is it driven predominantly by technical challenges, but rather by social parameters."

Disaster Recovery vs. Business Continuity

Business continuity, in the disaster management and recovery context, describes all those procedures and processes that are set up by a business so as to see to it that business functions seen as being mission-critical are not adversely affected during and even after the occurrence of a disaster. Of key importance in this case is the maintenance of key business operations.

Disaster recovery and business continuity are often closely associated. For this reason, the term Business Continuity and Disaster Recovery are used together. It should, however, be noted that these two terms are not synonymous -- neither can be used in place of another. In this case, while disaster recovery has largely got to do with the resumption of business operations following events of a disruptive nature, business continuity involves the prioritization of "various business processes and recovering the most important ones first" (EC-Council, 2010, p. 1-12). In that regard, business continuity plans, as opposed to disaster recovery plans (DRP) have an approach that is more comprehensive; that is, an approach that ensures that, for instance, a business can continue to make money following both minor and major calamities. It is also important to note that while disaster recovery is reactive, business continuity is largely proactive (EC-Council, 2010). This is to say that the focus of disaster recovery is the restoration of a business following the occurrence of a disaster, while business continuity is focused on the mitigation of risks (EC-Council, 2010).

Disaster Recovery Planning

As far as the preparation for disruptive events is concerned, disaster recovery planning is critical. Disaster recovery plans, in essence, "enable organizations to analyze and identify the different ways to handle a disaster" (EC-Council, 2010, p. 1-12). It is important to note that every business entity must come to terms with the reality of disasters -- regardless of whether such disasters result from employee actions, acts of terror, or even forces of nature. As a matter of fact, "even though many companies say they understand the need for a disaster recovery plan, very few actually make it a priority" (Snedaker, 2013, p. 26). Every business ought to have in place a blueprint that focuses on its tentative response to disasters. The section below addresses some of the main components of a disaster recovery plan. It should, however, be noted that no single plan is a 'one-fits-all' kind of plan.

Components of a Disaster Recovery Plan (DRP)

The three key areas that a DRP should focus on are: prevention, continuity, and recovery (EC-Council, 2010). When it comes to prevention, EC-Council (2010) recommends that organizations first ensure that their valuable systems are secure. This, in the opinion of the author, makes it easy for an organization to recover from any given disaster. Next, there is continuity, whose key objective is the maintenance of all those operations that permit the business to function properly. Lastly, we have recovery, a phase that concerns itself with the restoration of "all systems and resources to their regular and fully operational state" (EC-Council, 2010).