Integrating Disaster Recovery and Crisis Communications

When your business experiences a major interruption, a disaster recovery (DR) plan is essential to keeping systems up and running and restoring business-critical data if necessary. 

It’s also important to keep your customers and stakeholders in the loop about what’s going on within the walls of your organization and how that affects them — especially for an isolated crisis such as a data breach. That’s where a crisis communications strategy comes in. (We talked more about creating a crisis communications plan in a recent webinar with DRJ. You can watch it here.)

The Problem of Isolated DR and Crisis Communications Plans

The challenge is that both plans aren’t always handled by one department. The IT department takes control of DR, and the PR department or another business unit typically manages the crisis communications strategy. Ideally, these strategies should be developed as part of an overarching business continuity (BC) program, but for businesses without a documented BC strategy or poorly governed BC programs, the DR and crisis communications plans can develop independently of each other. In a crisis scenario, this could result in a disjointed response strategy, which can make the business seem flighty and untrustworthy.

If your organization struggles to integrate DR and crisis communications, you may be wondering how you can break down the silos between the departments who handle each of these plans. Below are our recommendations.

Remember the Common Goal

First and foremost, it’s important to remember that both the DR plan and the crisis communications plan should have a common goal: to protect — or even enhance — your reputation throughout a crisis. To accomplish that goal, there needs to be a collaborative initiative involving both personnel and technology.

Identify Specific Objectives

For the DR and crisis communications plans to work effectively together, it’s critical to first identify the desired outcome. For instance, what are your recovery time objectives and recovery point objectives? Are there any compliance requirements you have to meet? Do you have any service level agreements tied to business deals? What are your corporate goals? When deciding what objectives you need to meet, be sure to avoid general answers and agree on specific, measurable criteria.

Implement the Right Tools

Both plans will continually evolve as the business’s objectives, strategies and technology change. That’s why it’s crucial to document current versions of finalized plans, as well as any crisis communications information (media contacts, drafts of press statements, executive and corporate bios, etc.). In addition, each team member should be aware of their unique responsibilities as well as what other teams are working on at that moment. A cloud-based business continuity planning software solution is a good way to organize this information in a central location.

Because time is of the essence during a crisis, also consider implementing a mass notification tool to communicate quickly with key team members. Some tools integrate with BC planning software platforms, which can further streamline plan implementation. Once the crisis communications team defines what it wants to accomplish, the IT group can suggest technical options that help support that strategy.

Despite the challenges, integrating the DR and crisis communications strategies is indeed possible — and necessary. What barriers have you encountered when trying to integrate DR and crisis communications? How are you working to overcome them? Let us know in the comments!

[Webinar Recap] Crisis Communications: The Modern Do’s and Don’ts


Crisis Communications: The Modern Do's and Don'ts Presentation Slide
In today’s world, disasters such as cyber attacks and data breaches are becoming routine. At the same time, social media is transferring the role of reporter to its users, who are able to broadcast their version of the news as it unfolds — accurate or not. So how do you protect your business from a crisis?

Jeffrey Bell, partner for Gallatin Public Affairs, and Brandon Tanner, senior manager for Rentsys, addressed this topic in the recent Disaster Recovery Journal webinar “Crisis Communications: The Modern Do’s and Don’ts.”

As Jeff explained in the presentation, having the proper communications plan and tools in place gives you more control over the outcome of a crisis. In fact, the goal of an effective crisis communications plan is to enhance your company’s reputation.

To find out how to prepare your organization for a crisis, check out the recording of the webinar here.

[INFOGRAPHIC] Cost of Security

Did you know that in 2010, financial institutions continued to climb as the number one target for phishing attempts, representing 50 percent of the targeted industries? Further, the average cost of a cyber attack was nearly $416,000 to participating organizations.

Check out this infographic from Pragmatix to gain insight into the dangers of not being prepared for a security breach.

Cost of Security Inforgraphic


Cybersecurity is a growing concern. To learn about the FFIEC's new tool to help you assess your risk, check out our post FFIEC Update: Cybersecurity Assessment Tool.

Why High Availability Solutions Shouldn’t Replace Disaster Recovery Planning

24/7 floating over businessman's hand
These days the cloud is no longer a no-go for critical infrastructure. In a survey conducted by Infosys last year, 81 percent of respondents said they were already or were planning to use mission-critical apps in the cloud within the next two years.

With many cloud environments featuring capabilities for high availability, which by definition provide 99.999 percent uptime, how does that affect disaster recovery (DR) planning? If you manage all your applications in a third-party cloud environment with high availability built into the apps’ architecture, does that mean you can nix internal DR plans, procedures and tests?

The answer is no, and here are three reasons why.

You Need a Plan for Handling Data Corruption


DR planning is still a key component of the organization’s overall business continuity strategy. It’s important to have a high availability strategy for your critical systems and information, but if your high availability solution replicates errors, your data — while it might be available — would be useless. In that case, you’d need to fall back on your DR plan to recover that system.

Your Employees and Vendors Need a Plan to Follow


Even if you’ve outsourced management of critical applications, your employees still need to know what will transpire in the event of a power outage, facility loss or other incident. For instance, where will they work? How will they access the data and applications that are necessary to their job duties?

Your Cloud Provider Needs to Understand Your Environment


If you’re using a third party to manage your environment, it’s important to test so the vendor understands your environment. With documented and rehearsed DR plans, the vendor will be familiar with how to react during a business interruption and can do more on your behalf.

Although high availability is a key part of protecting your top-priority applications, it shouldn’t replace DR planning. To see what other components you should include in your DR plan, download our checklist.