The fire was started by a faulty air conditioning unit in an attic above the offices of Onesearch. Undetected by the smoke sensors below, it burned for some time before the sprinklers kicked in and the alarm was sounded. By then a huge amount of damage had been done and the managers of the property search firm were facing a genuine crisis. “Data is fundamental to our business,” says technology director Stuart McWhinnie. “We simply couldn’t afford to lose it.”

Onesearch’s managers faced a double challenge. In addition to salvaging the equipment, they also had to get their systems up and running as quickly as possible. As McWhinnie explains, the company’s customers – mainly solicitors – were unlikely to remain patient for long. Without search information, property transactions can’t be completed and there was a real danger that if Onesearch was out of action for more than a few days, frustrated clients would hand their business to rival operators.

“The first 24 to 48 hours were critical,” says McWhinnie. Fortunately, the company had a business continuity plan in place, and once its servers had been rescued, it was able to transfer operations to alternative office space, a move that had been pre-arranged with a specialist facilities provider.

New PCs were delivered on the next working day and IT staff prioritised the recovery of search data. Customers were kept informed, and within days Onesearch was delivering search results again.

The company’s experience highlights the importance of planning ahead. Onesearch had formulated its recovery plan just weeks before the fire. Without it, McWhinnie feels that the business could have gone under. Sadly, in similar situations, a lot of businesses do.

The cover

But what does a disaster recovery plan entail? Well, fi rst and foremost, it’s vital to ensure that you have the right level of insurance cover in place. Your policy should have two main components: material damage insurance and business disruption cover. The first of these pays out on damage to office equipment and the building, while the second component covers you against any shortfall in profit. The vast majority of policies will contain both forms of cover, but you get what you pay for.

For instance, Tagish, an internet site development and content management company, was hit by a fire in 2006. As managing director Andrew Fisk recalls: “We didn’t have enough business interruption cover. In retrospect, we should have paid for more.”

Assessing the risks

Insurers often undertake a physical inspection of the premises before granting cover. As a result, they may insist that you tighten policies, procedures and safety precautions. “A risk assessment may result in us making it a requirement that certain things are done,” confirms Alan Gairns, technical director, property underwriting at RSA (formerly Royal Sun Alliance) group.

However, you should also carry out your own risk assessment. There’s no standard template for this. For instance, while fire remains at the top of the business property claims chart, in certain areas flooding could be an equally clear and present danger. “It’s important to look at the local risks,” says Marina Arthur, a business continuity expert and founder of Key BCM consultancy.

“For instance, if you’re on a flood plain close to a river, you have to consider flooding as a major risk. By the same token, a company based in the City of London might consider terrorist action or hacker attack to be key dangers requiring preventative measures.

The action points will depend on circumstance. You can’t stop floodwater from rising, but you can make sure servers and key electrical equipment are kept high. If fire or terrorist attack are seen as major dangers, invest in precautions, such as CCTV, sprinklers and smoke alarms. Local authorities will supply information on local risk factors.