Contact us: 888-996-4642 |

The Key Components of a Technology Disaster Recovery Plan for RIA Firms

When it comes to keeping your Registered Investment Advisor (RIA) firm up and running, you need to have a disaster recovery plan. Nobody ever truly expects to be affected by a natural disaster like a flood, hurricane, earthquake or fire. Let alone a technology disaster like a computer server failure or virus. “Sure it happens, but I doubt it will happen to me,” is a common attitude. However, it does happen and you can’t afford to be shut down because you can’t access your data. Even accidentally deleting an important file can be a disaster and that happens all too often.

Your clients won’t accept any delays in handling their accounts and since your business handles sensitive financial data, neither will the Security Exchange Commission (SEC). The SEC requires that a full disaster recovery test be performed and properly documented every single year to be in compliance with regulatory requirements.

So, because a Disaster Recovery plan is so essential for RIA firms, we wanted to share some best practices in preparing your firm for a disaster and meeting compliance standards.

Simply put, a Disaster Recovery Plan outlines how your firm will recover all your data and infrastructure in the event of a computer-effecting disaster. Disaster recovery is often misunderstood and confused with performing daily backups. It does start there. If your backup fails to function properly or your backup media fails, you won’t be able to access your data or your clients’ data.

However, a good Disaster Recovery Plan must be able to address a disaster at three levels: file-level recovery, image or server-level recovery, and cloud-level or network-level recovery.

Recovering deleted or corrupt files.

Losing access to individual files can be as simple as someone accidentally deleting a client folder on a network drive, or as distressing as a computer being infected with the Crypto-Locker malware where the entire network files are maliciously encrypted, never to be accessed again. A good file-level backup mechanism would be sufficient to recover from this disaster.

Loss of an entire server.

It happens – a physical server loses its hard drive array, a physical server’s operating system becomes corrupt and won’t boot up, a virtual machine server becomes damaged beyond repair, etc. In this case, a good image-level backup mechanism becomes extremely critical to the disaster recovery process of a single server. Image-level backups are performed by specialized backup software mechanisms that create image “snapshots” of servers on at least on a daily basis. Having these “snapshots” allows you to recreate the system as it was before the disaster. However, recreating your downed server onto new hardware isn’t that simple. You need a plan in place. Where will the new server come from? What are the lead times? Who has access? And so on. We share a lot more of the questions you should be asking yourself in the chapter on Disaster Recovery in our book, RED FLAGS, so please grab a copy so you can be prepared or give us a call to help you think through the process.

Complete loss of the network infrastructure.

While these catastrophic events are less common they are way more devastating. In this scenario, you need an entire network infrastructure and a means to access it from a different location other than your office space, which may no longer exist. Two procedures must be in place to protect yourself here. First, backups must be automatically replicating to off-site data centers that store the information in a secure and private space, and they must be transmitting the files in a secure and encrypted manner. Second, the data centers storing this information should have some way of replicating to a second, geographically diverse data center for redundancy. Having the capability to have your service provider recreate your network infrastructure in a private cloud using your most recent backups creates a virtual “hot-site” for your RIA firm. Once re-created, your firm should be able to use this virtual “hot-site” to operate your business until your local network infrastructure can be re-built or addressed. We love doing this stuff! If you are interested in learning more about this back-up methodology, check out our Total AdvisorCloud™ network infrastructure solution.

As you can see, disaster recovery is about planning for and addressing continuity of your business processes after various disaster scenarios. Using backups at various levels is critical to that and each level should be tested for reliability and recoverability on a regular schedule.

Want to learn more about implementing a disaster recovery plan for your RIA firm?

Here are three options:

  1. Give us a call at 888-996-4642 and we’d be happy to answer any questions you have or set up a meeting to access your firm’s technology and network.
  2. You can find more of our technology best practices for RIA firms in our new book, RED FLAGS: Recognize and eliminate the risks in your RIA firm’s Disaster Recovery, IT Compliance, and Cyber Security processes to safeguard your reputation and client trust.
  3. If you are attending the IMPACT® conference in Denver next month (November 4 – 7), stop by our Kiosk outside of the Schwab Center or call us at 888-996-4642 to make an appointment to meet ahead of time.