In the race to incorporate Technology into every aspect of a Business, the critical issues of Disaster Recovery and Business continuity (usually abbreviated to DRBC) can get overlooked or at least pushed far down the ‘to do’ list.
Just like an insurance policy, the value of DRBC protocols tend to be most often realized in hindsight. So how can you avoid being that business which failed to effectively prepare for a catastrophic IT meltdown?
Business Impact Analysis and Risk Assessment
Two processes every tech-heavy company should initiate as standard are a business impact analysis (BIA) and a risk assessment. Although these two tools support one another and should be carried out around the same time they are very different in their focus. A BIA deals with gathering the information necessary to put a realistic figure (in dollars and cents) on the implications of various IT failures whereas the risk assessment looks at the probability of such failures occurring. Whereas the BIA aims to be more or less fixed and certain and is focused on costs and timeframes, the risk assessment is less tangible in nature. The more risk averse companies will probably capitalize their DRBC fund properly, based on the worst case scenario thrown up in the BIA. Risk-takers may opt for a more basic DRBC provision, particularly if the risk assessment suggests a low likelihood of service disruption.
DRBC as an Extension of Change Management
Although disasters usually come out of the blue, they are nevertheless examples of change – and that is something that IT people live and breathe. Thinking of DR and BCP as an extension of change management can help to structure the preparedness planning process, with the result of the BIA and risk assessment acting as the agent of change and the senior management forming the evaluation committee.
To get the process off the ground, particularly in larger companies, it is important that the BIA and risk assessments are trusted by the decision-makers. In 2015, the ISO rolled out the first ever quality benchmark for BIAs, the ISO 22317, designed as a flexible tool for helping organizations to implement a powerful Business Impact Analysis. There are also many quality standards which apply to risk assessments (e.g. the ISO 31000 family) and conforming to these can help with securing company buy-in to an effective DRBC provision.
Once the green light has been given, a project manager and change implementation team can be tasked with creating the DR and BCP.
Thorough disaster recovery preparation enables businesses to take into account every element of their IT network and not just the obvious ones. For example, how is their back-up system handling open files? Are these currently being skipped, leading to incomplete back-ups or are real time shadow copies being taken? Are emails capable of being restored? Are all servers being backed up (file servers, domain servers, communication servers, database servers, etc.)? What about backing up from VMs? Will this require a shut-down or are their tools in place to copy VHDs, snapshots and configurations while in operation. These are just some of the issues that your DRBC implementation team need to be able to address because just one overlooked component could hijack your business continuity and cost you time and money.
The key is to have a structured approach which identifies clear protocols that will be followed in the event of a disaster. It helps to break the IT function down into systems, with all technical specifications (server models, location, IPs, DNS records, serial numbers, etc.) and key contacts documented. This will all save valuable time in a crisis.
Physical vs. Cloud Backup
One major decision the DRBC team will have to make is whether the company is going to favor the physical backup of data or use the cloud. Physical backups offer the advantage of speedy resumption of service (once the business has reached its new premises) and close control of data but, depending on the nature of the emergency (e.g. a hurricane or wildfire scenario), hard storage media may be vulnerable to damage during transit. Cloud backup will take longer to get a business back in action but will take sensitive data right out of harm’s way, storing backups in another state or even a different country. Rather than put all their eggs in one basket, many businesses use both physical and cloud backup. For example, DCG Technical Solutions, who offer Disaster Recovery as part of their small business IT services (Los Angeles), combine both onsite and out-of-state backup via their Dependable SafeSTORE™ system.
Overall there are several benefits in preparing for disaster ahead of time. It gives businesses the breathing space to make sensible, unrushed decisions; the time to train key personnel and the opportunity to carry out contingency testing.
Brent Whitfield is the CEO of DCG Technical Solutions Inc. DCG provides the specialist advice and IT support Los Angeles businesses need to remain competitive and productive, despite their often limited IT infrastructure expenditure. DCG Technical Solutions offer Dependable SafeSTORE™ as a powerful DRBC tool for small businesses. Twitter @DCGCloud