When we talk about an IT disaster recovery plan, it is obvious that the responsibility for implementing one lies with IT managers. However, senior management must understand the implications of the absence of such a plan to be able to make the right decisions.
Despite frequent discussions between senior management and IT managers, it often still happens that the stakes and repercussions for the company are not fully understood.
We talk every week with clients who face crisis situations because of this misunderstanding. A recent example we saw was that of a company that had underinvested in its IT infrastructure for several years as senior management believed that all the best practices were in place to both maintain the availability of its environment and ensure recovery in case of disaster. When in reality, the infrastructure presented major risks that were identified by doing due diligence.
Type of recovery plan NOT to have
Here is a recovery plan common in many SMBs in the case of a major failure (eg. building fire).
• Contact the equipment suppliers to replace the server (s), storage components, networking or even telecom equipment that was damaged
• Wait for delivery of equipment
• Configure and install the equipment and software
• Restore data from the most recent tape (if they had been sent outside the building)
If all goes well, there may be a delay of ten days, sometimes more, before returning to normal. Of course, such a delay to resume operations is totally unacceptable for almost all businesses, but awareness of recovery time is often lacking at the executive level.
How to do due diligence for your IT recovery plan
Elements to be included in the due diligence
It is important to be vigilant about the following aspects when you start your research and actions to put in place or consolidate your disaster recovery plan:
• back-up systems
• recovery plan (DR)
• recovery times
• possible data loss
Bring critical information to management
Management needs a clear picture to determine the risks that the business runs and for that they need an evaluation using a reliable method. We would estimate recovery time and data loss based on the infrastructure systems in place. An impact analysis would be performed within the framework of a minor failure and a major failure to truly understand where the risks lie.
It is on the basis of this analysis that it is possible to suggest several options, according to the following criteria:
• Risk tolerance for data loss
• Tolerance to the length of time before service resumption
The more a company leans towards near zero data loss and near zero recovery time, the higher the solution cost will be.
Management needs to be aware of all these criteria to make informed decisions that will promote the quick return to business as usual. They need to assess the financial losses versus the cost a good recovery plan entails. It was only 5 years ago that the cost of recovery solutions could be hefty, which did not allow medium-sized enterprises to equip themselves. Today, for only tens of thousands of dollars, companies can implement a DR (disaster recovery) solution that allows them to be 100% functional again in thirty minutes with minimal data loss.
It is important for the leaders of IT departments to do a risk analysis, to present the benefits of a recovery plan, and to propose solutions and costs to senior management. Thus, your due diligence will have been done and if the company does not take action to implement a recovery plan, it will at least have been warned of the potential dangers in the event of a disaster.
Present has developed an expertise to support IT leaders in this crucial step and help companies hedge their risks in terms of business continuity.
Download the guide "5 steps to a more functional and efficientIT infrastructure".
© thinglass - Fotolia.com