After the recent natural disasters which swept the country, the spotlight has been put back on Disaster Recovery and Business Continuity Planning. With organisations taking a closer look at business continuity, what does a solid, successful plan look like?
First, we must clarify the difference between “business continuity” and “disaster recovery” as the terms are often used interchangeably. There are distinct differences between the two. Business continuity focuses on keeping everyday operations running with minimal interruptions, while disaster recovery focuses on measures to restore operations after an interruption occurs. A well executed business continuity plan incorporates and defines the business requirements for the disaster recovery plan. Both must be carefully planned and consistently practiced within an organisation. An organisation must establish priorities and operational parameters; then it can establish goals for business continuity and examine the approaches to best meet its objectives.
A key prerequisite for disaster recovery planning is establishing priorities and operational parameters. As part of this process, an organisation needs to ask itself the following four key questions:
- What data is most important to business operations? Not all data is created equal. Decide which data is most important to survival. For example, a bank’s ATM and debit transactional data is considerably more crucial to maintain than HR information, as the data is the lifeblood of its business. Within an enterprise, data is often kept in structured (stored in databases) and unstructured formats (stored as text, sound, image and video files). Structured data is grouped with (and related to) other data. Its validity depends on these groupings and structures. Disaster recovery of structured data has to consider the overall integrity of data.
- How much downtime is acceptable without affecting the business? Determine the expected availability and mean time to failure (MTTF). Every system faces failure. The MTTF, or the average time before failure of a system or device occurs, is a useful measure of uptime and an essential metric for calculating expected availability of a system. Likewise, mean time to recovery (MTTR) is the average time taken to resolve most hardware or software problems for a given device. IT departments should always strive to improve MTTF. However, for purposes of disaster recovery, reduction in MTTR is more important than MTTF and expected availability.
- How much data can be potentially lost in the event of a failure? Be realistic and consider all the possible ways data can be lost and how each event could affect your business. Loss of equipment or technology failure, inaccessibility to the facility and loss of region, or widespread outage should all be assigned a realistic view of the potential duration of downtime and amount of data that can be lost so that an appropriate contingency plan can be developed.
- How long will it take to recover? There are several high availability and disaster recovery technologies, including tape backups, hard disk backups, electronic vaulting, and replication technologies (data written on two separate systems to their respective storage devices concurrently). Replication technologies are typically inadequate for recovery since many of the traditional solutions fail to meet stringent recovery time and recovery point objectives (RPOs). The solution must provide for elaborate recovery or must be much faster – preferably sub-second – and significantly improve RPO or reduce data loss.
Best Practices for Disaster Recovery In addition to selecting an appropriate high availability and disaster recovery solution, consider some of the following best practices for creating an effective disaster recovery plan:
- Standardise on backup products · Focus on recovery
- Build a dedicated data management organisation
- Define service level agreements for data recovery
- Develop backup process deployment standards
- Document procedures for backup operations
- Centralise backup process monitoring and administration
- Document procedures for recovery operations
- Integrate with change control and application development cycles
- Test recovery
Today’s businesses are more dependent on information technology than ever before, making business continuity and disaster recovery a core concern. Disruptions to IT infrastructure and unpredictable events can have catastrophic consequences that threaten the bottom line.
We have insurance for everything from houses to pets, so why shouldn’t businesses invest in a plan that protects data so crucial to the survival of the business? A successful business continuity and disaster recovery plan that incorporates mission critical business requirements and is continually tested and updated can mean the difference between life and death for an organisation. Now isn’t that an insurance policy worth having?