Disaster recovery planning off CIOs' plate -- sort of

By Zach Church, News Writer 09 Sep 2008 | SearchCIO-Midmarket.com

Technology news and tips for midmarket CIOs Digg This!     StumbleUpon     Del.icio.us

Questioning more than 1,000 IT leaders in "large organizations" worldwide, the survey found that only 33% of companies have a CIO, CTO or IT manager involved in disaster recovery planning.

More on disaster recovery Disaster recovery funding often hard sell for CIOs Failover sites key to surviving disaster DR planning begins with commitment

That's down from 55% just a year ago. In a press release, Symantec called that a "troubling trend," noting that a disaster recovery plan has a better chance of success when an executive is involved.

Of course, midmarket CIOs -- running smaller IT shops -- are more likely to be directly involved in everything that goes on at work, including disaster recovery.

And Andrew Barnes, a senior vice president at disaster recovery firm NeverFail Ltd., says midmarket CIOs are more likely to be on top of a good disaster recovery plan.

"You might think it is harder to sell into smaller organizations, [that] they don't have the resources," Barnes said. "Actually, we find it's more straightforward talking to the smaller organizations, because they realize."

That's a good thing for midmarket IT shops, said Robert Simpson, IT director at ImagePoint Inc. in Knoxville, Tenn.

"IT execs may no longer be in charge [of disaster recovery] at many organizations, but to not at least be involved would be a strategic error," Simpson said. "The IT infrastructure recovery is vital to business recovery and the IT execs represent the most extensive DR experience in many organizations.

"IT execs do not see this as a trend," Simpson added. "Nor is it a new requirement brought on by recent regional, national and/or world events. It has been a way of life for years."

At ImagePoint, Simpson has seen the disaster recovery plan evolve to include the business units. The company's technology availability plan, aligned with an incident management plan, reflects the typical, technical aspect of disaster recovery and business continuity. But the company also has a corresponding business availability plan run by a director of risk management. The technology availability plan is overseen by Simpson and his IT team and includes "presenting plans, upgrades, vulnerabilities and testing results to the board of directors."

Both Barnes and Simpson said not only do CIOs need to be involved in their companies' disaster recovery plans, but they also need to push for regular testing. The survey by Cupertino, Calif.-based Symantec found only 47% of organizations testing once or more a year. Thirty-one percent of respondents felt they were in shape to be up and running within a day in the event of a disaster, a statistic Symantec says shows the need for more regular testing to improve disaster recovery plans.

Observe the chaos and indecisions during a mock disaster and you will immediately see the importance of testing [disaster recovery plans]. Robert Simpson IT director, ImagePoint Inc.

A full third of tests are also unsuccessful, according to the survey, with human error and technology leading the reasons for failure.

At ImagePoint, which designs branded signs for major chain restaurants and retail stores, annual testing includes a failover test to the company's disaster recovery site, data and system recovery testing and a mock disaster.

Simpson said he recognizes why CIOs might not want to test -- it could mean significant downtime and costs. But to ignore the need is "not wise," he said.

"Observe the chaos and indecisions during a mock disaster and you will immediately see the importance of testing," he said.

Consider, too, that the Symantec survey found one-third of organizations have actually had to activate a disaster recovery plan in the past year. The most likely reason for using a plan was hardware and software failure, followed closely by external security threats and power failures. IT leaders responding to the survey also told of natural disasters, internal IT problems, data loss and accidental or malicious employee failure.

The survey also found 64% of North American respondents are re-evaluating a disaster recovery plan to account for the growing impact of virtualization tools on the IT industry.

Tags: Disaster recovery planning for the midmarket,  Information security management for the midmarket,  Strategy: Planning for a disaster,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disaster recovery planning for the midmarket 2009 IT Geek Halloween costume ideas Virtualization management strategies ezine for CIOs Free risk management tools and resources for the enterprise At your peril, disaster recovery testing gets short shrift Covering the people side of a disaster recovery program Disaster recovery and business continuity planning templates Enterprise content management a player in disaster recovery program Managed IT services for disaster recovery and business continuity These disaster recovery services for SMBs include an on-site trailer Disaster recovery services options for smaller businesses on a budget Information security management for the midmarket Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted Strategy: Planning for a disaster Disaster recovery plans for remote offices, branch offices How to build a remote-site disaster recovery plan -- a CIO's advice Business continuity management: Beyond disaster recovery Disaster recovery planning: Chilling lessons played out in the movies Virtualization as a disaster recovery strategy? Disaster recovery and business continuity planning: Know the risks Virtualization the center of county's 'disaster avoidance' plan Disaster recovery funding often hard sell for CIOs Disaster recovery drill: Do you know how to cover your assets? DR planning begins with commitment

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary