In May, Citrin Cooperman hosted a roundtable discussion in New York City on the importance of a disaster recovery plan and proper backup systems featuring Adam Reiss, partner and Not-For-Profit Practice Leader and David Rosenbaum, principal of Citrin Cooperman Technology Consulting.
As our culture becomes increasingly dependent on technology, it is essential to review your current systems before a crisis hits. The potential for disaster is real, and although the exact nature and timing of the disaster generally can’t be predicted, organizations can protect themselves by implementing a disaster recovery plan now.
Here are a few highlights from our program:
On assessing your risk: “Everyone has the right intention of what they have put in place, but when I have reviewed systems during audits, it becomes clear that accounting systems haven’t been updated with the most current versions,” said Reiss. “People have access to certain modules they shouldn’t have, and at times there is no security in place in terms of where the server is being maintained, leaving too many people to access it. The plan doesn’t have to be formal, but just sit down and see what your risks are and whether or not you have to make changes to your IT systems at this point in time and why or if not, what is your reasoning.”
On how long you can afford to be down: “Complete the sentence – within 24 hours following a disaster what has to happen?” asked Rosenbaum. “Can you afford to be down for 24 hours? What functionality do you need, what capabilities do you need, what do your constituents need, what do your locations need? What do you have to be able to do a week from now, but what could you live without for a week? What has to happen a month from now? As you think through your disaster planning and solutions for implementation, you need to differentiate between functionality – what do you have to be able to do – and performance – how easily, quickly, or well do you have to be able to do it?”
On losing your clients’ trust: “If your constituents are relying upon you to provide services, what happens to your trust with those constituents if you are out of operation,” said Rosenbaum. “Some will very likely understand that there was a hurricane or something significant going on, but some won’t. It’s something to think about. It depends on the nature of the organization.”
On using the cloud: “If you have your systems in the cloud, it’s important to understand what that cloud provider has in place in terms of a disaster plan,” said Rosenbaum. “What happens if their data center experiences a problem? There are different service levels to subscribe to. These are questions to be raised and considered when planning for the unknown.”
On scheduling a fire drill: “You want your process to be as simple and automatic as possible,” said Rosenbaum. “Test the plan – run fire drills. They are time consuming, disruptive, and expensive, but if you don’t run the fire drills, you won’t know if your policies and procedures work.”
For more information on how to set up a disaster recovery plan for your organization, please contact David Rosenbaum at email@example.com or 914-693-7000.