What to do “After” your IT guy gets hit by a truck!

April 1, 2005

22

Step 1 - Send flowers

Step 2 - Invoke the detailed plan that you already had in place to ensure continuance after just such an occurrence

Step 3 - Business as usual

33

Or….., if you DIDN’T have a Disaster Recovery plan in place…

Start the arduous task of putting a puzzle back together with many of the pieces missing

…and accept the fact that you’re going to lose time, money, reputation and clients.

44

Agenda for today…Agenda for today…

FACTS about lack of Disaster Recovery Planning Understanding the impact to your business TYPES of Disaster

STEPS to protect our business

Questions

55

FACTS about lack of FACTS about lack of DR Planning:DR Planning:

After the incident of the World Trade Center, 40% of the companies without disaster recovery capability were out of business within 6 weeks [Forbes Magazine]

In fact, 40% of enterprises that experience any disaster go out of business within five years. [Gartner]

Enterprises can improve those odds – but only if they take the necessary measures before and after the disaster.

66

FACTS about lack of FACTS about lack of DR Planning:DR Planning:

File corruption and data loss are becoming much more common

It costs the average company between $100,000 and $1,000,000 per year for desktop oriented disasters (both hard and soft costs)

7th Annual ICSA Lab's Virus Prevalence Survey, March 2002

What is What is Disaster Recovery? Disaster Recovery?

• Disaster recovery is a series of actions to be taken in the event of major unplanned outages to minimize their adverse effects.

– Power failure– Underground cable cuts or failures– Fire, flood, earthquake, and other natural disasters– Mistakes in system administration– Sabotage (intentional, virus, hacking, internal/external)– Loss of employee

88

When talking about When talking about Disaster Recovery…Disaster Recovery…

• We typically think of:

How to backup and restore data to computer systems How to restore network connections How to replace computers and where to put them Where employees can work if the building is damaged

99

A plan to restore all of these components must be in place.

The system must be able to put them back together if your business is to survive a disaster.

The efficiency with which this is done may make the

difference in surviving or not!

Disaster RecoveryDisaster Recovery Planning Planning

1010

Do you know your COST for downtime?

Potential pitfall - Disaster Recovery focusing only on the technical components.

Consider the impact of the following:

– Lost productivity and idle employees– Missed service level agreements– Diminished reputation for customer service– Increased technical support costs for onsite repair– Loss of customer confidence– Legal liabilities– Regulatory fines– Downward stock prices– … and more

1111

Business Business Continuance PlanningContinuance Planning

Instead of Computer Disaster Recovery, think in terms of

Business Continuance Planning!

BCP is more comprehensive. It addresses:

Risk of lost revenue and productivity

Plan of action for continuing the business, NOT computers

1212

Business Business Continuance PlanningContinuance Planning

Example of items that typical planning might leave out:

Business processes and procedures

Roles and responsibilities

What happens at the absence of key individuals

Sources and consumers of data

Recovery time-frame requirements

Order of recovery

Documented procedures

Reconstitution

Business Processes and Procedures are:

Rarely documented

Typically defined only in the combined knowledge of key employees (This is true of the “big picture” as well as for the details of each departmental process)

One of the most difficult things to put back the if key employees are not available

Business Business Processes and ProceduresProcesses and Procedures

1414

Business Business Roles and ResponsibilitiesRoles and Responsibilities

Critical time is lost without pre-defined roles and responsibilities for:

Making the decision to invoke the plan

The second in charge

Being responsible for each element of the plan

Exception handling

Decisions of priorities

Signature authority

1515

Business Business Key IndividualsKey Individuals

Absence of key individuals

A more difficult thing to consider

Mental notes

Revenge (sabotage or withholding of information)

1616

Business Business Data FlowData Flow

Sources and Consumers of Information

Detailed data flow

Detailed process flow

Updated documentation

1717

Business Business Recovery Time FramesRecovery Time Frames

Recovery Time-frames and Order

Set expectations up-front

Help to design budgets

Assign priorities for recovery

1818

Business Business DocumentationDocumentation

Documentation

Create documentation so that a contractor can restart your business

Create policies and procedures for updating

1919

Business Business ReconstitutionReconstitution

Reconstitution

When is disaster over?

How to go back to business as usual?

What steps need to be taken?

2020

Business Business Continuance PlanningContinuance Planning

We’ve talked about things that are commonly left out...

Now the things that typical planning “almost always” leaves out

• Mental notes• Periodic testing• Updating procedures and plan content• Moving DR Planning to the DR Site• Details, Details, Details!

2121

Business Business Mental NotesMental Notes

Mental Notes

“Steve knows how to do that” But what if Steve isn’t here?

Most common obstruction

Can involve relationships, passwords, technical understanding, history, contractual obligations…

Documentation will never be perfect

2222

Business Business Testing and DocumentationTesting and Documentation

Testing and Updating

32% of all data lost is due to human error

We’re all busy, so why take the time to work on something that we can put off and we probably won’t use anyway?“I’ll have time to do it tomorrow” “It’s someone else’s responsibility”

We’ve seen too many people that have lost data that they “wish they would have taken the time” to safeguard!

2323

Business Business ContinuanceContinuance

Moving Planning to the DR Site

The same disciplines must be put into practice at the DR site.

2424

A method is needed that will:

Bring knowledge together

Document it

Enable processes to be reconstructed (possibly without the help of key employees)

Enforce periodic testing and updating of the plan

Business Business Continuance PlanningContinuance Planning

Business Business Continuance Planning SummaryContinuance Planning Summary

Continuance Planning defines and documents

Departmental processes Sources of data Consumers of data Relationships Cost ramifications Budget justifications Recovery criteria Solution design Documentation Assistance with testing and updating

2626

Planning is approached in phases

Process Analysis• Data flows

Risk Analysis• Costs/Effects

Disaster Recovery Planning• Traditional technical component

Implementation and Testing• Annual or after significant changes

Business Business Continuance Planning SummaryContinuance Planning Summary

2727

Continuance Planning can be implemented:

Departmentally

In phases

As a single phase

To practical extents

Business Business Continuance Planning SummaryContinuance Planning Summary

Rob Didlake

913-780-2525

rob@dataedge.net

Mary Linse

913-971-6863

mlinse@olatheks.org

Thank You!

Questions?