voyager624 - Fotolia

Many don’t test disaster recovery plans properly, survey finds

Nearly 40% of UK organisations do not test disaster recovery plans properly, mainly because of concerns about disruption to production operations

A sizeable minority of UK organisations – 37% – with disaster recovery plans do not test them adequately. The knock-on effect of this is that 55% of those that invoked disaster recovery provision over the past year had problems in failing over to secondary systems.

Those are the findings of a survey of 250 IT decision-makers in UK businesses with more than 500 employees that have disaster recovery plans.

The survey, conducted by Opinion Matters for cloud data protection provider iLand, found that 95% of those questioned had suffered an IT outage in the past 12 months.

Chief causes were system failure (53%), human error (52%), corrupted data (37%), cyber attack (32%), unexplained downtime (30%) and environmental disaster (20%).

The survey did not drill down into the causes of system failure, but iLand solutions architect Sam Woodcock said: “I hear from customers and prospects that a lot of system failures are host failures in virtualised environments, as well as issues with switches and firewalls – a wide range of hardware failures.”

Of those questioned, 87% had executed a failover to secondary systems in the past year, but 55% of these had problems.

The key here seemed to be a lack of disaster recovery testing.

A majority (63%) reported having a trained testing team in place, with the disaster recovery system being tested quarterly or twice-yearly. But 37% reported having only a “lightly trained” team and not testing or testing infrequently.

Read more on disaster recovery

The survey found IT departments were making trade-offs between spending on disaster recovery and potential losses from downtime. Most (68%) spent what was needed to minimise downtime, but within this, 32% accepted that they saved money by accepting some downtime.

Woodcock said many were put off disaster recovery testing by its inconvenience. This was due to testing methods historically requiring systems to power down at the primary location to power up at the secondary site or to disrupt replication schedules. This contrasts with more recently available methods of disaster recovery testing which are non-disruptive.

Most of those questioned have on-premise disaster recovery provision, with 38% using the cloud. ................................................................

Read more on Regulatory compliance and standard requirements