Blog

When disaster strikes!

0
0

2
0
0

By Martin Conboy

typhoonHurricane, fires, earthquakes and terrorist attacks are now a common occurrence across the globe. Disasters have the potential to hit every city, region and country in the world. There are dangers to your business if you outsource to offshore locations. Those dangers are minimised, however, if you and your services provider have a sound business continuity plan in place.

A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.‬ Such a plan, ordinarily documented in written form, specifies procedures an organisation is to follow in the event of a calminty. . It is a comprehensive statement of consistent actions to be taken before, during and after a disaster. The disaster could be natural, environmental or man-made. Man-made disasters could be intentional (for example, an act of a terrorist) or unintentional (that is, accidental, such as cutting a cable during construction.

Given organisations’ increasing dependency on IT to run their operations, a disaster recovery plan, sometimes inaccurately called a Continuity of Operations Plan (COOP), is increasingly associated with the recovery of information technology data, assets, and facilities.

What would you do if the unexpected happen? How long can your business survive with its critical systems down? What procedures and resources can you fall back on to get your business up and running again?

What would you do if the unexpected happen? How long can your business survive with its critical systems down? What procedures and resources can you fall back on to get your business up and running again?

There should be clear procedures in place depending on the impact and expected duration of a disaster. Clearly mark out the different stages that will lead to recovery and the resources required at each stage and where they are located.

The problem is particularly acute for providers of outsourcing and BPO services. Because, if their facilities and systems shut down, it can have a tremendous impact not just on the provider’s own business but their clients’ business as well.

When negotiating the services of a provider the client needs to make sure the provider is aware of all the risks and impact of the business function being outsourced. The provider must have the capacity for managing those risks. The contract signed must specify in detail what mitigation steps will be taken to recover from a disaster. Having said that a DRP contingency comes at a cost, after all somebody somewhere has to pay to have a facilty lying vacant so that you can utilise it when needs be.

Tested and documented plan

Does your provider have their own well documented and tested DRP plan? Ie they have simulated a disaster and executed the plan.

When planning for disaster and the following recovery don’t focus so much on the nature of the disaster but its likely impact. There are four types of impacts:

  • Loss of people
  • Loss of facilities/building
  • Loss of connectivity and communications
  • Loss of systems and applications

A single disaster may involve one or all four of these impacts. A natural disaster may bring down telecommunication lines (loss of connectivity) and prevent staff getting to work (loss of people). A fire or an explosion will entail loss of facilities.

In your plan – factor in duration. How long will the disaster impact the full functioning of your business, 10 min, 10 hours, or 10 days or is it permanent. You need to understand your recovery point objective. The recovery point objective is the age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a major iccident . When an event creates an impact, your plan should provide clear direction based on the expected duration of the impact.

There should be clear procedures in place depending on the impact and expected duration of a disaster. Clearly mark out the different stages that will lead to recovery and the resources required at each stage and where they are located. I.e. if your data centre is thoroughly guttered by a fire or a flood is there a backup/recovery site you can transfer your people to.

It is important to test your plan at least once a year.

There are plenty of resources online you can look up and download to help in formulating your plan.

Alternatively, you can work with a specialist consultancy in the area of business continuity. Aside from the knowledge and skills in helping you in analysing the potential risks and procedures to address them, they can offer an outside perspective.

Remember that failure to plan is planning for failure!
July 22, 2015
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

3 + 3 =