IT has a crucial role in preparing the business for disaster
recovery
Companies cannot afford to be without key computer systems on which
their businesses depend, yet 59% of firms that suffer a
catastrophic disaster - fire, flood or earthquake - either never
reopen or close within two years. Perhaps more significant is that
companies that lose key computer systems for 10 days never recover
financially, and 50% go out of business within five years.
Most recovery plans fail because they are largely developed in
isolation because business units have a limited understanding of IT
business continuity requirements. IT seems to be unable to convince
business of the critical need for a unified continuity project.
Even more alarming is that most organisations have not even started
work on business continuity and disaster recovery plans. Only 50%
of large companies have a viable business continuity plan and 28%
have only a disaster recovery plan. Of firms that do have a
disaster recovery plan, only half are up-to-date and tested.
Companies need to appoint a business continuity planning "tsar" and
business relationship manager who will formalise the process,
integrating business, IT architecture, infrastructure planning, and
building and IT operations.
However, for most companies, a more realistic approach will be to
rely on IT for "pragmatic" survival in the event of a disaster.
Under this model, more business managers will start to work with IT
to develop business continuity plans.
Although IT should not take responsibility for business continuity,
focusing on the following points will help to ensure that the most
appropriate technology decisions are made:
- IT must be able to explain the options to business managers in
business terms, highlighting the risk, insurance, and costs
- IT must show greater transparency in the cost of service and
validate return on technology investment. It will need to establish
and explain the levels of service and corresponding price points to
business managers
- Over the next four years most large companies will consolidate
their datacentres to either a single site (typically with a 72-hour
recovery window) or for companies such as banks (recovery window of
four to eight hours) two datacentres. IT managers must balance cost
savings, technology usage, and business survival requirements
- IT needs to measure its performance from the user's
perspective
- Make recovery easier by developing standard templates for
recovery instead of starting from scratch each time. This is
particularly important for firms with distributed infrastructure
and applications
- Once an organisation has a disaster recovery/business
continuity plan, it must be tested and reviewed regularly. IT needs
to secure business support for testing since service may be lost or
reduced during testing, and funding must be secured
- IT must continue to maintain responsibility for outsourced
projects and ensure systems comply with the company's disaster
recovery policies. The ability of third parties to provide adequate
availability management and disaster recovery will be key
- Recovery plans must include gaining access to individuals with
a critical role, such as password holders, networking specialists
and administrators. Plans must prioritise reconnection to the
system
- Although IT must rely on business managers to prioritise
recovery procedures for critical business applications, it is
important to develop plans for availability of basic business
equipment, including computers, Lan, phones, e-mail, Web
access
- As new and complex technologies are adopted, it is important
that they are included in all plans since they may have a critical
role to play in the way a company manages its recovery.
Rakesh Kumar is vice-president at Meta Group
Meta Group's report, Business Continuity and Disaster
Recovery Planning is available to Computer Weekly readers at a 25%
discount. Contact gill.smith@metagroup. com, tel: 01252-819494