Four Questions to Ask to Determine if Your IT is Prepared for a Disaster
This is the process and function of ensuring that viable, accessible copies of your various data elements are stored as a secondary copy in some form. This may mean that a paper copy of an executed contract is stored in an electronic form on your IT systems. This may mean that your various electronic records are backed up (successfully) to an acceptable media for redundancy. In any case the first step is to ensure that you have appropriately identified all of your data elements and identified the appropriate backup methodology.
Once this has been completed, the next step is ensuring that an appropriate testing schedule is in place to ensure the “copies” you are making are in fact viable and accessible. There are numerous stories of organizations that went happily along, assuming their tape backup systems were functioning properly; only to find out they weren’t at the worst possible time.
Disaster Recovery is the process of documenting the various backup systems in place and how those will be utilized to recover when the primary systems are unavailable. This is not restoring a file that a user deleted. This is a much more comprehensive process that involves identifying secondary equipment, communication systems, physical locations, key personnel notification chains, vendor communications, client communications and more. In other words, start from the assumption of a catastrophic event to your primary facility. What happens next to manage this event and keep your organization moving forward? Obviously this is a significant undertaking for an organization, however you are always planning. The question is, are you planning for success or planning to fail?
Over the years we have had hundreds (maybe thousands) of conversations with clients and prospects on this topic. During those conversations we have seen and heard just about everything, but the majority of organizations feel they are adequately prepared and have technologies in place that meet the operational objectives. To validate this assertion we created a quick exercise which provides information on the following key questions:
- Identify one mission critical system for your organization (Customer Service System, EMR, E-mail, etc)
- Document your allowable concurrent downtime for that system (1 hour, 4, hours, 8 hours, etc
- Document the potential impact (financial, relationships, credibility, etc)
- Using the assumption you have physically lost the equipment (hardware failure, damage, etc.) this system resides on address the follow questions:
- Do we have redundant hardware
- If no, how long would it take to acquire new hardware
- Once received how long would it take to restore the system onto the new hardware
- Who needs to be involved in this process
The fact of the matter is, that as most organizations put this information on paper and walk through this simple exercise they will quickly find out their current plan/technologies are no where near in line with their stated objectives in item two above.
With the proliferation of the internet and technology, one thing is guaranteed. You will be faced with a situation that requires a well thought out Backup and Disaster Recover Strategy. The question is will you have one.