Creating a disaster recovery plan

As a financial advisor, you are aware of the importance of being properly insured. But are you prepared for the disruption your business would suffer in the event of a disaster — such as a flood, a hurricane or a tornado?

“I am often struck by how few [organizations] have actually gone through the exercise of developing a proper disaster recovery plan,” says Dean Tremblay, manager of professional services in Ottawa with Toronto-based Blackiron Data. “In the wake of events such as Hurricane Sandy and others, it is something that every practitioner should have.”

Tremblay offers the following advice on how you can begin to ensure your business is prepared for the unexpected:

> Know your practice
The first step in preparing for unforeseen events is to understand exactly what you need to protect. For example, does your practice run on hard-copy documentation? Or have you digitized your documents?

You likely have a high standard of security for your IT systems through your firm or through third-party vendors. However, many advisors don’t maintain the same vigilance in protecting their local networks. So, without a defined disaster recovery plan, your locally hosted documents, such as important client information, could be in jeopardy.

“You want to define what the critical aspects of your business are and insure them accordingly,” Tremblay says.

> What if?
Once you have defined the most important elements of your practice, Tremblay says, you should answer a series of “what if” questions.

For example, how would your practice be affected by a disaster such as a terrible storm or a fire?

As well, what would be the impact of other kinds of unforeseen events such as vandalism or theft of a particular piece of valuable hardware?

For example, imagine not being able to access your clients’ records during the heat of RRSP season.

Once you have run through the various scenarios, you will likely have a better understanding of your vulnerabilities and potential solutions.

> Define the cost
Now that you have identified the basic threats, you need to evaluate how detrimental the loss — either in terms of your time or data, for example — would be to your business.

Perform a basic risk analysis. This step should clearly put a dollar value on the possible daily operational losses to your business should a disaster occur.

It is important for you to be honest and realistic. A complex plan to house your data in multiple locations on separate external servers might be very secure, but it might cost more than the data is worth to your business.

So, Tremblay says, you should to protect yourself from being over insured.

> Take a dry run
Having a plan in place is half the battle, Tremblay says. The other half is making sure your plan actually works when you need it.

So, find a time during the year where business is slow, such as summer, and do a dry run of your recovery plan. It’s better to fix any potential glitches during a simulation than in the heat of the moment when the walls seem to be caving in.

This is the first instalment in a two-part series on preparing for a disaster.

Tomorrow: Building a business continuity plan.

What is the future of ESG?

Federal Budget 2024: Webinar with Jamie Golombek

Latest news In Practice Management

Firm hopes to support younger advisors through new practice financing program

How to write a job posting for an assistant

In tight labour market, finding a good assistant isn’t getting any easier

When your child isn’t fit to be your successor

Today's top stories

Tribunal asked to pause OSC’s Bridging case

CRA to charge 9% interest on overdue tax in Q3

Desjardins sells its shares in Fiera

Budget softens mandatory tax disclosure regime