The objective behind disaster recovery is to provide a means of restoring normal operations as quickly as possible if a disaster strikes. It attempts to minimize the impact by being prepared. A frighteningly high proportion of businesses that suffer a full-on disaster, such as total network loss or massive data corruption, go out of business permanently, and a percentage of these fail to recover from the disaster at all. As an example, imagine a business selling computers and components on the Internet, a competitive business with several rivals. If the Web site becomes unavailable, then a potential customer is highly likely, with one swift click of the mouse, to move to a competitor's site. The sale is lost, and the chances of further business from the same customer are significantly reduced. The most damaging factors for companies that suffer a disaster are negative cash flow, because even if they are insured for loss of business, they may not be able to afford to continue functioning until the insurance pays out. In the meantime, consumer confidence and stock prices could plummet, and customers could go elsewhere. A good disaster recovery plan could have the business up and running very quickly, even if it is in a degraded state, and capable of continuing its trading. Types of DisastersDisasters come in varied shapes and forms, not always how many would envisage them. Some of these are identified here, listed in no particular order of importance:
The Disaster Recovery PlanIn an ideal world, a disaster recovery plan would automatically be built in to any new computer system or network that was being implemented. This section deals with reality though, and the fact that, for the majority, this is not considered at the time of implementation. A new system is more likely to be included in an existing plan (if there is one) at the next review, which could be too late if something happens in the intervening period. The system manager is someone who is heavily involved in strategy and is responsible for the provision of IT services to the business. It is highly likely that he might be the instigator of a disaster recovery plan for the IT systems, if one does not exist, because he has a good understanding of how a serious failure could affect the company as a whole, not just a particular section or department. What Is It?A disaster recovery plan is a survival strategy. It is a plan designed to return a company to normal operating capacity as quickly as possible following an interruption to services ”the disaster. The disaster recovery plan identifies key elements of the company and critical tasks that must be completed. It also identifies areas of high risk that need to be addressed to reduce risk. The disaster recovery plan contains extensive contact information, something that could be very difficult to find in an emergency, and is kept in a central, accessible location. In fact, the plan is normally held at several key locations. Members of staff or external resources are assigned to various tasks. Their responsibility will be to instigate and implement the recovery of the company; because this has been planned and thought about in advance, it is less likely that bad decisions will be taken by someone in a state of panic. A disaster recovery plan is a plan for recovery; it is a document, or a series or documents, that collectively comprise the survival strategy. However, it is not enough to merely have the plan safely in a cupboard. The task of building the plan is as important as the plan itself. It is the "doing" activity that provides familiarization, which in turn raises confidence levels. The process of creating the plan could also highlight areas of particular vulnerability in existing procedures that themselves could lead to an interruption to service. In this way, potential disasters of the future can be prevented. Global Recovery Standards The disaster recovery plan for the IT systems would probably be integrated into a corporate-wide disaster recovery strategy, although it might be addressed separately. It is worth checking to see if any standards exist before proceeding. Benefits of a Disaster Recovery PlanThe existence of a disaster recovery plan brings several benefits, some of which could save a business from collapse. These benefits are described in the following list:
As with the year 2000 problem described in Chapter 4, "Testing," an exercise of this magnitude produces other side effects as the project progresses. One of these is that the company assesses exactly what is critical to the survival of the business and what is less critical, so priorities can be set accordingly . The information might be used by managers to justify other future projects. Many companies find the exercise useful as an information-gathering process; the employees learn more about the function of the business, how it all fits together, and the impact of a certain function being unavailable. All this has an indirect effect on the general running of the business. Finally, the action of creating a disaster recovery plan highlights, in some cases, precisely how vulnerable to disaster the business is, prompting positive decisions to be taken to improve the situation. The vulnerabilities might not all be directly related to disasters ”for example, an analysis might reveal a security weakness in the Solaris operating environment currently installed. Upgrading to the next release might fix the problem, and other extra security measures that had not even been considered could be implemented. This might have been completely overlooked if the impact analysis had not been carried out. |
Top |