Understanding Disaster Recovery Planning
Disaster Recovery consists of the process, procedures and policies involved in the preparation and planning of recovery or continuation of any technology infrastructure that is crucial to an organization. The disaster may be natural or man made. Prevention of natural disasters may not be possible but it is possible to take precautions to avert loss on a large scale.
Man made disasters are due to human errors and may be intentional or not, but still leads to major losses. An interruption on the IT infrastructure preventing normal access to data lead to interruptions in the business process and affects customer relations. Hence Disaster recovery policies and procedures must be in place in an organization, for a team to respond effectively to varied problems and negative occurrences and recover in an orderly manner.
Disaster Recovery is a part or subset of a larger process known as BCP (Business Continuity Planning). BCP is on a larger scale and includes planning for non Information technology aspects also such as human resources, facilities etc. It is concerned with the working of a whole enterprise and not just a key set of IT systems or infrastructure components.
Both BCP and Risk management are coupled together. Risk management is a technique for measuring, controlling and selecting cost effective approaches to decrease threat to an organization. Whereas risk management tends to be preventive, BCP was invented to handle the consequences of realized risks. Risk management covers vital areas for the BCP process. Three primary aspects that must be handled in Disaster Recovery are Prevention, Anticipation and Mitigation of disasters.
The first step towards this is to determine the potential impacts of the likely disasters that can occur and to consider and understand the level of the risks. This process is termed as Business Impact Analysis and Risk Analysis. This helps to pride a firm foundation for establishing recovery priorities and to make decisions on timeframes regarding recovery. The critical assets required for the smooth functioning of business is identified.
for recovery is usually expressed as RTO (Recovery Time Objective) or
SDO (Service Delivery Objective). It refers to the time period between
system failure and recovery. The data that a company can afford to lose
is expressed as RPO (Recovery Point Objective). The RPO is inversely proportional
to cost of maintaining the environment for the purpose of recovery.
These factors can differ between systems and interdependencies between them must be considered before determination of them.
Service Level Agreements (SLA’s) are essential to Business Continuity. They help to define the levels of availability and to determine the action plan in the case of serious disruptions. It will also handle issues such as problem management, compensation, legal compliance and remedies.
DR plans should encompass recovery of data, systems and important links. The worst case scenarios should be highlighted. The appropriate Back up, Preventive and Recovery strategies should then be determined. The complexity and capability of the back up procedures should commensurate with the criticality of the business system. The management should study and prepare for the best approach for back up and recover of each area such as Alternative Business process, IT systems, Customer Service, administrations and operations etc.
It is recommended to have a Disaster Recovery Planning Coordinator who helps to design, develop, integrate and test all the Disaster Recovery Plans and who can interact with technical experts and customers. The coordinator should be able to classify the disaster level and estimate recovery duration.
According to John Kauffman, training director for The Hartford Financial Services Group's loss control services, a DRP coordinator should be "responsible for all aspects of the recovery phase-from planning and executing activities to evaluating injuries and damage to managing priorities and maintaining communications. This person must have the capability and authority to assume command, to assess the recovery, to determine the recovery strategies and to approve and activate resources”.
The primary objective in DR planning is to guide the organization in the event of a disaster and to effectively reset critical business operations within the shortest time span and with minimal loss. Whether the DR is a stand alone project or being done as a part of Business continuity planning, the management must be fully involved, committed and provide high visibility and support on an ongoing basis.
The top level management should take steps to ensure that a comprehensive disaster recovery plan is in place, a formal risk assessment is done to contribute to requirements of the plan, the DR plan is periodically tested in a simulated environment and a supporting team is aware of their role and the process of implementation, the plan covers all critical activities and is always maintained up to date.
The management must also ensure that regular review and audit of the contingency plan takes place. With proper planning and control it is possible to restore critical systems within a minimal amount of time and restore operations smoothly after a disruptive event. The Continuity of Business (COB) can thus be ensured to highest possible level.
| An Insight into Scope Statement in Project Management | Creating Effective IT Service Level Agreements | Disaster Recovery Planning – General Concepts | Introduction to Agile Project Management | Overview on the Six Sigma Practices | The Project Office as an Aide to Project Management | Trends and Thoughts on Project Portfolio Management |