Now is not the time to be creating your disaster recovery plans

Now is not the time to be creating your disaster recovery plans

Summary: Planning for disaster shouldn't start when the disaster is imminent.

TOPICS: Data Centers

Over the last few days I’ve received no fewer than five emails from various vendors of disaster recovery / business continuity services. The publicity surrounding the progress of hurricane Isaac has brought these vendors PR people all the same idea; it’s time to remind the media and our customers (and potential customers) that they should be reviewing or creating their disaster recovery plans, testing their equipment, and going through the checklist of tasks and responsibilities in the event of a business disaster.

The problem with this is that while facing impending doom it is not the time to check to see if you are wearing clean underwear. Every list of “things to do” or canned article I’ve received on this topic makes good points; it’s all useful information. In fact, they are all lists and stories that I’ve probably written in some form, more than once, over the last 20 years. But when disaster is bearing down on you the only checking you should need to be doing on your DR/BC plans is that those responsible for implementing are aware of the status of all of the related issues and that everything is current.

Planning to mitigate the potential problems that some sort of disaster can bring and what you need to do to keep your business up and running should disaster strike is an ongoing process, not a last minute patch. The announcements of impending hurricanes or other conditions that can be predicted can serve as a reminder to check with your DR people to make sure the process is working, but if the process hasn’t been implemented or kept up to date all you can do is keep your fingers crossed and hope that the storm passes you by.

Topic: Data Centers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I understand the position, however...

    In some ways I disagree with this. There is value in capturing the emotions associated with a real event.
    Anita Y. Mathis
  • Unfortunately, this is the way it works...

    In all but those companies where being down for a brief period is intolerable (e.g. financial services, retail, etc.), DR/BC is the first thing to get cut. As a former consultant, I can't tell you how many companies would budget for DR/BC projects but then automatically cut them the second they got pressure to reduce costs. Many C-level types (outside of CIOs/CTOs) are willing to accept the risk during sunny weather, but then as soon as something like Katrina, the Tsunami or 9/11 hits, these same C-levels act like they're the first person that ever thought up the concept of DR/BC. This is evidenced by the question to IT leadership (in an accusing tone) "What are we doing about this?"

    It's the nature of the beast. It's a relatively high spend for something that hopefully will never be leveraged, so it's easy to get into the cycle of putting it off until next year in favor of projects that have a more visible benefit than simply the peace of mind that you'll be able to keep doing business.

    And god forbid (if a DR/BC plan/program gets approval and funding) that you actually request participation from none IT/Operations personnel in developing the DR/BC plan. It's not like "B" stands for business or anything.

    Again, certain business recognize the value, but that usually is exclusive to businesses that can tie a direct revenue loss to every second that they're down or those so large that they feel an obligation to do so.
  • 'Capturing the emotions' doesn't save a neglectful client

    Piousmonk is right. Without a crisis that punches out the profitability of a company or corporation, the value of disaster recovery/business continuity is simply not going to make an impression on some people who ought to know better. The problem remains that somebody else's crisis tends to propel the boardroom into thinking they need to be prepared for another Katrina, another 9-11 and they go overboard with preparations that don't serve their need or require such a level of participation that it becomes a noticeable drag on operations. So it gets shed like a bad car rental agreement when trim time comes.

    A great deal can be done in the line of business to make sure backups are made, critical information is secured offsite, and that there is some provision for temporary work stations for the most critical work products needed to keep the company going -- which is the first thing DR ought to identify, and it's amazing how much it isn't done. What's your absolutely necessary output needed in 24 hours? That's what needs to keep going, not the entire floor.

    Anita is right that without a good scare, a lot of companies don't act at all. But the value of the scare is lost if it produces another binder to stack on the 'unread' shelf. You can't rely on the fright to make the business case for keeping up preparations for the rest of the life of the business. People don't think about what's needed to keep the business functioning.

    Point in case: I worked for an architectural design bureau that had a blueprint plant on the first floor. One day somebody in the plant dropped a whole carboy of industrial ammonia used in developing blueprints. The entire building was rendered uninhabitable for two days. The data was there, the tech still worked -- it just was worth your life to go into the building before the Fire Department finished venting it. What do you do when that happens? Besides shutting the doors and phones and telling your customers 'sorry'? That's what DR needs to figure out. Then make happen.

    Forget Katrina or Isaac. What do you need to produce what you have to every 24 hours? Why doesn't your DR team know? Why don't YOU know?
  • Hind site is 20/20 after all.

    Most everybody who has a good disaster recovery plan, has gone through one or more disasters before doing so. The smart ones didn't wait for the second disaster. The super human perfect IT department had their disaster recovery plan before they opened for business. The best plan is one that evolves after each disaster. No plan is perfect from the beggining, and remains so forever.