Importance of Disaster Recovery in Business Planning

It is important to keep in mind about Disaster Recovery in Business Planning. What if hell breaks.

Purpose of a Disaster Recovery Plan:

Disaster Recovery Plans (DRP) is comprehensive statement of actions to be taken before, during and after a disruptive event causes loss of availability of Information Systems. Primary objective is to provide an alternate processing site and return to primary site within a minimal time frame whenever any disaster occurs in the information systems.

The primary purposes of a Disaster Recovery Plan (DRP) are as following:

Prevention (pre-disaster): The pre-planning required — using mirrored servers for mission critical systems, maintaining hot sites, training disaster recovery personnel – to minimize the overall impact of a disaster on systems and resources. This pre-planning also maximizes the ability of an organization to recover from a disaster.

Continuity (during a disaster): The process of maintaining core, mission-critical systems and resource “skeletons” (the bare minimum assets required to keep an organization in operational status) and/or initiating secondary hot sites during a disaster. Continuity measures prevent the whole organization from folding by preserving essential systems and resources.

Recovery (post-disaster): The steps required for the restoration of all systems and resources to full, normal operational status. Organizations can cut down on recovery time by subscribing to quick-ship programs (third-party service providers

Disaster Recovery Plan VS Business Continuity Plan:

The differences between Disaster Recovery Plans and Business Continuity Plans are not very clear in actual usage. Different companies sometimes use these terms differently and, at times, interchangeably.

Technically the Business Continuity Plan (BCP) refers to the means by which loss of business may be avoided and it ought to define the business requirements for continuity of operations. It defines the business requirements for a Disaster Recovery Plan (DRP).

Technically, the Disaster Recovery Plan (DRP) deals with the restoration of computer systems with all attendant software and connections to full functionality under a variety of damaging or interfering external conditions. In daily practice Business Continuity often refers to disaster recovery from a business point-of-view, or dealing with simple daily issues, such as a failed disk, failed server or database, possibly a bad communications line. It is often referred to as the measure of lost time in an application, possibly a mission critical application.

In daily practice Disaster Recovery often refers to major disruption, such as a flooded building, fire or earthquake disrupting an entire installation. The issue of Business Continuity certainly arises when Disaster Recovery is required.

In short we can say that Disaster Recovery Plans addresses the procedures to be followed during and after the loss where as BCP is the preemptive process put in place in preparation for the handling of a disaster.

Importance of a DRP in Business Planning:

Disaster recovery forms a big part of a company’s business continuity plan.  While business continuity sets out controls to keep all aspects of business functioning when a disaster hits, disaster recovery primarily focuses on IT and its systems that support business functions in the case of a disaster.

The importance of disaster recovery is becoming more and more of a top agenda point for Chief Executives as we continue to depend on computer systems.   With the increasing dependency on IT systems as well as a growth in various disasters reported in the media including 9/11 and the London bombings a gap in the market has been spotted resulting with many disaster recovery related companies available.

Despite the increasing number of public disasters many companies are still not prepared for a disaster.  With only about 50% of companies reporting to having a disaster recovery plan in place. Of those companies that do have a plan in place nearly half of these companies have never tested their plan.  In these cases it is pointless having a plan in place.

IT systems are critical to the smooth running of a company and this is why it is important to ensure these systems continue to operate efficiently and are not disrupted.

Systems and networks are becoming ever more complex, meaning more and more things can go wrong.  Some fifteen years ago if there was a threat to a system, a disaster recovery plan may include powering down the mainframe and other computers.  Current systems tend to be too complicated to have such a hands on approach.

It has been reported that many large companies spend between 2% to 4% of their IT budget on disaster recover planning.  It is also not unusual for a company to spend up to 25% of their IT budget. The plan is to minimize the risk of significant loss to infrastructure.  Lack of preparation can lead to significant monies and time being spent on repair.

As much as a company can minimize risk there are many disasters that cannot be avoided.  Disasters can either be classified as natural disasters such as earthquakes and floods and manmade disasters such as infrastructure failure and material spills.  A disaster may not be eliminated but can be reduced to a minimum.

The disaster recovery plan is an essential business document it can prevent severe loss of data which can have a serious financial impact which can also result in loss of customer confidence, damaging a company’s reputation. Having a disaster recovery plan in place can give a company a competitor edge, for if a disaster was unfortunately going to happen.  If a natural disaster was to occur then most companies may suffer due to no plan in place. But for those companies that have prepared can continue to provide goods and services to their customers and suppliers and continue “business as usual” potentially gaining new custom also.

A disaster recovery plan should be clear and concise, focusing on key activities/functions required to recover IT services.  It should be tested, reviewed and updated on a regular basis. It is vital the plan has an owner to ensure these things happen.

Complementation of DRP in BCP:

In the event of a disaster, the continued operations of your company depend on the ability to replicate your IT systems and data.  The disaster recovery plan stipulates how a company will prepare for a disaster, what the company’s response will be, and what steps it will take to ensure that operations can be restored.  Disaster recovery describes all of the steps involved in planning for and adapting to a potential disaster with a road map that will restore operations while minimizing the long-term negative impact on the company.

Business continuity planning suggests a more comprehensive approach to ensure your business is operating, not only after a natural catastrophe, but also in the event of smaller disruptions.  Unlike disaster recovery, business continuity involves keeping all aspects of a business functioning rather than just technology systems. The business continuity plan is a fairly new approach that instructs what steps a company must take to minimize the effects of a service interruption.  This will limit the short-term negative impact on the company.