Business Continuity – what “Disaster Recovery” doesn’t do for you

By Ryan Barton | October 2, 2013

Recently, I facilitated a meeting of the NewHampshire IT Professionals Forum and presented training on BusinessContinuity, and what we’ve learned about it through the years at Mainstay, aswe lead our clients to stable, effective use of their technology. 

It’s gotten me thinking about strategies to better educate organization leaders on the questions they should be asking.  We all live with an incredible reliance on technology – without it, business grinds to a halt.  Yet how much attention do we pay to the systems needed to keep our organization running?

The answer is typically: not enough.

There are a lot of articles online about disaster recovery,business continuity, and the like. So I’ll keep this one short.  We all know, without systems, business stop!We all know we need to have as much reliability as possible, yet this is thereal world – no one has an unlimited budget, and most of us have tight budgets.

Here are some questions to ask your IT team:

First, ensure Disaster Recovery is solid. It all starts with good backups. 100% of data needs to be backed up, frequently, securely, onsite and offsite, and it needs to be monitored daily and tested routinely.   Questions to ask:

  • How often are backups occurring? (Daily is a minimum)
  • Is 100% of data backed up, from all locations? (All servers? All applications? All data, including “My documents” and archived emails?)
  • Is all data backed up offsite, frequently? (Data needs to live in more than one physical location)
  • How many revisions are stored? (If our bookkeeper deletes data and doesn’t notice for a week, can we still recover the data?)
  • Has it been documented? (Thorough documentation of where data lives, how it is backed up, and how restore procedures work is important)
  • Is it monitored? (Backups need to be checked daily)
  • Is it tested? (Routine tests are the only way to ensure it actually works effectively)

Second, document “Acceptable Downtime.”  It’s easy to think that a system that works today will still work tomorrow.  But as Newton pointed out centuries ago – all things tend to disorder.  Systems DO fail, it’s an inevitable fact of life!  The key is, how long can you live without a system in case of a failure, and how much are you willing to spend to prevent it from failing?  All downtime has cost… sometimes it’s easy to calculate (if an engineer who bills at $150per hour is sitting idle because of a system crash, every hour of downtime has a very defined cost), sometimes it’s not (how many sales opportunities were missed while the email server was down?). 
We recommend all our clients engage in a process of considering and documenting how long is “too long” for downtime.  Here’s how we do it:

  • Start by itemizing all the major technologies in use – Internet, phones, email, shared files, software databases, remote access,individual computers, central servers, etc.
  • Gather stakeholders together (it’s important IT doesn’t make this determination in a vacuum) and discuss maximum acceptable downtime for each. How long can you live without the Internet? Without remote access?Without email? Without software access?
  • Then, revisit your disaster recovery plan, and document how long it (honestly) takes to recovery from various outages,including corrupted file, O/S failure, hardware failure, ISP outage, power outage, location loss, and the zombie apocalypse (hey, you never know…)

Finally, create a plan and budget effectively. Compare the acceptable downtime with your actual risk.  The gap is what drives IT upgrades.  As you budget for plans, focus on a Return on Investment in saved downtime. For instance, if a server outage would cost your business $2,000 per hour, then a $4,000 backup server would pay for itself by saving only 2 hours of downtime.  

Above all, we have to be intentional – thinking ahead,realizing that things will go wrong with your technology. It’s just a matter of when, and how big the impact. By thinking ahead, we can anticipate, prevent, and save cost!