A little preparation goes a long way: six keys to recovering from a disruption to your businessIt only takes seconds to lose intellectual capital, reputation, or other valuable assets. Applying these six key disaster recovery principles can help you make sure that your company is as prepared as possible to deal with disaster. Disasters can take many forms: a computer virus, sabotage from a disgruntled current or former employee, criminal acts or terrorism, environmental disasters, accidents, and more. Unfortunately, it only takes seconds to lose intellectual capital, reputation, and other valuable assets. Protecting your IT investment and mitigating the risk associated with an emergency event or disaster is critical to your organization’s performance—perhaps even to its long-term survival. Indeed, amid many high-profile news stories, many organizations are taking steps today preserve critical data and systems, aided by some of the multitude of good technologies available on the market that facilitate data replication and transfer. But when disaster strikes, having the right technology in place is just one element of the equation. Good technology is of little use when people don’t know what actions they should be taking. The key to preserving operations is making sure your people and processes are similarly equipped to handle any kind of disruption. Applying these six principles can help you make sure that your business is as prepared as possible to deal with disaster. Make disaster recovery a joint IT/business priority.To apply a simple analogy, when it comes to system continuity, IT may be driving the car, but it is your business strategy that is dictating the route. An effective disaster recovery plan, therefore, must be the product of collaboration between IT and business leaders. Business leaders must set the direction for disaster recovery and business continuity strategies—defining, for example, the point at which certain systems be back up and running following a failure, or how much data (if any) can be lost without compromising the business. Only then are IT leaders in a position to recommend the best disaster recovery solutions. It is vital, therefore, to include business leaders early in the process of developing a business continuity strategy, to ensure that the plan truly supports the needs of the business. Focus on business continuity rather than just disaster recovery.You may have processes in place to back up accounting data to an off-site system. But, will your accounting personnel be able to access that data quickly in the event of a disruption? And, will they know what procedures they should follow if key personnel are unavailable? Many organizations’ plans emphasize disaster recovery—that is, reviving systems and data through tactics such as redundant storage or processing capabilities. But fewer plan for business continuity—for example, considering factors such as potential physical events that could render buildings or critical functions inoperable. Effective business continuity planning assumes a broader scope—looking at key processes in each major department and identifying those for which continuity is of utmost importance. Then, it analyzes various potential disaster scenarios that could affect those processes—providing the basis for planning who will run those systems in the event of an incident, and how each team or individual will do so. Implement the right technology for your business needs.There are many out-of-the box technology solutions today that offer capabilities for clustering servers, replicating data and providing other IT services that support business continuity in the event of disaster. The key is selecting the right solution(s) for your business needs. Thoroughly defined business requirements and analysis of potential disaster scenarios will provide the best guidance for designing your technology solution. For example, your business’s tolerance for losing data may dictate your choice of synchronous or asynchronous replication products. Have a plan.More than anything, careful planning will enable you to respond efficiently in the event of an incident. A comprehensive disaster recovery plan outlines the goals, resources, tasks, data, and actions to be taken in the event of an unplanned disruption of your IT infrastructure or key systems. It is a key component of a comprehensive disaster recovery plan that addresses: - Steps that must be taken in the event of a disruption
- Roles, responsibilities, and decision making authority of key individuals, including any external organizations
- Internal and external facilities will be mobilized when deploying the plan
One key to disaster recovery, both before and during an incident, is effective communication. Your plan should address communication responsibilities and channels to be used, making sure that individuals know where to turn for information—for example, to a special disaster recovery web site—should you need to put the plan in place. Test the plan regularly.How can you be sure that your business continuity and disaster recovery plans will work—and preserve the key business processes it is in place to sustain? If you don’t test the plan, you can’t be sure. It is important to test your plan regularly—annually, or on a schedule that suits your business needs. In some situations—for example, if there have been changes in key staff—it may be necessary to test more frequently. Practicing helps make sure that all key participants know exactly what they are supposed to do, when. And, it enables you to understand and iron out any idiosyncrasies, such as the need to get a particular system up and running before trying re-starting another. And, even though the goal may be to recover or ensure continuity of key IT systems, it is important that the test is not run solely by IT people. Key process representatives and users must also participate, to ensure they can perform required functions using back-up equipment and/or facilities. Testing doesn’t need to interfere with business. For organizations with little or no tolerance for system down time, such as trading firms or e-commerce companies, testing is imperative, and these organizations typically conduct such tests on non-business days or during low volume hours. To simulate a disaster response under stress, some organizations conduct the test with little notice—calling in the morning and asking people to report to the test site within the day. Document the entire process.In an actual disaster situation, you are likely to fail over multiple systems and utilize some off-site facilities, such as a disaster center to maintain critical activities. Moreover, some systems will fail over automatically; others will require manual intervention. With this level of complexity, it is important to have current and thorough documentation that details all key steps and the order in which they must take place. Having this information can ease management of a situation, whether it is a test or the real thing. Finally, make sure to update your documentation as your people, processes or technologies change. No one likes to think about the possibility of disaster, but disasters can, and do, happen. Some make the news, but many do not—because a “disaster” is just as likely to be something like a leaky sprinkler head above a server rack. In business, as in other aspects of life, a little preparation can go a long way. West Monroe Partners works with companies to align business continuity strategies with business needs and to develop processes and systems to preserve vital functions. For more information, please contact Mark Nelson,
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
. In this issue: |
