|
Step 1: Assess
The first step is to conduct a detailed review of the vulnerabilities that IT and the overall business face by performing a business impact analysis (BIA). This should cover what threats are likely (power outage, natural disaster, terrorism) and the possible consequences in terms of lost revenue, productivity and reputation. Identifying the threats likely to prevail in a particular geographic region will help determine data center location, data center site separation, and the most cost-effective technologies for DR. Also establish recovery time objectives (RTOs), or the time to full resumption, and recovery point objectives (RPOs), which specify the amount of data loss acceptable in terms of minutes or hours.
Gartner analyst Donna Scott says a BIA needs to be a joint project between business and IT. "You have to understand what the most critical things in your business are that you need to protect," she says. "You really have to understand your business. IT can't do it by itself."
A BIA, she notes, is different from a security assessment. A BIA is focused on assessing the criticality of business processes and the applications used within them, as well as the impact when the applications and infrastructure are not available for varying periods of time.
Sometimes it takes a real disaster to wake up a company. When Hurricane Rita was headed for Houston a couple of years ago, the LifeGift Organ Donation Center implemented its DR plan: The IT staff loaded equipment on a truck and drove it to Dallas. Management realized it needed a better plan and contracted with CompuCom, a Dallas-based IT services firm, to take over DR planning.
CompuCom solutions architect Charley Ballmer created a BIA for LifeGift, assessing hurricanes and flooding as the most likely disasters, followed by a terrorist attack on the local petroleum industry. The BIA ranked LifeGift's most critical business processes as organ tracking and patient communication, establishing a 15-minute RTO for those apps, while accounting was given a 24-hour failover period.
"When they went into DR mode [during Rita] their plans were for naught," Ballmer says, noting that a bigger disaster could have had fatal consequences for the organization. "They hadn't made the investment in hardware and strategy."
Now CompuCom runs LifeGift's IT environment from its own operations center, fully testing the DR failover systems every six months. LifeGift, Ballmer adds, is prepared to weather a major storm with only minimal disruptions.
|
