Saturday, January 20, 2007

What is Disaster Recovery?

Business continuity planning

Disaster recovery is the ability to restore the business activity after the total loss of data, caused by natural disasters such as fire or flood. Data may also be lost due to other different factors including power failures, equipment failures, terrorist ttacks, deliberate disruptions and human error. Quick recovering from such disasters is a business priority and this is where a well-documented plan of recovery is neccessary. Research shows that some companies spend even up to 25% of their budget on disaster recovery plans. It is better to spend more money for disaster recovery plans than later incur bigger losses. It is said that 43% of companies that had lost all of the data never reopen, 51% close within two years and only 6% will survive (Cummings, Haag & McCubbrey 2005.)

One should pay attention to the following points when creating the plan of disaster recovery:

1. Notify all key personnel about the disaster and assign them tasks according to the recovery plan.

2. Recall backups - If backup tapes are taken offsite, these need to be recalled. If using remote backup services, a network connection to the remote backup location (or the Internet) will be required.

3. Notify all clients about the disaster - this minimizes panic.

4. Employees should work longer, more stressful hours, and a support system should be in place to alleviate some of the stress.

5. Backups (business information) should be stored in different, separate location from the company. This greatly reduces risk of data loss in case of fire for example.

Creating the plan

The strategy one should take when creating the plan of recovery depends on many factors, for example how many critical applications there are in the comapny, costs the company may spend on disaster recovery, departments that are required for proper functioning of the company, number of locations the company has etc.

These factors cause that there is no one ideal plan of disaster recovery which anticipates all possibilities and is suitable for everyone. One should think globally, as if it were a part of a larger plan of recovery. Then when a disaster strikes such a plan will be more flexible and one will be able to choose a certain option from avaiable modules that will be appropriate in a given situation. In some situations one will need help of the other company.

Another question to answer is who should take part in creation of the disaster recovery plan. Generally it is the IT department that actively commits to the strategy creation. IT proffesionals will prepare the plan with respect to its technical part. However IT department should not be the only one taking part in the prepatation of the project. The whole company should be committed to this activity. It is important to define what exactly the company risks and what the requirements are based on the following points:

1. Time to recover - the time from when a disaster strikes to the time when the business must be running properly

2. Costs of downtime - potential costs caused by the downtime and business continuity recovery

3. Point of recovery - place in time to which lost data are to be recovered, for example the beginning of a day

Data, storage, loss and recovery

Next factor one should take care of is the very data. Disaster recovery planning requires a backup application, backup media and backup records that can be taken off site, a backup schedule, and a plan for testing the recovery procedure periodically. The idea of disaster recovery is to ensure that backups are made on a routine basis and that the backups are taken offsite, so in case of a disaster that wipes out the computer center, the computers can be replaced and the data restored from the offsite backups. Lots of companies employ people just for doing backups, testing them and making sure the data are safe and secure. It is also wise to always have two backup copies in case one copy fails. The other factor to consider is to have redundant power supplies, redundant network connections etc. Redundancy greatly improves recovery process and also minimizes risk of downtime.

Testing the plan

To be well prepared when a disaster strikes you have to test, test and once again test. Only by testing will you be able to quickly recover from the disaster and get back to business. You should test at least once a year different scenarios that may happen to you. You should regularly check your backups, make sure everything is ok. Testing also helps to find out weaknesses in your plan and to correct eventual errors before it is to late.