Building An Effective Disaster Recovery Plan

Effective Business Interruption Planning

Recent events in many metropolitan areas throughout the country have increased disaster recovery (business interruption) awareness. Business interruptions such as tornado’s (natural), terrorism (human), and system viruses (technical) can have devastating effects on the ability for a business to maintain operational integrity with ongoing revenue generation. To help mitigate business risk and ensure technology functions operate during and post a declared business interruption event, an effective and efficient Disaster Recovery Plan (DRP) is highly recommended.

The DRP focuses on the business’s technology platforms, applications and systems. By definition disaster recovery is; “The on-going process of planning, developing, testing & implementing key business technologies to ensure the resumption of vital business functions in the event of a declared disaster“. A DRP is a “living” document designed to guide the technology team through a declared disaster. An effective DRP takes into consideration the following:

1. Company employees are safe and can perform the recovery work effort. 2. Existing data and information is backed up in alignment with business deliverables. 3. Resolving key company data and information back to its original state is successful. 4. The amount of downtime allowed (as defined by business needs) is not exceeded. 5. Scheduled plan testing is performed to validate line items 1 through 4 above. 6. On-going DRP training for new and existing employees is defined and practiced.

Businesses with a DRP in place should either review the plan or have it audited by a third party “non-partisan” entity to ensure line items 1 through 6 above are supported.

Data Backup Falls Short Many companies have some form of data backup system and/or process in place. Unfortunately, business owners and executives assume their IT department’s current unidirectional data backup process is capable of supporting key business functions when a business interruption event occurs. Nothing could be further from the truth. A recent study from The University of Texas found the following when companies face catastrophic data loss:

• “Only 6% of companies experiencing catastrophic data loss survive • 43% never re-open after the disaster • Another 51% close down less than 2 years due to business re/mis-direction“

With one-way backup systems in place, the ability to effectively resolve the information availability problem quickly diminishes. It’s imperative that an effective DRP specify in orderly detail how, where and when to backup data and information. Also, the DRP should identify and functionally support the process for restoring this data and information within the timeframe(s) stipulated by the business. This timeframe is called the Recovery Time Objective (RTO). By definition, RTO is defined as the maximum allowable downtime placed against computing systems that support business functions. Because every business is unique, the metrics defining the RTO is different for every business. Examples would be an e-commerce enterprise that requires virtually zero downtime or a manufacturer that can survive with up to a maximum of 72 hours downtime. In either scenario the RTO is defined by business metrics yet supported through enabling technologies.

The Money Pit Businesses today are faced with ever increasing pressure to increase revenues while simultaneously decreasing their cost of operations. Adding to this pressure, data backup and storage systems with their supporting infrastructure can increase capital expenditures and may require technical expertise currently not supported inside the business. An efficient DRP supports backup, storage and retrieval of data and information by differentiating between vital, critical and less-important data. A recent study by Computer Network Technologies (CNT) states the following:

“Research shows that up to 60% of server data backed up is “non-production” which magnifies cost to operations”

By differentiating between vital, critical and lesser important data, the DRP is poised to increase operational efficiencies and reducing operating costs. Decreasing the amount of electronic or physical data and information being transferred or stored positively impacts the business RTO while reducing IT expense and infrastructure costs. Inside businesses today, many Continuation of Business (CoB) servers already exist and are underutilized. Two questions to ask are:

1. How many servers in your environment are used for non-production services? 2. Is your telecommunications infrastructure/bandwidth underutilized?

A properly developed and effectively tested DRP should directly support the answers to the questions above. Businesses can no longer afford to spend excessive amounts of money on technological systems without qualifying and quantifying a valid return on investment. Proper planning and testing of the company’s disaster recovery capability can directly support the return on investment requirement(s). Businesses desiring to build and implement a DRP should do so with the intention of integrating the DRP into their existing and future strategic operating model. No company should operate without an effective and efficient Disaster Recovery Plan.

Comments? Questions? Email Here

© HowtoAdvice.com

How to Advice .com