IT has long lusted after having a seat at the corporate strategy table – we want to be treated just like the other parts of the business. However, there is a good chance that you’ve forgotten one important task that will prevent this from happening – planning for a disaster. Before you can be considered a part of the senior management organization, you need to have proved that you have all of your fundamentals taken care of.
When the chips are down and a disaster has struck your firm, everyone is going to be running around like a chicken with its head cut off. The IT systems WILL be down. The question that you need to have a good answer to is when will they be back up?
Creating a living IT disaster recovery plan is an excellent way of aligning the IT department with the rest of the business. Ultimately, what will guide the IT plan is how to get the rest of the business up and running as quickly as possible. Not only does this help the business, but it can also be a critical part of the firm’s compliance policy.
The term “disaster” makes people think of acts of nature such as hurricanes, tornadoes, snowstorms, and floods. However, this is misleading. A disaster can strike your IT department when the sun is shining outside: loss of power will take all of your servers down eventually. Additionally, in the 21st Century a loss connectivity can also be considered to be a form of IT disaster.
What Systems?: When you start to create an IT disaster recovery plan, the first thing that you want to do is to start collecting inputs. You need input from all involved parties: development managers, operations managers, department managers, Sales, etc. Your goal needs to be to develop a clear understanding of what systems are your key systems and which ones need to be up in order for the business to keep running.
What Order?: Your next step needs to be to develop an understanding of the interdependencies between the various systems so that you can understand the sequence in which applications can be brought back up. Talking with the various stakeholders will be required in order to create a list of what systems need to be brought up first.
Data Centers: Your company is ultimately as valuable as the data that you have. This means that making sure that you have a plan to protect your data needs to be at the heart of your disaster recovery plan. If all of your data is currently stored in a single data center, then you need to make plans to use a different data center in the event that something happens to the first one.
Virtualization: although the rest of the company may not understand what we are talking about when we bring up the topic of virtualization, it’s a key part of any modern disaster recovery plan. When servers and storage have been virtualized, then it becomes much easier to use their images to reload and restart servers in a new location. This can greatly reduce your disaster recovery plan’s recovery time objective (RTO).
Staffing: One final part of your IT disaster recovery plan needs to deal with staffing – who’s going to be there to run your IT systems when today’s IT location(s) are no longer available? Making sure that backup locations are available and are accessible by your staff are a must.
Does your IT department have a complete disaster recovery plan? When was the last time that you tested this plan? Do you consider it a living plan or is just in a binder on someones shelf? Leave me a comment and let me know what you are thinking.