Disaster Recovery Plan

Has anyone written a Disaster Recovery Plan for a non-profit? If so, how do you think it differed from a similar plan which a for-profit company might have? And what were the key areas you covered?<:LINEBREAK:><:LINEBREAK:>Ivan

This is a project on my to do list.So you will see one here soon ..<:LINEBREAK:>But a major bank and a smal NFP should have the same ideals.<:LINEBREAK:>Just the scale and maybe some of the tools will be different.<:LINEBREAK:>A mailing list to small NFO is as important as account info to a large bank.<:LINEBREAK:>Some thoughts.<:LINEBREAK:>What data is important.<:LINEBREAK:>What is the recovery time frame<:LINEBREAK:>Where will you do it<:LINEBREAK:>Who will do it<:LINEBREAK:>What resources do you have<:LINEBREAK:>What resources will you have<:LINEBREAK:>Where will the bandwidth come from<:LINEBREAK:>This is a good start.<:LINEBREAK:>Then design , test and implement<:LINEBREAK:>Test on a regular basis, this will streamline the process and kill some bugs.<:LINEBREAK:>The best way to cover all bases is just think back to 9.11 and put yourself in the position of a corp who office got wiped out.<:LINEBREAK:>That's what you need to prepare for.<:LINEBREAK:>Make sure the the recovery does not become the disaster.

But a major bank and a small NFP should have the same ideals. Just the scale and maybe some of the tools will be different.
<:LINEBREAK:>Agreed. Every organization has its "family jewels", so to speak. A donor list is *just* as important as a bank's transaction records.
<:LINEBREAK:>After you establish what's important, it's just scaling the right strategy. Also, ask yourself how important it is to have INSTANT access to this information (once it goes down). For example, if a company can afford it, buy a huge SAN (storage area network), store your files there, and then back THAT up on tape. This gives you a nice RAIDed drive (with a lot of other nice features--quick boot, easy management, less likely to crash, etc.). Should a drive die, the other drives will reconstruct from the parity. Should TWO drives fail, well, then you always have your tapes!
<:LINEBREAK:>Ditto on testing. Test until you there is no doubt. Time on these firedrills are never lost!

Ivan,

I think there are a few areas that some non-profits might need to consider that for-profits generally don't.

Human service non-profits in particular may have a mission to respond to local disasters that affect their communities. Clinics, soup kitchens, shelters etc. may need to be considering, not just how to get themselves back on their feet after a disaster, but also how to increase their service provision. Some may revert to paper and pen systems, and this may be the perfect solution, but others may want to consider having redundant or interim systems available that will be accessible in a time of crisis.

Foundations also have a particular, unpleasant responsibility that most small companies do not: Planning for a catastrophic disaster that wipes out the entire organization. Most organizations do not have much need to plan for a disaster that destroys their entire physical and operational structure, including staff. There is little to be gained from dwelling on how others might start up again after the organization is gone. Foundations however, generally have funds that will survive such a catastrophic event and an obligation to ensure they will still be used to further the mission the were reserved for. Although unusual, a disaster such as a fire or building collapse could potentially wipe out an organization's entire staff and all records. With no-one left with knowledge of operations it may be nearly impossible for the board to track down assets and continue the foundation's work.

Disaster preparedness is not simply a tech related issue. Senior management need to identify possible scenarios, assess risk and decide on appropriate levels of response.

Scenarios range from the standard tech disasters - data corruption, virus infection, malicious attacks on internal and external systems etc. - to things like loss of critical employees (and this probably includes your techie!), loss of critical, uninsured property, lawsuits, public relations fiascos (death of a client that the organization is or may be implicated in) etc.

Although this sort of risk management decision making belongs with senior management, technology has a significant role to play in the recovery stages of most disaster preparedness plans. Tech staff can often offer solutions that are significantly cheaper than non tech alternatives. But any plan must be thoroughly understood by everyone affected, updated and tested. In particular, it is essential to know who is responsible for implementing key decisions (and who steps in in their absence).

H.

Still working on my Disaster Recovery plan but one thing I have found eases my nerves is pre-approval for spending.<:LINEBREAK:><:LINEBREAK:>The idea being that during an agency disaster senior management should be focused on all kinds of things and trying to follow agengy spending protocols probably is not one of them. I have given them a ballpark for purchasing several key components plus additional temporary staffing.<:LINEBREAK:><:LINEBREAK:>Generally speaking this means in the event of a disaster, I can just go buy/order what we need to get running (within limits) without having to take up any more precious senior management time. Probably best for all concerned.<:LINEBREAK:><:LINEBREAK:>R.Scott Hawkins<:LINEBREAK:>Catholic Charities Maine

use words like redundant instead of spares.<:LINEBREAK:>It's not what you ask for but how you ask for it<:LINEBREAK:><:LINEBREAK:>Oz