Pharmacy stores with many branches over the country need to have disaster recovery plan(DRP) for information systems.The DRP have to cover many disaster issues regarding different environment of the stores. Some stores might be located in the mall while some are located in the community. The purpose of DRP is to ensure that the IT system will be protected and have a mitigated effect on the disasters, and the business can perform continually with less interruption. There are steps to develop effective DRP.
First: Identification and Analysis of Disaster Risks/Threats
Risks have to be identified by considering the issues which could damage IT systems and followed by losing opportunities, downtime and increasing of business costs. There are various risks such as flood, fire and power supply which could create disaster to businesses especially if branches are considered.
Second: Classification of Risks Based on Relative Weights
Risks should be classified into groups for better risks prioritizing and management later. The main cause of risks can be used for grouping such as External risks (Natural,Civil), Facility risks(Water, Fire)
Third: Building the Risk Assessment
Different Risks create different level of severity to the business. Therefore, scoring risks based on their level of impact will help to prioritize DRP. The scoring could be weighted from Likelihood, Impact and Restoration time. Risks with high scores might have more chances to create disasters to the business which need high efficiency plans.
Fourth: Determining the Effects of Disasters.
Some risks couldn’t be controlled at the cause such as natural disasters, so, specifying the effects of each of the disasters is important. Information entities which possibly affected and were failed by the disasters will be addressed in the DRP. There are possibly many entities affected in the single disasters which are hard to recover all in the same moment. Therefore, Downtime, cost of downtime and interdependencies can be used to prioritize the recovering order.
Fifth: Evaluation of Disaster Recovery Mechanisms
This process is to evaluate the available recovery methods. From previous, there could be many entities impacted from disasters, there can be many methods prepared to recover the system. One technology, which is important and suites businesses with many branches, is the domains controller. With different IT background knowledge of working staff over the country, this might be more convenient to centralized and managed information system by the IT professionals from the center. Active directory, User Authorization and Security policy could be applied symmetrically to different settings. In case of disasters, losing data might be one of the worst cases but with the domains controller, the important data will save in the central database and is possible to recover as soon as entities are ready. The cost might be high to set up the controller and also IT staff have to be provided during the opening hours of drugstores. However, without centralized system there might be cost of sending IT professionals nationwide or loss of opportunities because of waiting for the recovery.
Other mechanisms such as Redundancy for hardware could be applied for the facilities destroyed.
Overall, Recovery mechanisms should cover effects from disasters which are determined previously.
Last: Disaster Recovery Committee.
Groups of people should be delegated as Disaster recovery committees. Role and responsibility should be identified for periodical plan management and application of DRP practically.