Recently a business where I had worked lost the use of one of its PCs due to corruption of the operating system. I was called in to help sort things out. My experiences made me think what might be a good checklist for any small business with one or two PCs, lets assume they are running windows.

A. Write a brief disaster recovery procedure for different scenarios, e.g theft, hardware damage, software corruption, accidental damage to data.
B. Have working/backup CDs of all software including operating systems and device drivers.
C. Have all codes and passwords recorded somewhere safe.
D. Have a backup of all critical data, both on site and off site, and instructions on how to restore it.

In considering this I have tried to be realistic rather than what you might do in an ideal world. The resources spent on precautions have to equate with the actual levels of risk. For example, daily imaging of every PC, storing data in carefully configured RAID arrays, is not for everyone, and might be wasted money and effort if the business cost of just re-loading some software and copying files from a memory stick backup is minimal.

Specific additional questions based upon what happened in practice are below:-

1. If the operating system won't boot: is there an Automated Recovery CD?, in this case there wasn't so Windows XP Pro had to be re-installed from scratch.

2. Are there working installation CDs for all critical software? In this case, one of the installation CDs turned out to be damaged, and that was the only copy.

3. Have all settings and passwords for internet services such as email been recorded in a readily available form?

All these precautions sound like common sense but may be more difficult to address than one might suppose. In a small business there may not be one person whose responsibility it is to see to all these things, ultimately it is the owner of the business who is responsible. However, he or she might not understand fully the implications of every technical issue, whilst IT contractors who have been brought in to do a specific task may not understand the implications of business issues. Responibility may have been delegated to a member of staff at one point, but then they leave, and a new person comes along, who, as it is a small business, may do a slightly different job to their predecessor because they have a different skill set. It is all to easy to assume that just because some action was taken with regards to a risk (i.e. buying a backup drive), that whatever has been put in place will actually work out when the worst happens and it comes to restoring everything. (Has the backup procedure been followed? Did the backup software work properly? Will the restore work on a new set up? How long were backups kept before being overwritten by the next backup?)

I don't want to be alarmist, but as data has become increasingly 'real' and 'tangible' as a business asset, it is probably worth while for anyone who works in a small business to ask some of these questions, because it might just save a lot of time and money when the PC won't start one not too distant Monday morning.