It is difficult to determine how likely or frequently disaster will befall any particular organization. Because there are many uncontrollable variables at play in any given situation, nothing short of clairvoyance can provide a firm answer to questions like: “When will the next disaster occur?” or “How often will a specific event cause an issue?”
Businesses will be faced with many incidents every year, but whether or not those incidents become disasters is a function of several situational factors. Some of the factors at play are:
- The company practices;
- Whether the company has had a Risk and Threat Assessment done;
- Whether or not the company has a solid DR Plan and Program in place.
Still, thorough preparation does not make a business immune from disaster. Preparation can stop many smaller issues from growing, but there are some things that no amount of preparation can prevent. Threats facing all organizations include:
- Natural threats (flood, earthquake, ice storms, etc.)
- Building conditions (humidity, water / electrical supply, etc.)
- Human activity (terrorism, sabotage, theft, etc.)
- Threats to building access (extreme weather, transit issues, etc.)
- Threats due to nearby activity (spills, fire, explosions, etc.)
Even the most prepared companies cannot simply brush off a major brown-out neutralizing their data centre, a terrorist attack destroying their headquarters, a fire in the adjacent restaurant destroying their equipment, or a snow storm keeping employees from work. However, companies with a strong Disaster Recovery infrastructure in place can overcome these calamities in a much timelier manner than those that do not have such plans in place.
And even though the frequency with which these unavoidable catastrophes will strike can never be certain, there are methods that can lend businesses a general idea of the threats and timelines facing them. As part of a Risk and Threat Assessment, there are elements of physical security, health and safety and information access that a company can look at to get an idea of what the future might bring.
Using the Risk and Threat Assessment as a guide, imagine a company that examines how often power has been lost over the past 20 years. This would give them a really good idea about what to expect in the future. Investigating what they or similar organizations have gone through in the past also adds value. Monitoring current events provides more information. Is a transit strike imminent? Are there any protests or demonstrations planned that will block major access points in the works?
This knowledge will not tell an organization exactly what to expect, but it does suggest certain frequencies and sources of disaster. Having this information allows businesses to prepare for the most relevant threats, and modify their IT infrastructure and DR Plan to counter the most imminent sources of danger.
