Recovering from disaster is less a solution than a process. Companies must take control of their own destinies. Managing disaster recovery is more about managing partner relationships than managing assets. Chicago accounting and consulting firm UHY Advisors has opted for a combined "rent-and-buy" approach as its disaster recovery strategy. The company's core applications--e-mail, document management and data backup--all reside on hardware located outside UHY's four walls, at several application service providers. The company's tax and audit application and a time and billing application--as well as key data--are housed on UHY-owned hardware at a managed data center.
Opting for an outsourced distributed data center strategy, the company houses its applications, data and hardware at partner facilities in Chicago, Denver, Philadelphia, northern Illinois and New Jersey--but never all in the same place. "We're spread out based on providers and risk," says UHY CIO Matthew Camden. UHY executives discovered the advantage of outsourcing application and data hosting as a disaster recovery strategy last spring, at the height of tax season, when a brownout hit its Smithfield, Mich., office at noon on a Friday. Some 100 employees were temporarily unable to process tax returns. But because all the company's applications sit on remote servers accessed via the Web, employees only needed to find new Internet connections to resume work. As planned, half the employees went to UHY's second suburban Detroit location in Sterling Heights, a 20-minute drive; the rest headed home to work on their company-issued laptops.
(UHY's workforce is highly mobile, with 90 percent of the company's 1,500 employees, including all consultants and auditors and two-thirds of the tax professionals, on laptops.) Nine hours later when electrical service was restored in Smithfield, employees got word via e-mail.
For the most part, UHY's outsourced IT/disaster recovery strategy keeps the professional services firm out of the capital asset business. However, the company is responsible for local disaster recovery and business continuity planning, including conducting core business risk assessment and business impact analysis.
So, for example, because Internet connectivity is critical to UHY's core business functions, the company has four failover strategies: All offices have primary T1 or T3 Internet connections, with cable or DSL backup (in some metropolitan areas there are T1 lines for back-up); all offices have wireless connectivity and all laptops and desktops have wireless broadband cards; and most users can connect to the Internet from home.
"Our uptime strategy for 2007 is to deliver technology that is continuous, simple and built into the third-party application and hosted facility services," Camden says.
UHY's disaster recovery strategy straddles the firm's IT strategy, which was born of necessity in 2004, after the rollup of six firms left the company with no core IT infrastructure to ensure security, reliability or cost-effectiveness.
Camden estimates UHY spends 4 percent of its revenue--$ 197 million in 2006--on technology, which he contends is a point less than average midsize accounting firms.
Furthermore, says Camden, "We don't believe that, today, we're at a world-class user support level, which is where we need to be before we'll bring the IT infrastructure in-house," adding that the company's partner vendors offer top-notch service, support and accountability.
"Not only is accountability assumed by the vendor but it's backed up with service level agreements (SLAs) and class-of-service contracts," says Imran Khan, industry analyst at management consultancy Frost & Sullivan.
Outsourcing IT and telecom to meet disaster recovery/ business continuity as well as compliance objectives-- another reason UHY opted to go this route--is a hot button issue, says Khan, citing a recent Frost & Sullivan survey of IT executives revealing that about one-third of companies do just that.
Ask your CFO:
Can outsourcing aspects of IT/disaster recovery help the organization meet compliance requirements?
Ask your CEO:
Is the company's focus on its core competencies diminished by involvement in IT projects and management?