Every organisation needs to recover its data after disruption or disaster and it’s an area that many businesses believe they have under control.
However all too often in-company systems and processes are inadequate. Research undertaken into businesses who lost data or infrastructure in 2001, before organisations relied as much on data management as they do now, showed that 43% never reopen; 51% close within two years, and only 6% survive beyond that.
Disaster Recovery is the restoration of ICT (Information and Communications Technology) to a usable state, generally after some significant disruption which affects data use or storage. Accordingly, it is part of an organisation’s Business Continuity planning process. Disaster Recovery is not a substitute for Business Continuity, however, the two must always be aligned.
Here are some typical considerations for companies when drawing up a Disaster Recovery plan:
These steps reduce or eliminate various threats for organisations, and include:
1. Preventive measures, aimed at preventing an event from occurring
2. Detective measures, used to detect or discover unwanted events
3. Corrective measures, used to correct or restore the system after disaster
Examples of these might include:
- Mirrors of systems and/or data and use of protection technology such as RAID
- Surge protectors — to minimise the effect of power surges on delicate electronic equipment
- Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure
- Fire preventions — alarms, fire extinguishers
- Anti-virus software and other security measures
These controls should be always documented and tested regularly.
Before selecting a Disaster Recovery strategy, organisations should review their business continuity plan, which determines the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for various business processes such as sales, manufacturing, or even payroll processes. These timescales define from and by when specific business processes need recovering, and hence when ICT processes need restoration, to ensure the infrastructure and data can be recovered to meet those deadlines.
There is a real correlation between the RTO, RPO and cost, and typically the nearer both of these are to zero loss, the higher the costs. Oftentimes, the organisation will have to consider how to balance the competing needs of protection and budget.
Common strategies for data protection include:
- Backups made to tape and kept off-site
- Backups made to disk on-site and copied to off-site disk
- Replication of data to an off-site location
- High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data
ibd provides access to specialist and professionally qualified advisors with specific Business Continuity expertise, and live experience of invoking plans following disaster or disruption.