Building a Comprehensive Disaster Recovery Plan

By | August 22, 2006

Disaster Recovery has been top-of-mind for many IT managers as events that cause unplanned business downtime continue to surprise us. 2005 was no exception. Natural disasters, human conflicts and constant exposures to security breaches and attacks have driven organizations of all types and sizes to recognize the need to implement or improve their comprehensive Business Continuity Plan (BCP) that includes a robust IT Disaster Recovery Plan.

What exactly does a Disaster Recovery Plan entail? Backup polices? Recovery scripts? Security breach escalation procedures? An effective Disaster Recovery Plan addresses not only the protection and recovery of technology, but as part of a broader BCP, also includes the people, processes and procedures necessary to bring about the true end game: the ability for end users to manage corporate risk, respond to a potential disruption, and complete new business transactions while protecting historical transactions that together keep a company viable when faced with a disaster event.

That’s a tall order for most organizations. Many IT managers are prepared to take the first step to protect and secure their data; however, few are completely prepared to enable the resumption of critical business processes within a desired timeframe. According to a survey conducted by Applied Research, among 500 IT Managers, 70 percent of those surveyed have deployed data backup, replication, and recovery technologies. However, only slightly more than 54 percent of IT managers in the survey had a complete Disaster Recovery Plan in place. Having recovered data but not applications and end users is a lot like having the sheet music but no instruments, musicians, concert hall or conductor to play the symphony. It’s just not going to get the job done.

According to Infonetics Research, large companies lose up to 16 percent of annual revenue due to unplanned network downtime. So what should IT consider while planning for disasters, events, or crises?

Understand and Communicate Needs

About one-third of respondents in Applied Research’s survey indicated they did not see a need for a Disaster Recovery Plan. Awareness and communication, at the IT management level as well as executive level, is critical. Some leading questions that may help managers understand and communicate the need for an effective Disaster Recovery Plan:

  • How long can we suffer a security attack or IT outage before there is a significant impact to customers / partners / corporate viability?
  • Is information currently available to everyone who is authorized to access it—and protected from everyone else?
  • Are the right policies in place to ensure that information is protected from both internal and external threats—and effectively recovered following an emergency?
  • Is the right data backed up, archived and easily accessible for regulatory purposes—while unneeded information is permanently and securely deleted?
  • Is the data information put through a formal data information refresh process to ensure that data that is often stored at off-site facilities for extended periods of time is tested for integrity and can be used following technology refreshes and upgrades?
  • Is there a regularly maintained inventory of all purchased applications, tracking license numbers, most current version, versions maintained, and copies owned, with a prioritization in place for restoration?
  • Leave a Reply