Managed Service Providers: Disaster Recovery Plan Defined
March 3, 2017
It seems like many firms think that disaster recovery (DR) is the action taken after a disaster, and that definition is a misnomer. DR is about the planning stage. It is what a CPA firm does to make sure its data is safe in the event of a disaster. The actual data recovery phase of a DR plan should be short. The data should be restored and the CPA firm should be back up and running with minimal effort. That is the job of managed service providers (MSPs). The planning stage of the DR is the responsibility of the firm, but the firm will consult with the MSP to make a working plan.
The Basics
Many CPA firms think they have a good DR plan in place. They have allocated a managed service provider to manage their data, they do backups, and they are sure their data will be restored when needed. This is not a complete plan. There are still several questions unanswered, like:
• What data will be restored? Data is more than just client records, or HR records. What about day-to-day data that is used to keep the firm running? Software applications? Schedules and calendars? An active plan should include data types, and these data types should be prioritized.
• Do you have a risk management officer or emergency response team in place? Are there emergency drills in place, so when the time comes everything will work smoothly?
• When was the last time your DR was revised?
• Is the entire plan written down? This can be particularly important if someone leaves and someone else has to move into the position. They must have the ability to quickly assimilate into the position.
Starting the Plan
Although there is a lot that needs to be done by the firm, don’t forget to include your managed service provider. They are the ones that have to perpetuate the plan and restore all the data. One of the initial assets to creating the plan is “to know where licenses, product key information and user policies are stored, and have an inventory of all systems, workstations and storage devices,” according to Accounting Today.
Understand the risks when creating a plan. Are you creating the plan to restore data if hackers lock up your network? In the event of an earthquake? Blizzard? Flood? Not all locations will be vulnerable to all kinds of natural disasters, and firms that have implemented a hybrid network may be better protected from hackers. Also, find out from your managed service provider where your data is stored. For most realistic practices, it is better to have the data stored farther away geographically. See how TOSS’s vBCDR can help you.
Build the Team
A risk management officer can take the lead for the construction of the DR. An emergency response team has multiple functions. There should be a representative from each department on the team. They are responsible for the actions, plan creation and implementation of the plan for their department. This position can be as small as collecting inventory and setting up educational periods to instruct staff.
Staff needs to be informed about virus prevention and steps to take if they lose internet access or in the event of data loss. Once the team is developed then a detailed plan can be put together, and that plan can be given to management, who in turn, will contact your managed service provider to make sure everything on the list can be handled properly.
The team will have to meet periodically to test and revise the plan as needed. New departments may be added, or satellite offices may be brought into the firm, or there may be certain instances that were not covered in the initial overview that needs to be added. Backup conventions should be verified. Periodically backed up data should be pulled and redistributed to a local machine to make sure the data is installed correctly.
A solid DR will help keep your CPA’s data safe. In some cases, a solid plan can help with insurance policies as well, especially after the disaster has already occurred. Insurance companies are more likely to settle claims when they know there was a solid DR in place. To find out more, contact TOSS C3, and take advantage of a free assessment.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.