Are You Ready?
Every organization should have an Information Technology disaster recovery plan. It does not matter whether the organization is big or small, or for profit or not. Destroyed or lost information is too costly to re-create. On one end the cost can be wasted resources (time, money, and or lost opportunities) and the other is irreparable damage to the organization’s goodwill and possible total business failure.
Below are some tips for creating an Information Technology disaster recovery plan:
The disaster recovery (DR) plan is only a part of Business Continuity Planning (BCP). A holistic BCP contains:
- Continuity planning – steps taken to continue business operations until the systems can be restored
- Disaster planning – steps to restore the systems and return to normal operations
- Crisis management – procedures used by executives to respond to and manage a crisis
The disaster recovery (DR) plan should not be created in a vacuum. It can’t simply revolve around the data center. It is important to engage the business units to prioritize the applications. A risk assessment model is a great tool to help prioritize applications, because each application is considered a priority for its business unit owner. The risk assessment model can be a simple spreadsheet that identifies, for each application, the probability of failure multiplied by the damage if a failure were to occur. Simple numeric values can be assigned to damage (1, 10, 100) to help the user identify high priority applications. Using a risk assessment model can assist in demonstrating the application priority across the enterprise. A forced ranking is sure to generate robust discussion. Additionally the business units must be in a position to help by having a business continuity plan to continue the work until the systems can be restored.
Cover the Basics
Ensure the appropriate care and keeping of your applications and its data. Have a pre-established procedure, including location, to recover the business. This may sound basic, but too many organizations do not create backups. Of those that do, too many never move them off site. Of those that move applications and data off-site, too many of them have never tested their ability to truly recover their applications in another location.
Ensure the currency of your hardware, software, and other supporting infrastructure. It is a lot easier and less costly to replace and repair the current model versus finding the specialized pieces to recover an infrastructure that is outdated. The data center or computer room is part of the infrastructure; your electrical, HVAC, and other utilities should be included in your review.
Look for the Hangnail
Sometimes it’s the little things that hurt the most. Business owners should have an access plan. Many times your infrastructure is in tact, but you can’t get to it. Consider how the business would continue if a road is blocked or your force to evacuate.
When to Engage
Senior leaders must know how to recognize when a disaster has occurred and how to invoke the DR plan. Information Technology professionals will tell you that most disasters are small. Many think about hurricanes, tornadoes, and earthquakes when they hear the word disaster. The reality is a broken water pipe, an electrical transformer failure, the failure of key network equipment, or even a computer virus can trigger a disaster plan.
People, People, Work with Me!
Remember the human factor. Call lists are common. More complex environments have elaborate multi-layered contact systems (phone, fax, pager, email, text, etc.). You would be sadly mistaken if you think that a contact list is all you need; it is only the beginning. You must develop procedures. The staff should know if they are to assemble, who should assemble, where to assemble, what they should bring, and what roles they must play.
Senior management may need help in understanding the daily risks when you do not have a DR plan. Some fear a DR plan is too expensive or that a disaster will never happen. Can your business afford not to have a plan?
Phone a Friend
With the increased affordability of connections, and with the standardization of systems, Chief Information Officers, business leaders and data center managers should consider mirroring the key components of the environment in another location. Data center managers could create a memorandum of understanding, agreement, or contract to share space with a business or industry partner in exchange for space at your facility.
Talk with your vendors if you can’t get a friend. They may be in a position to quickly recreate components of your environment. This option generally comes with a price tag.
Go Ahead – Test Me!
As mentioned above all the planning in the world will not help if it is not validated. You must test your plan, analyze the results, make the necessary adjustment, and test again.
I have barely scratched the surface of the issue. Organizations should invest the resources that could ensure your recoverability and continued success in the face of a disaster. A disaster recovery plan is like insurance. You could spend a lot of money trying to cover all the risks; however that is not possible or practical. You can’t take a one size fits all approach. Get help if needed.
As you may have noticed these tips are relatively low in cost. You may not need to buy a great deal. You and your organization will need to take the threats seriously and act appropriately. There is no excuse for not having an Information Technology disaster plan.