Business Continuity and Disaster Recovery
Business Continuity Management and IT Disaster Recovery Management
What would you do if your equipment, applications or data you rely on every day for your business, stopped working? It is certainly not a pleasant scenario by any means. But for small business to large enterprises, it is critical to consider and create IT Disaster Recovery plans.
Sophisticated disaster recovery strategies are needed due to the growing risk of availability failure. The use of snapshot and replication techniques, IT services failover to multiple data centers, and BCM planning software will improve the effectiveness and maturity of your BCM program.
IT Disaster Recovery Plan
"Recovery strategies should be developed for Information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity.
Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis. IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource.
Information technology systems require hardware, software, data and connectivity. Without one component of the “system,” the system may not run. Therefore, recovery strategies should be developed to anticipate the loss of one or more of the following system components:
• Computer room environment: Secure computer room with climate control, conditioned and backup power supply, etc.
• Hardware: Networks, servers, desktop and laptop computers, wireless devices and peripherals.
• Connectivity: to a service provider (fiber, cable, wireless, etc.)
• Software applications: electronic data interchange, electronic mail, enterprise resource management, office productivity, etc.
• Data and restoration
Some business applications cannot tolerate any downtime. They utilize dual data centers capable of handling all data processing needs, which run in parallel with data mirrored or synchronized between the two centers. This is a very expensive solution that only larger companies can afford. However, there are other solutions available for small to medium sized businesses with critical business applications and data to protect. Internal Recovery Strategies
Many businesses have access to more than one facility. Hardware at an alternate facility can be configured to run similar hardware and software applications when needed. Assuming data is backed up off-site or data is mirrored between the two sites, data can be restored at the alternate site and processing can continue.
Vendor Supported Recovery Strategies
There are vendors that can provide “hot sites” for IT disaster recovery. These sites are fully configured data centers with commonly used hardware and software products. Subscribers may provide unique equipment or software either at the time of disaster or store it at the hot site ready for use. Data streams, data security services and applications can be hosted and managed by vendors. This information can be accessed at the primary business site or any alternate site using a web browser. If an outage is detected at the client site by the vendor, the vendor automatically holds data until the client’s system is restored. These vendors can also provide data filtering and detection of malware threats, which enhance cyber security.
Developing an IT Disaster Recovery Plan Businesses should develop an IT disaster recovery plan.
It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up. Identify critical software applications and data and the hardware required to run them.
Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment.
Prioritize hardware and software restoration. Document the IT disaster recovery plan as part of the business continuity plan. Test the plan periodically to make sure that it works."
Resources for Information Technology Disaster Recovery Planning
- Computer Security Resource Center - National Institute of Standards and Technology (NIST), Computer Security Division Special Publications
- Contingency Planning Guide for Federal Information Systems - NIST Special Publication 800-34 Rev. 1
- Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – NIST Special Publication 800-84
- Building An Information Technology Security Awareness and Training Program - NIST Special Publication 800-50
- IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals - Information Systems Audit and Control Association
Gartner (2014) Predicts 2014: Business Continuity Management and IT Disaster Recovery Management Retrieved August 10, 2014 from http://www.gartner.com/doc/2630027
Ready.gov (2014) IT disaster recovery plan. Retrieved 8/11/2014 from http://www.ready.gov/business/implementation/IT