A new survey by Symantec suggests that more than nine out of ten UK organisations carry out full evaluations of their disaster recovery plans but almost half of the tests fail. Should we be surprised by these figures? Absolutely not. In fact the figures are quite encouraging. We must be making progress. Because I’ve encountered an awful lot of critical business processes without proper continuity plans. And where they do exist, they’re often incomplete, out of date and generally fail when tested.
Business continuity planning is a thankless, time-consuming and messy activity. It’s not an exact science. More of a painfully slow journey in progressively improving the disaster response process, with frequent setbacks when any restructuring or reengineering takes place. You can’t outsource the work to consultants because business managers have to manage the process, so they need to be fully engaged in all aspects of the work. That’s assuming of course that they can be persuaded to set aside the time and budget to stay on top of developments.
And it’s not uncommon to discover that there simply is no viable fallback option, either because of limitations in infrastructure design or the sheer expense of a replacement facility. Of course it’s relatively easy to replace modern IT infrastructure, and that was probably the context of this survey. The hard bit is buildings, plants and people.