DRP
Disaster Recovery Procedure.
Overview:
Disaster Recovery Procedures or Business Continuity Procedures embrace a concept that the business can not survive the loss of some, or all of IT services being provided and hence some protection must be put in place. Historically these have been expensive and limited in the early days to financial institutions, and large corporate organizations. Invariably these were what is called "hot sites" i.e. in the event of a major failure switch over to another complete system, in another location was seamless, to "warm sites" where the infrastructure is in place. along with the application, but the data is not up to the moment. In most of these cases providing this protection came with no real benefit, unless you needed it. Much the same as insurance, who needs it until you want to make a claim.
So how would you like to have your insurance plus some benefit even when you don't have a claim ?
Who needs it:
Once again going back not so many years, most organizations moved from a semi automated, or possibly paper system, to a more automated IT structured environment. At the very least they could carry on with the day to day business in the event of a major problem, say flood, fire, power outages etc. But today even small business are dependent to a large extent on the computing systems, and the associated infrastructure. The paper or manual procedures have been long since lost and those that knew how it worked have long since left. Ever lost your mobile phone and forgotten you clients phone number ? That wouldn't have happened a couple of years ago, you would have had it memorized.
So now consider for a moment ( make sure you have a coffee before doing this) that you have just had a fire and all or most of your computer equipment has been destroyed, right at this moment in time. Sure you probably have backups, if not you have a more urgent need. But backups wont do it.
The question you need to ask is how long can I sustain my business without the computer(s). Can you still produce an invoice to get revenue, can you still pay your employees, and can you do this for the length of time it would take you to replace the hardware, reinstall any software missing from backups and restore all your backups. If the answer is YES you can sustain this, then you don't need a DRP. Be reasonable in you expectations of suppliers, and don't expect to get any cash flow assistance from Insurance's to fund the purchase of hardware, you will be out of business before you get your insurance if you wait for these funds.
In most cases, if your turn over is more than $600K and you don't have a DRP plan, you either don't have any computers or you've made a mistake, which I would be pleased to help you find, for free ! So long as once we find it, I can help fix it.
What do you need:
To some extent this is dependent on the size of your organization. Companies under approximately $1M turnover can probably expect to be able to replace there hardware fairly quickly if it is Intel based, and does not require any substantial infrastructure as part of its operation, and therefore the need for a DRP plan is possibly not as important as those with a turnover in excess of $1M. At a minimum you should consider what is required for you to continue to generate income, invoice's and pay staff for between 1 and 4 weeks. Most of your accountants payable will wait impatiently.
For larger organizations, the impact is more significant, and in all probably you can not simply replace your equipment with off the shelf components. This may be due to cash flow or availability, with many manufactures now not carrying stock of the the larger mini computer systems, and certainly not in mainframes. You should look at your business units and evaluate how long each can continue without computing resources and the respective impacts due to the lack of those services. Typically depending on the damage you should expect to be without full service for a minimum of 3 weeks and probably longer. It is not practical or cost effective unless you have mission critical applications and the potential for a significant loss of business to replicate the complete environment. Therefore you should tailor your requirements to provide a minimum operating level, which will still allow your organization to operate, at a degraded service level.
How we can help:
The issue's surrounding DRP can be convoluted and complex, if your trying to optimise your expenditure, and look at alternatives or reduced business practice's while in DRP. We can help in all fields from the initial scoping through to the final testing. ( note the last step, which is often forgotten).
With your help we would gather all the information required, from financial controllers, through business unit managers, IT managers, accounts payable, incumbent support organizations, and any external services. Prepare a high level report showing the broad spectrum of our recommended approach and time frames. This would then be modified until approved by you.
After approval an indicative quote for any capital would be prepared, and budget approval would be sought.
A detailed Disaster Recover Procedure would then be developed in conjunction with the individual business unit managers, with a step by step procedure including , responsibilities, timing, procedure revision guide lines, and testing strategy. Once again formal approval would be sought, and once obtained, hardware ordered, and the plan tested.
The above approach is scaled according to the size of the organization, in some cases steps maybe added or subtracted as required.
22/03/2002 06:09 PM