Cyber-attacks, terror alerts, freak weather, rail strikes and technology failures can prevent you from reaching your offices, kill your communications and cause chaos to your IT systems, threatening your vital data.
Managing risk and reducing the impact on staff and customers is crucial. Moving to the cloud does not absolve organisations of their responsibilities.
While the world is becoming a safer place thanks to the progress of technology and engineering, localised and small scale ‘disasters’ are rising. The harm to the growing number of businesses that operate globally 24/7 makes the news most weeks.
In the old world of IT, disaster recovery was about building a complex ‘live’ infrastructure and set of systems and building it again somewhere else ‘just in case’. Switching from one to the other was complex, time-consuming, and usually resulted in system downtime and even data loss. It was the only way to mitigate the risks, but it was also an expensive and wasteful use of technology and human resources.
In the new world of IT, cloud-based systems and services are readily available, resilient by default, and can be accessed by users in a location-agnostic and device-agnostic way. Agile services are cheaper, simpler to integrate and operate, and data is better protected.
However, many organisations have yet to give enough thought to integrating their disaggregated systems and data silos, and how to operate them in a seamless way that makes them impervious to the variety of disaster scenarios faced.
Moving to the cloud does not pass the responsibility to someone else, nor are the regulators likely to accept this as an excuse for ignoring the risks and how they will be managed. A Disaster Recovery and Business Continuity Plan is as important as ever and it is incumbent upon IT and business leaders to ensure their plans are robust.
Surprisingly, many companies don’t even catalogue the services their technology delivers. Too often the plan starts with the technology and is based on unrealistic expectations of availability and resilience. When considering a recovery plan, start with the users and focus on the practicalities of how your services will be recovered when disaster strikes.
Here are key things to consider for your Disaster Recovery and Business Continuity Plan:
- A descriptive catalogue of services which may be temporarily or permanently disrupted because of equipment of third party service failure, or a disaster or event that impacts your property, infrastructure, people or technology.
- A list of potential scenarios that could cause such disruption.
- A documented set of tasks that will be necessary to restore the service(s). These should be documented as a PERT Network Diagram (Program Evaluation Review Technique) so that:
- the duration and dependencies of each task are captured and;
- the critical path for restoration and time to restore the service (the recovery time) can be estimated.
- The anticipated state of the restored service should also be documented. This should include:
- The expected performance of the service; same as original or degraded.
- Accessibility / ease of use.
- The state of the data, e.g. as it was immediately prior to the service failure or from a historical point (the recovery point).
- Any new dependencies or requirements needed to deliver the service.
- Any other limitations or increased risks as a consequence of the service now operating in this way.
If the pragmatic recovery of a current service is too slow or would seriously disrupt your business, this should be addressed. How? By building and integrating new services that are highly accessible, resilient by design, and operated in ways that manage the impact of a disaster.
If you would like IT Lab’s support for your Disaster Recovery and Business Continuity Plan, feel free to click here to contact us.