IT Disaster Recovery Plans may be dead
by Marco Tapia
November 5, 2009
PicNet Users Group - 22nd October 2009 Topic: Disaster Recovery
The PicNet Users Group meets quarterly, bringing together CIOs and senior IT managers of large Australian companies to informally discuss important industry related items.
Meeting Outcome “The evolution of disaster recovery” … “Most DR plans are a disaster
Traditional disaster recovery operations have moved on from the focus on what is inside the data centre and the requirement for a mirrored facility in a separate location. Recovery has evolved into a corporate-wide undertaking that is an essential element of Business Continuity Planning (BCP).
Whether operations are disrupted by natural disaster and disease, cyber crime, terrorist attacks or third party actions like local building and maintenance works, the impact to business operations can be costly (or catastrophic) for service delivery, revenue generation and brand value.
Businesses have to be responsive and able to adapt to change. As a key enabler of business operations IT infrastructure must be designed to help ensure operational continuity in the event of an unexpected disruption, and to secure data integrity. It also must help comply with government regulations and integrate risk strategies to reduce costs, and it must be able to scale as required.
For today’s CIOs planning for disaster recovery is not enough. Effective BCP requires other considerations, including:
C-level backing Disaster recovery and business continuity planning have traditionally been underfunded in some companies, or even ignored, by top-level executives. That perception is slowly changing following disastrous events like 9/11 in the USA, the 7/7 bombings in London and the recent pandemic threats of SARS and avian flu, but it still normally requires executive exposure to an operational disruption to get the required momentum for a business continuity program to be implemented.
Company Culture The culture of an organisation, particularly the engagement from the top executives, will play a strong role in the effectiveness of any business continuity plan. Is business continuity built into the fabric of the company and is there redundancy? When it really comes to the crunch do employees have the wherewithal to execute a business continuity plan or is that knowledge and expertise housed within one member of staff (who, chances are, will be on annual leave when a BCP invocation is required)? Who, ultimately, is responsible for BCP and has the authorsity to ‘flick the switch’?
Designed Resilience Building resilience into the enterprise is a trend that has been growing in momentum over recent years. Resilience has been defined as: “An enterprise-wide state of readiness including people, processes, information, facilities and third-parties as well as technology to cope effectively with potentially disruptive events.” Or “An enterprise’s capability to respond rapidly to unforseen change, even chaotic disruption. It is the ability to bounce back (and even forward) with speed, grace, determination and precision.” Essentially resilience aims to make businesses (not just IT departments) ‘always-ready’ to manage change. The question arises as to how easily, quickly or effectively this can be implemented throughout an organisation? Change management is typically a difficult and costly for issue the majority of organisations – is BCP a big enough concern for it to be built into the fabric of a company?
In summary, the PicNet Users Group:
- Declared DR in isolation to be dead
- Agreed that BCP must be entrenched in the company culture.
- Agreed that IT infrastructure and systems must be designed for resilience and continuous operations.
- Concluded that Recovery Time Objectives (RTO) longer than “always available” and “data lost” are no longer accepted by corporations.
- Believes that solutions need to be focused on revenue and the cost impact to each organisation.
Marco Tapia PicNet - Information Technology Services IT Management and Support Services Software Development Services Project Management and Consulting Services Risk Shield - IT Risk Management and Security Services