How does disaster recovery planning differ for SMBs than for larger companies?
A major difference is in terms of the scale and complexity that is involved in a larger company vs. an SMB recovery plan. This would also include the level of detail and extensiveness of the plan.
If I'm budgeting for a disaster recovery plan, what is a reasonable amount I can expect to spend for a company with 500 people?
Good question. The answer is going to vary not as much for the number of people, but instead, what the business is doing, its reliance upon information and related technology. While the size of a business in terms of head count is often used as a gauge, it is not truly reflective, because a company with 100 or fewer employees may have revenues and reliance upon information resources in excess of a 500-person company. So it's more a function of what the business is doing than the number of people. The more information that is being processed and stored along with the reliance on that information will determine how much should be spent on business continuance.
What are the must-haves if I am limited in terms of budget and staffing?
I would say that a must-have is a basic business protection strategy that means making sure that all critical data and records are backed up on a regular basis with a copy of the backups in a safe and secure location.
With technology changing so rapidly, how do I know if my proactive plan is outdated?
Good question. One approach is to regularly test or audit your plan and see what works and what does not work and why it does not work. Now the other aspect of this is to assess your business needs on an on-going basis to see what can and needs to be improved, along with being aware of technology capabilities and how new tehcnology can enhance or enable your plan.
How long can I expect my plan to be up to date, and how often should I revise it?
Assuming that nothing changes in your business and environment, then your plan should be up-to-date. However, reality being what it is, that will typically not be the case, as your business, environment, technology, data and staff constantly change. One approach is to periodically update or maintain your plan on a annual, semi-annual, quarterly, or monthly basis. Another approach, and one that is more timely, is to revise your disaster recovery plan when you make changes. This includes revising associated documentation and information each time you make a change.
What are some real threats that should be planned with regards to a disaster recovery plan for an SMB?
Real threats include those that are most likely to occur including acts of man and natural acts. One of the most common and likely threat is that of human acts whether accidental or internal. Major disasters get the headlines, however it is often one or more smaller scenarios that can cripple an organization and its information.
Greg Schulz is a senior analyst at independent storage analysis firm The Evaluator Group Inc. Let us know what you think about this tip; email firstname.lastname@example.org.