How to Develop a Business Continuity Plan
Today’s world is plagued with natural disasters, power outages and civil unrest that can interrupt or shut down your business. Are you prepared?
But which type of plan protects a data center best that, after all, is usually the CIO’s main concern? Here are three examples to choose from depending on the company’s budget and how long it can afford to be without its technology services, says Douglas Henderson, president of Florida-based Disaster Management, Inc.:
· Redundant site. A completely functional separate operation that continually duplicates every activity of the primary data center. Under this environment, the primary data center can be completely shut down without any interruption of service as the redundant site is fully staffed, equipped and continually operational.
PRO: Technology services can be accessed instantaneously.
CON: Requires duplicate staff, hardware and space, which may make it a very expensive choice.
· Hot Site. A separate operation that’s ready on a standby basis with compatible hardware, power, communications and other necessary assets. Must be regularly tested to assure readiness.
PRO: Doesn’t require a duplicate staff. Can generally be made fully operational in 24-36 hours.
CON: Requires duplicate hardware and space.
· Cold site. A separate facility that isn’t operational but can be made operational within a reasonable period of time. Electric power and communication access is available, but the computer hardware isn’t in place.
PRO: Doesn’t require duplicate staff or hardware. Least expensive choice.
CON: Requires duplicate space. Provides partial recovery in five or more days but full recovery takes longer.
Regardless which BC plan you choose, your priority should be resiliency--assuring reliability within the data center so that, perhaps, Plan B may never be necessary. Experts point out that backing up electronic data to an off-site location as frequently as possible is the very best, simplest way to prevent catastrophes. With the popularity of cloud computing, electronic vaulting is a no-brainer.
What you don’t want to do is backup data daily but only move it off-site, say, once a month. This means that if a disaster occurs 28 days from the most recent transfer, you’re at risk of losing almost a month’s worth of data. A weekly transfer is recommended.
And be sure your staff knows how to access the data that’s offsite. A planning session is critical to determine that everyone knows where the data is and how to get to it.
Also, are you sure you are backing up everything, even the data that employees are working on at home on their laptops? Or from the Macs in your art department, which may not be part of your main data center?
Smaller companies may try to cut corners and save money by storing data onsite in a so-called fireproof enclosure, like a safe. Be aware that safes may be fire-resistant but they aren’t fire-proof. And if the data is on the premises, what happens if a fire or other disaster prevents you from accessing the building? Or perhaps the building is destroyed?
Here are some other no-no’s to avoid:
· Don’t overplan by addressing every single disaster that could possibly occur. It’s more important to prioritize. One company put a lot of effort into determining what they would do if a terrorist walked in the door. Wasn’t it more likely that a fire would occur? The largest percentage of outages in data centers result from human errors and power failures, not from earthquakes or bomb explosions. Spend your time and effort on the most likely occurrences.
· Don’t rest on your laurels. When you get a plan in place, keep testing and improving it. Planning that appears adequate on paper may have glitches in an actual emergency. Conducting periodic exercises will help to discover what needs to be corrected before a disaster strikes.
This article was originally published on 01-25-2013