| Disaster
Recovery Planning Is Business-Critical
By
Paul Chisholm
JULY 2008
- According to Info-Tech Research Group, almost 60% of North American
businesses do not have a disaster recovery plan in place that
would resume their information technology (IT) services in case
of crisis. The seriousness of this problem is supported by research
from Faulkner Information Services, which found that 50% of companies
that lose their data due to disasters go out of business within
24 months.
Tips
for IT Disaster Recovery Planning
Devise
a disaster recovery plan. Once a disaster recovery
plan has been established, it should be viewed as a living, breathing
document that can and should be updated frequently. First, define
what is important to keep the business running, and the “recovery
time objective”—how quickly the company needs to be
up and running after a disaster. Other key plan components to
consider are as follows: Who within the organization declares
the disaster? How are employees informed that a disaster has occurred?
What method of communication should be used with customers to
reassure them that the company can still service their needs?
Test
the plan. The effectiveness of the disaster recovery
plan can be assessed only if rigorous testing is carried out at
least once a year in simulated but realistic conditions.
Perform
off-site data backup and storage. As part of establishing
a backup data solution, every company should use an off-site,
secure data storage center. Additionally, businesses need to determine
their recovery point objective (RPO)—the time between the
last available backup and when a disruption could potentially
occur. Every company should back up its data at least once daily,
but should strongly consider more frequent backup or “continuous
data protection.”
Perform
data restoration tests. The backup software and
hardware should be checked daily to verify that backup has been
completed successfully. Companies should store backup tapes in
an offsite location that is secure and accessible. Disk-based
systems should have an offsite replication if the backup is not
run offsite initially. Moreover, companies should perform monthly
tests in order to validate that data can be restored in case of
a disaster.
Backup
laptops and desktops. Backing up laptops and desktops
protects critical data that are not stored on the organization’s
network in the event of a lost, stolen, or damaged workstation.
Be
redundant. Establishing redundant servers for all
critical data, and providing an alternate way to access that data,
can bring disaster recovery time down to minutes rather than days.
Invest
in theft recovery and data-delete solutions for laptops.
Theft recovery solutions can locate, recover, and return lost
or stolen computers. Data-delete options can enable companies
to delete data remotely from lost or stolen computers, preventing
the release of sensitive information.
Consider
hiring a managed services provider. For small to
medium-sized organizations, implementing a sound disaster recovery
plan is often prohibitively expensive. Managed services providers
(MSP) have the technical personnel to design, implement, and manage
complex disaster recovery projects, and they have the server,
storage, and network infrastructure to manage a true disaster
recovery plan.
Paul
Chisholm is chairman and CEO of MindShift Technologies
(www.mindshift.com),
a leading provider of managed IT services to small and medium-sized
organizations. He can be reached at paul.chisholm@mindshift.com.
|