KingsBridge Disaster Recovery - Why Plan?

The primary objective of a Business Continuity or Disaster Recovery Plan is to enable an organization to survive a disaster and to re-establish normal business operations.

In order to survive, the organization must assure that critical operations can resume normal processing within a reasonable time frame. Therefore, the goals of the Business Continuity Disaster Recovery Plan should be to:

  • Identify weaknesses and implement a disaster prevention program.
  • Minimize the duration of a serious disruption to business operations.
  • Facilitate effective co-ordination of recovery tasks.
  • Reduce the complexity of the recovery effort.



Historically, the data processing function alone has been assigned the responsibility for providing continuity planning through a Disaster Recovery Plan, typically associated only with recovery of IT functionality. Frequently, this has led to the development of recovery plans to restore computer resources in a manner that is not fully responsive to the needs of the business supported by those resources.

Business continuity planning is more comprehensive with a business operations focus rather than a data processing focus. In the past year, it has become clear that disaster recovery must include a business process oriented business impact analysis and a determination of what other systems are required to operate, such as: paper forms, skilled and knowledgeable people, special equipment, communications systems, work space and inventory.

In today's environment, the effects of long-term operations outage may have a catastrophic impact. The development of a viable recovery strategy must, therefore, be a product not only of the provider's of the organization's data processing, communications and operations centre services, but also the users of those services and management personnel who have responsibility for the protection of the organization's assets.

The methodology used to develop the plans, emphasize the following key points:

  • Providing management with a comprehensive understanding of the total effort required to develop and maintain an effective recovery plan.
  • Obtaining commitment from appropriate management to support and participate in the effort.
  • Defining recovery requirements from the perspective of business functions.
  • Documenting the impact of an extended loss to operations and key business functions.
  • Focusing appropriately on disaster prevention and impact minimization, as well as orderly recovery.
  • Selecting project teams that ensure the proper balance required for plan development.
  • Developing a continuity plan that is understandable, easy to use and easy to maintain.
  • Defining how continuity planning considerations must be integrated into ongoing business planning and system development processes in order for the plan to remain viable over time.



The successful and cost effective completion of such a project requires the close cooperation of management from all areas of Information Systems as well as business areas supported by Information Systems. Senior personnel from Information Systems and user areas must be significantly involved throughout the project for the planning process to be successful.



What if I Don’t Plan?

  • Loss of business if a disaster occurs - A recent Gartner Group study found that:
    • 70% of companies that suffer a major IT disaster, without a valid recovery plan in place, fail within the next year.
    • Of those that do survive, only 10% make a full recovery.
  • Without a plan, recovery is guaranteed to be slower, resulting in:
    • Loss of customers
    • Lost sales revenue
    • Loss of shareholder confidence
  • Without a plan, recovery is always more expensive
  • Investors will require a plan
  • A plan will protect directors from liability concerns
  • The SEC requires a plan for public companies
  • Numerous regulations require planning (see the Knowledge Base at www.DisasterRecovery.com)
  • The NFPA standard 1600 may soon be law, which will require a written plan for all companies and buildings (similar to Y2K plan requirements for all business to have a written plan)



What do You Mean by a Disaster?

This is a typical question, based on the thought “What kind of disaster would I possibly need to plan for?” A disaster is defined as any event, which disrupts operations to the point of having a significant interruption of service or operation with a resulting negative impact, such as:

  • Storm
  • Fire
  • Employee Strike
  • Tornado
  • Hurricane
  • Flood
  • Malicious employee damages systems
  • Hardware failure
  • Software failure
  • Virus
  • Theft or robbery



Implement a Plan

In closing, it is important to keep in mind that the aim of the planning process is to:

  • Assess existing vulnerabilities
  • Implement disaster avoidance and prevention procedures; and
  • Develop a comprehensive plan that will enable the organization to react appropriately and in a timely manner if disaster strikes.



Plan your response to a disaster. Disasters do not come with advanced warning and thinking it all through in advance and preparing a written procedural response to business resumption and recovery is the only prudent and responsible course of action.

A written, well-prepared Business Continuity and Disaster Recovery plan is an absolute must for business success in our world today.