Earlier in the year, parts of the nation were struck by their share of tornadoes, floods and blizzards. Nonprofits everywhere face the potential at some point of having to shut their doors because of a natural disaster. Add to the list the modern-day threats of prolonged power outages, computer hackers, flu epidemics and terrorist attacks, and the importance of having an effective disaster or “business continuity” plan in place should hit home.
But what does a complete continuity plan entail and how should you proceed to implement one? Or, if you already have a plan — only six out of 10 nonprofits do, according to a 2007 University of Dallas study — have you reviewed it lately?
What might happen?
When forming your continuity plan, your imagination is a good place to start. Challenge your staff to imagine what would happen if a disaster hit. What programs would be impaired if your physical site were shut down for several days or more? What would the impact be if your staff were unable to access your computer system for an extended period? If roads were closed to all but the most resilient vehicles, how would your operation be affected?
Once you’ve identified the risks and possible adverse scenarios, you can begin to develop suitable responses.
For example, if a fire badly damages your offices, your staff might be able to work remotely from their homes or an alternative facility, if proper arrangements have been made. And if important data about your constituents and programs has been saved — for example, in the cloud — your staff would be able to access that information seamlessly. (Also see “IT recovery strategies are crucial.”)
Here are some other factors to consider when forming a continuity plan:
Your disaster planning team. Your team should represent your full operation. Include representatives from each department and your board of directors. Appoint an executive to lead the group, because the plan is that important. The team should create, review, assess and modify the written document. Subteams should be created to handle certain tasks that will arise, such as contacting and updating staff and initiating data recovery.
Communication with the community. An important function following a disaster is communicating with the community and any reciprocal agencies you have identified. Appoint, or have the team appoint, a spokesperson for the organization. Also be prepared to coordinate with fire, police and government officials who might be able to offer assistance during a catastrophe.
Training and plan oversight. Your continuity plan should include staff training. Don’t shy away from devoting enough time to get them up to speed. Also, once the plan is finalized, it should be reviewed and updated at least once a year. Among other things, make sure that it keeps pace with technological changes at your organization.
No one wants to think that a catastrophe will hit their organization. But the truth is that disaster can strike at any time. As part of good governance, arm your organization with the tools and resources it requires to minimize the detrimental effects of a disaster.
Don’t forget that IT recovery strategies are crucial
Recovering data should be a top priority after a disaster. The Department of Homeland Security recommends that you:
- Develop recovery strategies for all of your IT systems, applications and data, including networks, servers, desktops, laptops, wireless devices and connectivity,
- Anticipate the loss of one or more of the following: a secure computer environment, hardware, connectivity to a service provider, software applications and data — and develop appropriate responses, and
- Identify the IT resources required to support your time-sensitive functions and processes.
Your IT recovery plan should include a strategy to ensure that all crucial information is backed up. Last, document the plan and test it periodically to make sure that it works.
For more details, visit http://www.ready.gov/business/implementation/IT.