Adequate disaster recovery and business continuity planning is no longer a
prerequisite for large enterprises with extremely mission critical business
operations. It is now accepted worldwide as a basic requirement for every
organization and business. We look at key steps you need to take along with your
DR plan to ensure you are able to recover data after a disaster has struck
Disaster recovery and business continuity planning should reflect the real
and on-going needs of the business activity or function. Each company today
needs to have a disaster recovery plan, which is designed in accordance with the
company's corporate vision and business need. This involves choice and
implementation of processes, policies and infrastructure as per the disaster
recovery plan, which in turn pertains to application and network elements that
are essential to DR, and consequently the business. However having a DR plan is
not enough. Disaster can strike in any form, it can be a natural disaster (fire,
earthquake etc) or technology related disaster (eg malicious virus attack, power
issues, UPS blowouts, etc) or even related to humans (bomb blasts, pandemics,
etc).
Risk evaluation
Make sure you do a complete risk evaluation, ie identify events that can
leave a negative impact your organization. This should cover everything from
natural, manmade, technological, which can intentional or accidental, internal
as well as external. Along with the type of threat a risk evaluation should also
cover dangers associated with it, how it can happen, probability of occurrence
of each threat, probability of impact and factors that can be controlled. You
would also need to identify single points of failures---these can be anything
from Internet lines to electricity equipment.
You would also need to determine the frequency of these threats---this might
vary according to your geographical area. For instance, if you are a company
based in Mumbai, then rains/floods are one type of threat for which you must
prepare. Way back in 2005, when the Mumbai rains created havoc, many companies
were caught unprepared and offices were flooded with water.
We know a company that flew its employees to its other location, to ensure
that its business is not impacted. A lot of companies create risk assesment
forms which are sent to key people in each department and ask them to identify
possible risks in their department. Of course many of these will be non-IT
related but might play an important role in the BCP.
You would also need to identify and prepare a list of applications and the
duration for which downtime is affordable. This can be a very difficult task, as
in every case there will user's whore affected by application downtime. At the
same time there are applications like email without which business will come to
stand still.
M Sudhir Reddy CIO, MindTree advises CIOs on what not to do in DR |
Always build your DR 'technology upwards', and 'business downwards'. Fundamentally, DR is an extension of your company's technology backbone. It is not something that flows out of business demand. That said, DR can effectively be used to gauge the optimum requirement of IT resources for your company. In an unfortunate event of disaster striking, your IT equipment would run on a mirror image which may not be as proficient as the real technology backbone. However, it might then give you a signal that you have actually over-provisioned. Do not clog your DR Backing up tapes is not DR |
Have regular DR drills
An enterprise needs to carry out regular DR drills, to ensure that their DR
plan actually works and if there are any flaws they should be rectified in time.
DR drills can be carried out every six months or every weekend, depending on the
complexity of the organization. Many companies ensure that the work done on
weekends is done from their DR site, to ensure both primary and secondary sites
are in sync. However this is possible if you have a hot D.R site. If you have
outsourced DR, than having DR drills becomes even more important, as this can
easily tell you how ready is your service provider to handle a disaster.
C Kajwadkar Chief Architect and Vice President — Availability Services, Netmagic Solutions |
Technology Disasters vs Human Disasters The second kind is human disasters, which include environmental mishaps |
However when having DR drills its important to make sure that no business is
affected due to a DR drill be it a regular or a surprised one.
Countering the human factor
There are times when IT and everything is in place, yet the causative
factors for disaster are humans. Currently, with Swine Flu already declared a
pandemic, enterprises are re-visiting the human factor and drawing strategies to
make sure it doesn't impact their businesses. Most companies are finding the
answer in workforce mobility, ie in case the situation gets worse, its employees
can do most of their work from home. While it might answer some of the woes,
remote access cannot work for all industries, such as BPO, manufacturing, etc.
This is where people part in DR kicks in. One strategy is to have enough bench
strength, to counter the situation. But with the recent economic slowdown, where
companies are looking to get most out of a single employee, there aren't enough
people on the bench. The most commonly used strategy now is to train employees
to have multiple skills. Another strategy is to have another location ready, if
one of the locations is hit. This can be easy for industries such as BPOs, where
call load can be easily shifted to another location if one site is hit. Plan for
Swine flu cannot be created in isolatation because the whole organization is
vulnerable to it. Therefore, the CIO needs to find out from all business unit
heads what's important for them in an emergency. What part of their business can
be taken caer of remotely or can be autoamted with the use of any existing
technologies. Companies are also creating separate team which will spread
awareness among their groups and drive out plans to if they get into such a
situation.
Sunil Chandna CEO, Stellar Information Systems on the possibility of data recovery after disaster strikes. |
||
These are some of the tricky situations you might land up in after disaster has taken its toll:
Flooded Drives Fire
Earthquake A hard drive is very delicate and complex equipment that needs utmost |
What if you were to lose data?
Most times in the aftermath of disaster, despite having backups you lose
data and God forbid your backup media is hit, ie tapes or disks, are affected.
In some cases it is possible to retrieve data from environmental disasters (see
box 'possibility of data recovery after disaster strikes'). Whenever you are
confronted with such a situation, it is better to contact a data recovery
company. Most data recovery companies also provide on-site technical assistance,
to ensure that media is not damaged further in handling and transportation. A
clean room is basically a work area with controlled environment parameters such
as temperature, humidity, etc.
For hard drive data recovery, class 100 clean room is the standard, wherein
there are less than 100 particles larger than 0.5 microns in a cubic feet of
air. Similarly, many times there are situations where backup tapes get broken or
corrupted due to some operation error. Data recovery companies also offer tape
restoration services, which are again carried in a clean room.
Swapnil Arora and Vishnu Anand