Designing an IT disaster recovery plan (DRP) is challenging. No doubt about it. But every – yes every – Oklahoma City CPA firm needs one.
Due to the frequency of tornadoes and other natural catastrophes, the Associated Press has called the state of Oklahoma “Disaster Central” – with literally dozens of federal disaster declarations in recent years due to either tornadoes or flooding.
A well thought out IT disaster recovery plan protects not just your accounting firm’s data, but also its reputation throughout Oklahoma City Metro – and beyond.
A good DRP documents the steps to be taken if a disaster strikes—man-made or natural. But before creating a DRP, you need to do a risk assessment study to identify critical IT services and to set your recovery time objectives and recovery point objectives.
Having taken these two steps, you are now ready to create your plan—one that’s based on a well-conceived disaster recovery strategy.
Components of a Solid IT Disaster Recovery Plan
So what are the building blocks of an effective plan?
- Introduction — The document begins with the plan’s purpose and scope, and the firm’s management team in charge of executing the plan.
- Roles and Responsibilities — This section lists your response team’s roles and responsibilities, the limits of team members’ authority, and each team member’s name and contact information. It also includes spending limits if equipment must be purchased.
- Incident Response Process — The IRP section details the steps your CPA firm will take in a disaster. Ideally, you want to quickly assess the situation, note the damage that’s occurred, and determine its severity. This section also discusses what you’ll do to contain the damage and how you’ll notify top management and other key people.
- Plan Activation — Here, you’ll document the steps needed to activate and launch your DRP. The section describes how you’d adjust activities depending on the incident, lists criteria for launching the plan, and spells out who decides activation is necessary.
- History of the DRP — Critical to a good plan, this section records the dates and details of any revisions, what was revised, and who revised it. Sometimes, this section begins the DRP.
- Required Procedures — Here you’ll describe the procedures to be undertaken when an incident occurs. The more detailed the section, the better your chances of quickly restoring normal operations—the main goal of a DRP.
- Appendix — Placed at the end of your DRP, this section includes things like systems, applications, and network asset inventories. It also includes service level agreements (SLAs) with vendors, contracts, supplier contact data, and anything else you think will facilitate recovery.
The sections listed above make up most DRPs. Add more sections if necessary and adapt the plan to your specific needs of your OKC CPA firm
The Bottom Line
Creating a DRP is only half the battle. The other half is publishing and maintaining it.
As part of this effort, you need to create employee awareness and update employees on their roles and responsibilities.
Some OKC CPA firms also conduct employee training on disaster recovery and set up a records management system.
Creating an IT disaster recovery plan makes perfect sense. A good DRP helps limit the damage to your OKC CPA firm’s data and reputation. A DRP is the heart of any good disaster recovery program. It’s the key to restoring your firm to normal operations as quickly as possible. But you need to craft one that fits your needs.
What other recovery steps can an OKC CPA firm take to protect its IT assets? Let us know your thoughts in the Comments box below.
And to follow up on the tips introduced in this article, be sure to download your free Information Technology Guide for Oklahoma City CPAs.
You must be logged in to post a comment.