Whether you run an 18 billion dollar manufacturing business with 20,000 employees or a small to medium business with 8 to 25 employees, Business Continuity and Recovery in the face of a disaster presents a seriously daunting challenge.  No matter what size your business is, if you want to stay in business, Business Continuity and Disaster Recovery should be well within view on your leadership dashboard.

In particular, your IT infrastructure presents a vast field of hurdles in developing, maintaining, and evolving your Disaster Recovery strategy.  Even when your business takes Disaster Recovery quite seriously, and you’ve made the investments to assess, architect, deploy, and test your strategy, the continual high-pace change in your business applications and underlying infrastructure technologies can rapidly age your DR solution and leave you feeling exposed.

One client I’ve worked with had an existing tape-based Disaster Recovery strategy which had served the company well for several years.  But as the business-critical applications were upgraded, replaced, and back-end data grew, the periodic testing regiment proved the recovery solution inadequate.  The good news is that this shortcoming was identified during verification testing and not when recovering from a true disaster.

What should be on the IT Director and IT Manager’s Business Continuity and Disaster Recovery radar?

1. Periodic and regular review of the Business Continuity Plan:

• Is the plan aligned with the business priorities?
• Is the plan keeping up with the changes in the business applications?
• Has the business risk profile changed?
• Does the Business Continuity Plan mitigate the unacceptable risks?

2. Periodic and regular review of the Disaster Recovery Plan:

• Is the DR strategy keeping up with advances in the underlying IT technologies?
• Is the DR strategy aligned with the Business Continuity Plan?
• Have the Recovery Point Objective or Recovery Time Objective changed?
• Are there Disaster Recovery alternatives which could better meet your needs?
• Has the Disaster Recovery scenario set changed?
• Is the Disaster Recovery Plan in line with the volume of business critical data to be recovered?

3. Periodic and regular Disaster Recovery testing:

• Have all business critical applications been tested against the scenario set using the latest Disaster Recovery Plan?
• Can the Disaster Recovery Plan be executed within the RTO?
• Were key functions of the business critical applications tested for operability and interoperability with tightly coupled applications.
• Has recovered data been tested for accuracy and consistency within the RPO?

How can an IT Manager keep ahead of this curve? 
The themes I hope will stick with you are that Business Continuity and Disaster Recovery require periodic attention on an ongoing basis.  Review your BCP and DRP at least annually ─ more frequently if the rate of change dictates this ─ is essential.  Just as important is Disaster Recovery testing; Make all your partners in your Disaster Recovery solution prove out the services they are providing your business.  In my experience, every single Disaster Recovery verification test has identified a substantial list of shortcomings which need to be addressed and corrected.  Having a Disaster Recovery strategy without testing only provides a false sense of security.

Find a trusted IT Service Provider to provide expertise and fill in the gaps which you and your staff cannot adequately address.  Make sure you choose a partner which understands your existing infrastructure and ideally has a grounding in your business sector.  Attach SLAs to your DR services which hold providers accountable for your businesses Disaster Recovery solution.

Mike Kephart
Director Of Network Architecture
DaVinci Digital