Logo: TUG TORONTO USERS GROUP for Midrange Systems
TUG
e -server magazine

January 1997: Volume 12, Number 3


 Photo: Richard Dolewski

Ready, Set, Plan...
A Disaster Recovery Planning Primer

By Richard Dolewski

hy is it that most data processing departments do not have a disaster recovery plan? It’s probably for the same reasons you don’t. Some typical excuses I have heard working in the industry include: “Not enough time”, “Downsizing”, “My resumé is off-site”, “It will never happen to me.”, and It’s not in this year’s budget.” Any of these sound familiar? If you have used any one or even all of these excuses and still don’t have a disaster recovery plan, then you are not alone. There is a great amount of creative energy spent formulating excuses instead of creating a plan.

 Photo: Langeliers

The need for disaster recovery planning is being recognized by more and more of today’s businesses. Disasters do occur. Every organization is at risk to some degree. Your building could be damaged by a fire, flood, or explosion. Even a prolonged power outage, sabotaged computer system or destroyed equipment can shut your organization down. If any of these events happen, your organization may be unable able to continue operating. Most businesses depend heavily on computers and automated systems. If the interruption is for a prolonged period of time, the ability of your business to survive may be threatened. The survival of a business is in question when that business does not have a current, documented and implemented recovery strategy. Insurance can help fund the recovery but it cannot service or replace your valued customers.

An American university study concluded that 83% of businesses that lost their data centre for 10 days or more filed for bankruptcy within 1 year. Of those businesses, 50% filed for bankruptcy immediately. These businesses learned a valuable lesson. Why take a risk with your computer centre.

Disaster recovery planning can be defined as planning to ensure continued availability of essential services. Disaster recovery planning prepares an organization to respond to an interruption of essential business functions and provides the guidelines to fully recover these services. A proper disaster recovery plan ensures the availability of necessary resources including personnel, information, equipment, financial arrangements, services and accommodations. A disaster recovery plan is no good unless it is realistic, current, tested and is well known by those who must implement it. Disaster recovery planning is an integral part of any effective business strategy. When a disaster strikes, the last thing you need to do is waste valuable time fumbling through an inadequate recovery plan, if one exists, or learning new system procedures.

A good disaster recovery plan ensures business survival during a prolonged interruption of computing services. A proper disaster recovery plan is like a good insurance policy, it will be effective if all of the risks are carefully and realistically assessed. Do not write a plan to satisfy an auditor’s request to only have it sit on the top shelf of the office store room.

Effective documentation and procedures are extremely important in a disaster recovery plan. Most plans are difficult to use and become outdated quickly. Poorly written procedures can be extremely frustrating, thus making the plan ineffective. A worst case scenario should be the basis for developing the plan. The worst case scenario can be the destruction of the main office housing the computer room.

 Photo: Lightning Strikes Oil

Developing a plan requires the planner to think logically. The following are basic steps used in planning for contingency of a computer or building disaster:

  1. Obtain top management approval
    Top level management must support and be involved in the development of the disaster recovery planning cycle. Adequate time, budget and resources must be committed to the development of the plan.

  2. Impact Analysis
    This step will define the maximum allowable downtime of the computer systems before the downtime begins to have significant impact on the company’s ability to function. Financial losses attributed to the loss of service should be calculated.

  3. Perform a risk assessment
    Each functional area of the business should be analyzed to determine potential impact associated with several disaster scenarios. It is important to assess the impact from loss of information and services.

  4. Determine processing requirements
    The critical needs of each functional area within the organization should be evaluated. The maximum amount of time that a department and the entire organization can operate without access to the computer systems must be determined.

  5. Recovery Strategies
    All alternatives to provide alternate processing capabilities should be assessed. The above requirements will help in determining the viability of a hot-site, cold-site or equipment-on-demand solutions. Financial factors will also contribute to the decision making process.

  6. Off-site storage
    One of the most critical components for the capability of a recovery is off-site storage of your system and vital records. You cannot recover what you don’t have. Definition of vital records should be done jointly with the off-site storage vendor.

  7. Contingency planning & recovery teams
    The best approach to disaster recovery is the team approach. A team member does not have to de from MIS and a team member should always have an alternate. The key to a successful recovery is making sure that a person’s time is used effectively.

  8. Testing
    The ONLY way to determine if a plan will truly work is to test it. A failure during a test is a learning experience. A failure during the real thing is a second disaster.

  9. Maintenance
    The procedures should include methods for maintaining and updating the plan to reflect any significant internal, external or system changes.

Conclusion:

The steps illustrated are an important step forward to a successful implementation of a recovery plan. Disaster recovery planning involves more than off-site storage or alternate processing. The plan should be thoroughly developed, including all detailed procedures to be used before, during and after a disaster. The procedures should allow for a regular review of the disaster recovery plan by key personnel within the organization. Top management should review and approve the disaster recovery plan. Disaster recovery planning dollars are best allocated toward testing a plan, automating plan maintenance and applying an experienced consultant’s perspective to focus your personnel on quality disaster planning. T < G