Disaster recovery is the process of regaining access to the data, hardware and software necessary to resume critical business operations after a natural or human-induced disaster. A disaster recovery plan (DRP) should also include plans for coping with the unexpected or sudden loss of key personnel, although this is not covered in this article, the focus of which is data protection. DRP is part of a larger process known as business continuity planning (BCP).

Business data protection

With the rise in information technology and the reliance on business-critical data, the landscape has changed in recent years in favor of protecting irreplaceable data. This is especially evident in information technology, with most large computer systems backing up digital information to limit data loss and to aid data recovery.

It is believed that some of the companies spend up to 25% of their budgets on disaster recovery planning; this is intended to avoid larger losses. Of companies that had a major loss of computerized records, 43% never reopen, 51% close within two years, and only 6% will survive long-term.^[1]

The current data protection market is characterized by:

• Rapidly changing customer needs that are driven by data growth, regulatory issues and the growing importance to access data quickly by retaining it online.
• An ever-shrinking time frame for backing up data, which is burdening conventional tape backup technologies.

As the disaster recovery market continues to undergo significant structural changes, the shift presents opportunities for next-generation startup companies that specialize in business continuity planning and offsite data protection such as SunGard Availability Services, Recall, Switch Communications, Symagio, NetMass, Cygem and Onyx Group Ltd.

Events that necessitate disaster recovery

Main article: Data loss

There are many different risks that can negatively impact the normal operations of an organization. A risk assessment should be performed to determine what constitutes a disaster and which risks a specific company is most susceptible to, including:

• Natural disasters
• Fire
• Power failure
• Terrorist attacks
• Organized or deliberate disruptions
• Theft
• System and/or equipment failures
• Human error
• Computer viruses
• Legal issues
• Worker strikes
• Testing

Preventions against data loss

• Backups sent off-site in regular intervals
  • Includes software as well as all data information, to facilitate recovery
• Create an insurance copy on Microfilm or similar and store the records off-site.
  • Use a Remote backup facility if possible to minimize data loss
• Storage Area Networks (SANs) over multiple sites are a recent development (since 2003) which make data immediately available without the need to recover or synchronize it
• Surge Protectors — to minimize the effect of power surges on delicate electronic equipment
• Uninterruptible Power Supply (UPS) and/or Backup Generator
• Fire Preventions — more alarms, accessible extinguishers
• Anti-virus software and other security measures

Disaster recovery planning

Disaster recovery planning falls into the realm of Business continuity planning, as well as Risk management. The planning process consists of the following steps:

• Assess business impact and risk. This should include an assessment of the business unit's function and, preferably, a business impact analysis (BIA). The purpose of the assessment is to determine the business unit's relative contribution to the larger organization (monetary and functional).
• Develop a Disaster Recovery framework. Data should be categorized by importance. Two measures of importance are used, RTO and RPO. Recovery Time Objective (RTO) is the acceptable amount of time between the disaster and the post-disaster resumption of function (how long can we wait to restore data?). Recovery Point Objective (RPO) is the acceptable data roll-back (how current does the data have to be?).
• Develop a recovery strategy and then a written Disaster Recovery Plan. That written plan should address at a minimum: response, recovery, and resumption of services detailed tasks.
• Adjust information systems to make Disaster Recovery easier. This includes consolidating servers and data, perhaps with a Storage Area Network or other archival storage method.

A good plan takes into account many different factors. The most important are:

• Communication
  • Personnel — notify all key personnel of the problem and assign them tasks focused toward the recovery plan.
  • Customers — notifying clients about the problem minimizes panic.
• Recall backups — If backup tapes are taken offsite, these need to be recalled. If using remote backup services, a network connection to the remote backup location (or the Internet) will be required.
• Facilities — having backup hot sites or cold sites for larger companies. Mobile recovery facilities are also available from many suppliers.
• Prepare your employees — during a disaster, employees are required to work longer, more stressful hours, and a support system should be in place to alleviate some of the stress. Prepare them ahead of time to ensure that work runs smoothly.
• Business information — backups should be stored in a completely separate location from the company
• Testing the plan — provisions, directions, frequency for testing the plan should be stipulated.

References

See also

• Seven tiers of disaster recovery
• Backup site
• Virtual Tape Library
• Remote backup services
• Continuous data protection
• Recovery Point Objective (RPO)
• Recovery Time Objective (RTO)
• Secure Virtual Office

Further reading

• Cummings, E., Haag, S., & McCubbrey D. (2005). Management Information Systems for the Information Age. McGraw-Hill Ryerson Higher Education.
• Benton, Dick (2007). Disaster Recovery: A Pragmatist's Viewpoint. Disaster Recovery Journal.

External links

• Disaster Recovery World
• Disaster, Business Week. (Requires registration.)
• The Disaster Recovery Guide

Donate to Wikimedia