Disaster Recovery and Business Continuity Planning IBK3IBV01 College 7 Paul J. Cornelisse

Disaster Recovery and Business Continuity

Planning IBK3IBV01 College 7

Paul J. Cornelisse

Data Center Requirements

My children will live with the mistakes I make

Disaster recovery


Many organizations voluntarily spend money and time attempting to design DR systems, processes, and methodologies that will enable them to continue business operations in the event of a disaster.

Disaster recovery

It is important that organizations are able to:contact the resources neededhave methods in place to ensure that resources can actually make it to the recovery areaactivate strong leadership roles for the responding resources (of critical importance for successful DR postevent recovery)

Disaster recovery

Necessary components of successful recovery are:ensuring that time is spent testing hardware and equipment neededto make sure the organization can recover business critical systems in the time required


Disaster recovery

Tulane University, like many organizations in New Orleans, was prepared for an event like Katrina…., but

it did not have plans on how to recover from such an event and ended up missing its August payroll run,

an event that compounded the trauma that many families were already going through (Anthes 2008).

Disaster recovery

“We did have to face the music. We stopped paying adjuncts on August 29. We stopped paying part-time faculty and staff members on September

30. Beginning November 1, we began using vacation and sick leave to help pay full-time faculty and staff members” (The Chronicle of

Higher Education 2005, p. B.203).

Disaster recovery

Disaster recovery


Develop a Business Continuity Contingency PolicyAs with any policy, alignment with organizational senior management is the first thing that needs to take place.


“Tulane did not have a formal DR plan for replacement of machines with any outside vendor

or institution.That was a cabinet-level decision, made during times of fiscal stress. We had just shifted to a

decentralized system for fiscal management, so IT was a shared resource.

When I presented the plan for off-site DR, it was for $300,000 a year or so. We decided that we could not ask the deans to pay for that as they

were already upset about recent budget cuts and increased IT recharge rates” (The Chronicle of

Higher Education 2005, p. B.201)


Of interest to note is that John Lawson, the CIO of Tulane, has related publicly that after Katrina, his off-site DR plan was approved at a cost of approximately $600,000 per year, double the amount Tulane management turned down before Katrina.


Business Impact Analysis (BIA)make sure that we know what systems are critical to maintaining an acceptable level of business service for our customers. the critical component to understanding what services and what associated systems need to be restored as well as in what order and how quickly they need to be restored.


Business Impact Analysis (BIA)organizational business management must align on what items should be on the BIA a clear understanding of what services need to be restored and how quickly they need to be restored.


Example BIA temlate


During the BIA “definition” process, information about the following has to be gathered e.g. :What is the financial effect if the system is down and whether or not this financial effect increases the longer the system is down?Are there service level agreements (SLA) tied into this system and, if there is, what are the financial penalties incurred once the system is down past the agreed upon SLA timings?Are there manual workarounds that are good enough?Is there a reputation or nontangible effect if the service is down for an extended period of time and is that effect one that will affect the survivability of the organization?What are all the systems and integration points between the systems that comprise this service and do they have time dependencies as to which system needs to be up before one of the other systems can work?


It is critical to organizational survivability that the most critical systems are recovered first and that they get the attention from people and other resources that they need to recover in order of priority. Further discussion on BIA and a sample procedure are included in Appendix B.


What drives the decisions of our management?


Bergland and Pedersen (1997), in a report on the effects of safety regulation on the safety and well-being of Norwegian fisherman, found that costly regulation induced “the individual rational fisherman to behave in a way which increases their risks” of injury


Apparently this behavior also goes for business management


“Will it cost me more to implement the required business continuity and DR infrastructure than it would for me to recover from a catastrophic event that may or may not occur sometime in the future?”


Also, in our (current) economy downtrend, that is causing organizations to pull back from IT spending


Disaster recovery

Disaster recovery

X

Disaster recovery


The goal is not to eliminate the risk, but to design business continuity and DR strategies that generate more benefits to the community than the negative effect of the costs incurred (Viscusi and Gayer 2002)


Cold

A cold site is essentially just data center space, power, and network connectivity, ready and waiting for whenever a company might need it.If disaster strikes, you move your hard- and software into the data center and get back up and running.


Warm

A warm site contains your pre-installed hardware and has your bandwidth needs pre-configured. If disaster strikes, all you have to do is load your software and data to restore your business systems.


Hot

A hot site allows you to keep servers and a live backup site up and running in the event of a disaster.Basically, you fully replicate your production environment in a DR center allowing for an immediate cutover in case of disaster at the primary site.

A hot site should be considered for mission critical sites.

Disaster recovery

http://www.csc-inc1.com/disaster-recovery.asp

Documents

Disaster Recovery and Business Continuity Planning IBK3IBV01 College 7 Paul J. Cornelisse