Reducing IT Risk: The CFO’s Plan for Quick Recovery from Disaster

At the beginning of the year, we covered the creation of a Business Continuity Plan which prevents most issues from becoming disasters. But what if a disaster exceeds your capacity for immediate remediation? That is when your Disaster Recovery Plan is invaluable – to ensure that an interruption does not threaten the survival of your business. As the CFO, you are in charge of protecting corporate assets and sustaining the earnings stream they generate. Having the components listed below as part of your Disaster Recovery Plan is not only your job, it will help you sleep better at night.

All businesses require a Disaster Recovery Plan – don’t fall into the trap of thinking (for example, in the case of a manufacturer) that “if my shop is gone, IT is the least of my worries.” Even if you can no longer make widgets, you need access to order/shipping/client information to inform customers of delays and get their support while you recover.

The good news is by following the steps outlined in the Business Continuity Plan article you have already done much of the groundwork: identifying the data you have, the people responsible for it, and how long you can tolerate being without access to your various data sources.

Start by envisioning the worst, including:

  • A pandemic that requires all your employees work from home
  • Fire or flood in a server/switch room, or in your entire facility
  • Extended (multi-day) loss of Internet service or power
  • A ransomware attack or application failure that corrupts data or makes it inaccessible
  • A region-wide weather disaster (ice storm, hurricane) that damages your facility or prevents staff from reaching it

Your Disaster Recovery Plan need not be lengthy, but will include these key components:

- Backup. Consider the frequency of data backup (backing up only once daily risks too much data loss for many organizations today), verification of backup, how long a restore will take when required, and the ability to quickly use the backup as a “live” server when your primary systems are down. Fresh backups and fast recovery matter here.

- Cloud systems. Cloud providers have outages and failures. Backup from one cloud provider to another (or from the cloud to your site) is increasingly a part of Disaster Recovery Plans.

- Remote access. While some plans provide for a formal alternate work location contracted in advance by your company (a “warm” or “hot” site), most assume that employees will work from home or other ad hoc locations. In that case, you need to be able to “spin up” server resources in the cloud, and ensure that key employees have the computer, tablet, or phone (whether personal or provided by you) and Internet access they will need to work remotely.

- Storage of the plan and related information. Documentation (including this plan!) needs to be stored or copied somewhere that’s accessible to key staff (not just IT personnel, who may be unavailable in the event of a disaster) when your systems are down. Consider a one-page paper overview (not including passwords or other sensitive information) for key staff, stored at home.

- Contact information: Much of the plan will involve quickly mobilizing the help you need. This means:

  • Staff names and contact information, including cell and landline numbers and personal email. Also include responsibilities in case of a disaster.
  • Usernames and passwords stored and shared (as appropriate) securely in the cloud so staff can continue to access your systems.
  • Information about your vendors, manufacturers, and IT support organizations, including phone numbers, customer and contract numbers, support levels and procedures.

The Disaster Recovery plan, like all IT plans, needs to be reviewed annually – contact information, for example, will almost always change every year.

Good preparation with good fortune can prevent a disaster from occurring – but if your fortune falters and the worst happens, you will sleep better at night knowing you are well-prepared!


​Not a member-scholar yet? Join our financial community here!

Identify your path to CFO success by taking our CFO Readiness Assessmentᵀᴹ.

For the most up to date and relevant accounting, finance, treasury and leadership headlines all in one place subscribe to The Balanced Digest.

Follow us on Linkedin, Facebook, Twitter.