Disaster Recovery Planning in IT Management
Disaster recovery planning is the mechanism by which are anticipated and addressed. Just what is a “technology related disaster”? Oddly enough, the first challenge in the planning process is to quantify the meaning of the word in the IT management context.
In IT, can be any unexpected problem that results in a slowdown, interruption or failure in a key system or network. These problems can be caused by natural disasters (i.e. fire, earthquake, hurricane…), technology failures, malicious acts, incompatibilities, or simple human error. Whatever the cause, service outages, connectivity failures, data loss, and related technical issues can disrupt business operations, causing lost revenues, increased expenses, customer service problems, and lowered workplace productivity. IT disaster recovery planning strategies must be created to respond to these varied realities and perceptions. To that end, these strategies must address three (3) basic needs:
- Prevention (to avoid and minimize disaster frequency and occurrence).
- Anticipation (to identify likely disasters and related consequences).
- Mitigation (to take steps for managing disasters to minimize negative impact).
Fundamental Planning Goals and Objectives
There is no doubt that can offer many benefits to a business. Once you acknowledge the value of technology to your organization, you must also consider the related consequences if and when that technology becomes temporarily unavailable, or totally inaccessible. Your ability and willingness to address these issues can offer several key operational benefits:
- To minimize the negative impact of any disaster.
- To save time and money in the recovery process in the event of a disaster.
- To provide for an orderly recovery process, reducing “panic” decision making.
- To protect technology assets owned by a business, maximizing ROI.
- To minimize legal or regulatory liabilities.
- To promote systems and IT service quality, reliability and security.
- To promote the value of technology and related IT services within your organization.
- To promote management awareness, and to set realistic expectations about the need for systems management tools and resources.
Disaster Recovery Planning in Practice
In the IT management context, there are many levels to defining “disaster” and multiple options to address each level. To make things easier, the broad view of disaster recovery can be broken down into three (3) primary planning options – prevention, anticipation and mitigation.
Prevention: Avoiding Disaster Events to the Extent Possible
The goal of “preventative” disaster recovery planning is to ensure that all key systems are as secure and reliable as possible, in order to reduce the frequency or likelihood of “technology related disasters”. Since natural disasters usually lie outside our sphere of influence, prevention most often applies to systems problems and human errors, to include physical hardware failures, software bugs, configuration errors and omissions, and acts of malicious intent (virus attacks, security violations, data corruption…). Using the right set of tools and techniques, it is possible to preclude both the occurrence and related damage from any and all of these sorts of “disasters”.
Anticipation: Planning for the Most Likely Events
Anticipation strategies revolve around “assumptions” …. the ability to foresee possible disasters, in order to identify possible consequences and appropriate responses. Without a crystal ball, contingency planning can be a challenging process. It involves knowledge and careful analysis. Knowledge is derived from experience and information …. understanding the systems you have, how they are configured, and what sort of problems or failures are likely to occur. And the related analysis involves a careful balancing of circumstances and consequences.
Mitigation: Get Ready to React and Recover
Mitigation is all about “reaction and recovery” …. the ability to respond when and if a disaster occurs. Accepting that certain disasters are unavoidable, and perhaps inevitable, the goal of any mitigation strategy is to minimize negative impact.
- Maintain current technical documentation to facilitate recovery should a problem occur.
- Conduct regular tests of your disaster recovery plans and strategies.
- Keep loaner equipment available for immediate use.
- Create regular back-ups of applications, data and hardware configurations.
- Maintain an “alternative workplace plan” to allow designated staff to work from home or other locations.
- Identify manual or standalone operating procedures in the event of a prolonged outage.
- Coordinate IT disaster recovery plans with other corresponding emergency, security and employee safety programs/policies.