Disaster Recovery (DR) has received the much needed attention in the US as a result of high profile natural and manmade disasters. Regulations, laws and legislations governing and mandating the protection and long-term retention of data have been implemented widely around the world. Accountability has shifted directly under the control of the Information Officers and in certain cases, individuals within organisations are held liable. Data is afterall, an organisation`s most irreplaceable asset, second only to skilled personnel.
The take-up on DR planning here in South Africa however, has been dismal and the time to start planning can only be described as `yesterday`. Marcel Rebelo, Storage Consultant for LATITUDE Information Technology says, "Many organisations are under the false impression that their system administrators have plans in place that would suffice, and that formal planning is not of paramount importance. Many of these plans reside conceptually in the minds of certain individuals and there is no way of knowing if they are executable. Companies rely on these individuals being available in the event of disasters, which is often not the case. Without formal DR planning the probability of successful ICT recovery is highly unlikely. "
There are many myths within the industry that indicate that DR planning is a complex and convoluted processes known only to a few privileged specialists. This culminates from the branding of DR planning methodologies by consulting practices. But in fact, a DR planning methodology is a straightforward application of common sense that follows a sensible project plan similar to a systems development lifecycle methodology.
Says Rebelo, "DR planning projects generally involve multiple tasks that are refined primarily into five phases. The first phase, as in any project, involves the creation on the need and obtaining the necessary sponsorship and buy-in by senior management and project initiation. This phase is unfortunately often accelerated by personal historic events within an organisation. The following phase involves an analysis in which a business impact analysis and preliminary risk assessment is performed. This phase highlights which ICT systems are required by which business process, and the criticality of each process. As a result, the strategic recovery objectives can be defined.
The subsequent design phase creates not only recovery strategies but also avoidance strategies which could include fire protection and clustering technologies. The design phase can further be segmented into physical recovery and the soft issues that are required to compliment the recovery. In the implementation phase, the selected recovery strategies are used to create recovery procedures, which are then tested. The test results provide feedback back into the planning process. The final phase is the implementation of plan maintenance, processes and procedures."
There is no one best way to write an ICT Disaster Recovery Plan, but the use of proven methodologies, such as the one described above, does provide guidelines and fast track processes. These methodologies are often accompanied by templates and an experienced DR specialist, who will be able to provide professional structured documents and an insight into what should be contained within the plan.
It must be remembered that, like with any implementation, if there is no accountability, commitment or planning, then a project is bound not to deliver the required outcomes.
Share