Have your ducks lined up before disaster strikes
Unless you've been hanging out with monks for the past few days, you are well aware that it's been one full year since Hurricane Katrina hit the Gulf Coast. No matter where we turn, we're inundated with revisiting the tragedies, missteps, mayhem, and general suffering.
So after we go through our grief, frustration, and anger, what do IT folks think about when such subjects come up? For many of us it's, "When was the last time we updated our disaster recovery plan?"
A good disaster recovery plan does more than just tell you what to do after a catastrophe. A good plan prepares you for the event.
For the purposes of this column, we'll stick to IT-related disaster recovery plans. Depending on the type of business, this may be all that is needed; sometimes, the IT-related plan is part of a bigger business continuity plan.
Technically, any unplanned interruption of the normal course of business can be considered a disaster. One key factor is not to worry about all the things that could happen, but to focus on your ability to conduct business. What's it going to cost if you're down for a week? A day? An hour?
A disaster recovery plan includes an inventory of all of your computer systems and related components. For each item, what type of support and/or maintenance agreements are in place? How are the systems being backed up?
The plan must also outline any time-critical business processes that are IT-dependent. Defining these processes helps determine which systems need to be recovered first.
Risks ranging from simple to severe should be outlined. While most often we worry about severe risks like hurricanes and fires, we should also take care in pointing out seemingly less significant problems, especially those that affect critical systems.
Now that we know what our critical systems are, and the types of risks we are facing, we can develop a list of recommendations to help reduce the risk of outages, and create an environment where systems can be recovered should a disaster occur.
Like all good technical documents, the disaster recovery plan must be updated on a regular basis, especially as recommendations are implemented.
The last component of the disaster recovery plan defines the procedures to follow in the event disaster strikes. In addition to what to do, the recovery procedures should also clearly outline the expected timeframes for each step. Again, this section of the plan should be regularly updated.
Like any other procedure, you should rehearse the recovery scenarios on a periodic basis. This is the only way to be sure that your recovery strategy is sound.
John Agsalud is president of ISDI Technologies Inc., a Honolulu-based IT consultancy. Call him at 944-8742 or e-mail
jagsalud@isdi-hi.com