A disaster recovery plan (DRP) must be based on a solid business continuity plan that has taken into account the reality of the business requirements for recovery. If it doesn’t meet these requirements, it is of no value.
This is the word from Keith Fenner, vice-president: strategic sales at Softline Accpac, who adds that disaster striking your business should never be viewed as an “if”, but rather a “when”.
Companies today are striving to meet the demand for continuous service. With the growth of e-commerce and other factors driving system availability expectations, the average organisation’s requirement for recovery time from a major system outage now ranges between two and 24 hours.
This demand for 24/7 availability is also being fuelled by the demands a company faces from all sides:
* Customers: expect supplies and services to continue – or resume rapidly – no matter what the crisis.
* Shareholders: expect management control to remain operational through any crisis.
* Employees: expect their jobs to be protected.
* Suppliers: expect their revenue streams to continue.
* Regulatory agencies: expect requirements to be met.
* Insurance companies: expect caution to be exercised.
Fenner explains that a business continuity plan is the result of an analysis of the business and of the core functions, applications and systems that, if impacted by a natural or other disaster (be it short or long term), would cause significant disruption to the normal operation and productivity of the business, affecting its viability.
Disaster recovery is usually understood as a technology term, while business continuity is broader – encompassing IT as well as staff displacement, customer communications and any other function crucial to the continued operation of the business.
“Disaster recovery is purely a hardware and software issue. Business continuity on the other hand adds the human element to this – looking at exactly what it’ll take for the company to remain up and running despite logistical difficulties like the power supply issue, for example. A business continuity plan thus has to put certain methodology in place; it’s not just a software plan about retrieving data,” says Fenner.
DRPs need to have management buy-in. Disasters can always strike, so it is imperative that management takes ownership of an effective DRP. Senior management must understand and support the business impacts and risks associated with a complete system failure. Public companies can even be held liable, to a certain degree, if negligence can be proved. This is a serious matter when data is involved. Management needs to understand the risks with and without implementing a high-availability solution, as well as how to fund the DRP.
Today, this involves finding a world-class partner to manage your business continuity plan, Fenner believes. There are huge issues and consequences to consider, and planning for each and every scenario is crucial. Managing risk is best left to the experts: a company that will handle all continuity issues smoothly; everything from your documentation to devising a plan of action for employees based on every possible scenario.
“Today’s businesses are more dependent on information technology than ever before, making business continuity and disaster recovery a core concern. Disruptions to IT infrastructure and unpredictable events can have catastrophic consequences that threaten the bottom line. A successful business continuity and disaster recovery plan that incorporates mission-critical business requirements and is continually tested and updated can mean the difference between ‘open for business’ or ‘closed for good’,” Fenner adds.