For all the fun that happens at our clients offices, there’s a fair share of boring too.
Sure, we love hearing about the fun stuff. But, we can’t, and shouldn’t, overlook the boring. In fact, that’s generally where we thrive – doing the stuff you don’t want to do.
When asked about their Technology Policy and Disaster Recovery Plans, a recently completed client survey indicated that more than 50% of the respondents either didn’t have or didn’t know what these were.
Fortunately, with these being fairly important items, we can provide a bit of guidance for both.
A growing number of our clients are receiving requests for disaster recovery plans, continuity plans, or data integrity plans from their own clients. In other words, you are now being asked for documentation on how you do business in order to win, or maintain, your own clients. While this isn’t the most unheard of request, having documentation specific to your IT policies is a relatively new shift that we’re observing. Think about it. We’re doing more from our mobile phones today than we did from computers five years ago. That’s a lot of liability for data security, particularly in situations when compliance is more robust than standard agency operations.
Now keep in mind, we’re not lawyers. But, we wanted to round up some good examples or starting points for your organization to check out. Naturally, each company is different. That means there is no silver bullet. But, we can at least start helping you have the conversations that need to happen.
So what are we talking about?
Disaster Recovery Plan
This is one of the scariest topics that comes up for any business – large or small. The simplest explanation is a question: “What will happen if your office explodes and you have to start from scratch?”
Think about it for a minute. If your office did not exist tomorrow, how would your employees work? From home? Do they have laptops or desktops? If the server is in your office, and not cloud based, do you have off-site data backup? How long will it take that backup to turn it into useable data again? How old is that data and how much information did you potentially lose? These are all good questions.
Simply put, a disaster recovery plan pinpoints how much risk an organization is willing to take, versus the economics of being fully redundant, all of the time. There are businesses that are 100% online all of the time. It’s possible, but it can get expensive in a hurry. Can you afford being down for a day while the office gets spun up? What if it’s just part of your data that needs to be up all the time – like your financials? What about…
There’s a ton of questions, but also a plethora of answers. To start, here’s a good framework to analyze the business impact: http://www.ready.gov/business-impact-analysis
All this can be very dooms-dayish. Usually it happens completely outside of your control. But, sometimes it isn’t a natural disaster that can ruin your day. Theft is another big reason to have a good disaster recovery plan. We’ve had clients who lost severs when someone broke through a brick wall to gain access. Crazy things happen, and being prepared isn’t just for Boy Scouts.
Here’s the breakdown from our survey related to Disaster Recovery Plans:
This is more of an agreement with your employees than it is anything else. Are they allowed to use their own technology without restrictions? Do they get work email on their phones? Do you have an agreement with them that if their device is lost or stolen, you can wipe it? Did you know that you can wipe it with things like Exchange or Google Apps?
Unfortunately, with great power comes great responsibility. Our phones are also homes to baby pictures, cat videos, and an abundance of other seemingly personal and invaluable data. Sure, there are ways users can back that stuff up, but do they know they can – or that they should?
Then there are things like Acceptable Use. Do your employees use the internet at work? Do you care if they use Facebook? Are you, as a company, responsible for the actions taken by your employees while on your network? This is where we recommend talking to your HR and legal friends and craft a balanced policy around enabling your employees, while safeguarding the company.
Looking for examples? Check this list out that was put together by the White House as it relates to BYOD initiatives, cell phone plan compensation, and more:http://www.whitehouse.gov/digitalgov/bring-your-own-device
Here’s the breakdown from our survey related to technology policies:
These are just two boring, but important topics that you and your company should be talking about. How does your company stack up? If you have any questions, feel free to reach out to us. We enjoy the boring so you can Get Back to Work.