A disaster is waiting to happen

Every organization needs a disaster recovery plan, but simply creating a plan and purchasing a service is not enough. You'll need to be prepared for various contingencies.

What happened to California? How, in a single generation, did it go from the land where it never rains to the land of rolling blackouts and the dot-com dust bowl? Not to mention earthquakes, mudslides, brush fires ...

Which, as an IT guy, makes me think of disaster recovery.

Ten years ago, I'd be asking if your organization had a disaster recovery plan. Today, I'm pretty sure I don't have to ask. Everyone recognizes that planning for the worst is just prudent.

But have you looked at your plan lately? Some organizations simply create a plan, purchase a service, check it off on their security audit reports, then go about their business as usual -- and most of the time, that's just fine. Until disaster strikes.

Are you flirting with disaster -- or are you prepared? YES

So what constitutes a disaster? It could be as serious as a hurricane, an earthquake, or a flood -- or as common as an unplanned power outage. You need to be prepared for various contingencies, because your response will vary according to the nature of the problem. For example, you need to get backup power running as soon as possible after a blackout, but going live immediately after a flood could cause more damage than the disaster itself.

I'm not going to document the process of creating a business contingency plan here. There are plenty of resources available on the Web, some of which I've listed below, and scads of companies that provide disaster planning services. I suggest reviewing some disaster planning articles every year just to keep the concept fresh in your mind.

It's also good policy to hold an annual disaster drill. Vary the emergency, but make sure your crucial people know what to do. Chances are, you'll uncover unforeseen flaws in your plan -- an empty fuel tank for your emergency power generator, a new phone number for a key staffer, someone forgetting to document the new password at your off-site storage facility.

Several organizations offer training and certification programs for both business contingency planning and full-scale disaster recovery. A degree program in disaster recovery is overkill for any organization that doesn't actually provide disaster recovery services, but it might make sense to send a staffer through some certification courses.

If you have a plan in place and you're sure your employees are prepared to execute it if necessary, relax. Chances are you'll never have to use the plan. Don't keep looking over your shoulder for a 747 to fall on your data center. You have plenty of other things to worry about.

Disaster recovery resources
Good general intros:
Web sites: