Implementing a new Disaster Recovery Plan (DRP) is a large and complex task for any IT organisation. To gain maximum value from the process representatives from all parts of the organisation must be involved in each phases of the process. This is also mandatory for regulatory compliance.
Beyond Technology Consulting business consultants have significant Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) experience across many industries and an excellent understanding of the technical implications of each relevant decision. Using an external partner to assist your organisation with its DR planning has clear advantages. But facilitating the approach is only part of the value that an external partner can bring. We recommend that consideration should be given to the partner’s ability to understand the infrastructure consequences of each available solution.
We believe that an approach that augments your own internal staff with external business consultants with significant DRP experience. This “blended team” approach is often the most cost effective way forward. It provides your team with access to the required experience and knowledge, and leadership to ensure that appropriate outcomes are achieved. With greater confidence in the quality of the outcome, the internal team can then take ownership of the process and facilitate broader acceptance and buy-in of the ongoing management of the DRP.
Reducing Business Risk
The risk exposure presented by technology is often not factored into the company’s risk planning and in many cases inappropriate technology, deployed initially for a simple application, has been leveraged to provide business critical functions without first considering the wider risk implications.
It is no longer sufficient to only associate Technology risk with I.T. systems failure. Technology Risk appears in many different forms, each having potentially critical impacts on the business. Additional to systems failure, other areas of Technology risk include: Operational sustainability, staff risk (how to accumulate and disseminate knowledge), customer satisfaction risk, security risk, data loss, service level failure and external disaster events
The aim of any Disaster Recovery Plan is to eliminate or reduce the risk of a technology causing a business ending event. Not only are IT executives being held accountable for the safe custody of critical business data, but also the ongoing operational capability of the organisations technology and communications systems.
It is clearly the responsibility of IT management to ensure that the organisations executive team is well aware of both the risk and the impact of failures of IT systems and the increasing reliance of the business on them.
In most cases the risk of significant business impacting events can be largely mitigated through diligent technology management. Given recent statistics have shown that “after a major data loss, 43% of businesses won’t reopen, 51% will close within two years and only 6% survive long-term”, CIO’s are increasing being held accountable for negligence in this area.
New Technology Impacts
Advances in systems and infrastructure resilience is often touted by technology vendors as the risk reduction solution to organisations recoverability problems, however the operational and cost impacts of these improvements are not always obvious. A thorough understanding of the impacts and achievable advantages of these needs to form part of any DR planning imitative.
Unlike many other parts of the business, IT management is rarely in a budget position to be able to expend money on initiatives without appropriate business justification. The development of business cases for DR initiatives can often be hamstrung by lack of formal planning and risk assessments. We recommend that organisations undertake an initial Disaster Recovery “First Pass” that aims to assess the organisations existing capabilities, understand the business requirements and risk profiles and then provide a mitigation strategy that includes prioritised “Actionable Advice” to improve your Disaster Recovery Capabilities and reduce the business risk. The format of the report facilitates the development of appropriate business case and business justifications.
Disaster Recovery Framework
Beyond Technology bases its methodology on Australian and International standards and guidelines. These include:
- AS/NZS 4360:1999 Risk Management
- AS/NZS ISO/IEC 17799:2001, Information Technology – Code of Practice for Information Security Management. Section 11 Business Continuity management.
- Business Continuity Institute, United Kingdom – Business Continuity Good Practice Guidelines.
- IT Infrastructure Library (ITIL)