How can you reduce the amount of time your company needs to recover from a disaster? And how do you secure your future business operations without spending a fortune on contingency plans you might never need to call on?

Companies base their business continuity and disaster recovery plans on assumptions about what they would need to keep their business running and how long they could afford to have parts of their business out of action. Some business units might well be able to go into mothballs for a month, while others might need to pick up again virtually instantaneously. Identifying risks in such value-related ways lets businesses put systems in place that ensure their financial losses are ones they can sustain without costing more than they're worth, Micallef says. So disaster recovery plans must self-evidently be driven by business need, and take into account the views of people throughout the business.

One way is to start with a business interruption or business impact analysis, examining as many business functions as possible to determine those that are critical. Next, figure out a recovery strategy based on how quickly those critical functions would need to be recovered for minimal disturbance to the business.

Talk to business managers in various parts of the organisation about how they would cope if the premises were wiped out by a disaster. Use that to distinguish between critical and non-critical facets of the operation. Get consultants to help if needed.

"There are a lot of business areas where it really doesn't matter if you burn down the house," says Montrose Computer Services director of business recovery service Seamus MacLochlainn. "They can, with some restraints, recover fairly quickly without the organisation being damaged. That's the key. Does the organisation get damaged? That's our starting point.

"Then there are those [business areas] that are deemed to be critical. The business unit says: ‘The organisation would suffer horrendous consequences if we didn't have these key resources, because we would fail in these various areas. Because the organisation would suffer these horrendous consequences, something needs to be done for us.'," MacLochlainn says. He claims consultants can play a useful role in helping the organisation "sort the sheep from the goats". By helping the company figure out which areas are critical and essential to get back up fast, and which areas could be out of action for long periods without much effect, consultants can help them work out what areas are worth spending up-front money on.

Not only is it essential that businesses plan for the unexpected, but those plans also need to be tested and re-evaluated to ensure that your business can resume operations as quickly as possible. "All businesses should re-evaluate and test their business continuity plan on a regular basis to ensure that the relevant provisions are available if the unexpected hits," says Adrian Bogatez' managing director of Classic Blue, a provider of business continuity and disaster recovery solutions in Australia.

Re-evaluation and testing should help you determine whether the plan provides for the loss of all equipment and the destruction of the building. It should test what would happen should you and your entire department lose their lives. It should ensure not only that people know where off-site backup tapes are located but can also access them.

Regular reassessment will ensure that a well-documented disaster-recovery plan includes all vital information, is stored securely off-site and that plenty of people know how to access it. If the company's entire infrastructure is destroyed, there must be a plan for replacing it. Is there a backup facility waiting? Do you have vendors, and backup vendors, ready to ship to you at a moment's notice? Does anyone else know the details?

If you can't answer such questions with ease, you may be heading for future trouble.