Deciphering Disaster Recovery from Business Continuity Planning

Disaster recovery and business continuity planning are two related terms that organisations often confuse. And this confusion isn’t something to be taken lightly. Muddling disaster recovery and business continuity planning can, at the very least, inhibit organisations from staying competitive and, in the worst-case scenario, force organisations out of business. Talking with an IT provider experienced at developing and implementing both disaster recovery and business continuity planning will help you determine the best approach to protect your organisation from potential data loss and business risk.

Keeping technology covered with disaster recovery

Disaster recovery is basically what it sounds like — it allows your business to continue operating from a technical standpoint after a disruptive occurrence. This includes backup activities and ensuring systems can start back up offsite. Statistics from 2007 reveal that only 6 per cent of organisations that suffer catastrophic data loss remain in business. A properly followed disaster recovery plan can prevent such dire financial straits, in addition to unacceptable downtime and customer data loss.

A disaster recovery plan will involve a business impact analysis and guide the appropriate approach to systems, data and networks that are critical to the business. Some of the considerations that will go into a disaster recovery plan include how quickly businesses will need systems to be available — one hour or one day, for instance — in the event of a disaster, critical processes that must be included and backup procedures.

Focusing on people with business continuity planning

Disaster recovery covers technology and some processes essential to operations. But what about your organisation’s most valuable resources: your people and critical partners’ employees? Business continuity planning looks at the whole picture of how your enterprise will continue in the face of any minor or major change.

Consider business continuity planning the IT version of strategic succession planning, with the addition of technology and operations to people. Disaster recovery is an important component to a successful business continuity plan, but it’s only one part. You must consider all challenges in your business continuity plan, ranging from how employees communicate during a disaster or small technological hiccup to who will keep things running smoothly if a network administrator takes a sick day. This business continuity planning includes the simplest of components, such as having all employees’ contact information, to more technical aspects involving how they will be able to continue working.

Developing disaster recovery and business continuity planning approaches are, as you’ve already guessed, involved processes that will benefit from expert advice. They are considerations that you can’t afford to ignore when it comes to keeping your business going in the event of an outage or disaster.

4 Steps to Creating a Viable Business Continuity Plan

Your organisation might need a business continuity plan (BCP) to ensure that the right people and processes are in place to allow your business to continue functioning during an outage or disaster. Without a BCP in place, you might have the right disaster recovery technology to be able to access critical systems and data, but not a plan for actually activating the human element needed to see it through.

There’s no substitute for working with BCP experts to devise a comprehensive plan. But you can begin the BCP process with your team and fellow senior managers. Follow these four steps to take the guesswork out of drafting a BCP.

BCP Step 1: Identify the roles and responsibilities personnel will assume. Start your business continuity plan by listing key personnel — those with intimate knowledge of systems and processes and, perhaps most importantly, can-do attitudes. Ensure they’re assigned the most important duties and have proper communications equipment. See who amongst other employees can perform as back-ups in your business continuity plan. Create a list of all processes and functions that must be covered in your business continuity plan, including step-by-step directions to complete tasks. More than likely, you’ll notice how many processes or functions have no back-ups. Create a cross-training schedule for the BCP to mitigate this risk.

BCP Step 2: Establish the main risks and response times. Know where you’re most vulnerable in the event of a disaster or even a key employee stepping down when crafting your business continuity plan. Whether the vulnerabilities lie in technology, processes or job functions, you’ll need to set two very important objectives in your BCP: your recovery point objective (RPO) and recovery time objective (RTO). The former is the amount of data loss you can sustain during a disaster or disruption. The latter is the amount of time required to come back online and resume normal operations. Because your RTO is largely dependent upon data centre and disaster recovery providers, check your service level agreements to ensure they’re up to snuff for your business continuity plan.

BCP Step 3: Lock down all the contingency plans. It may take some time to find alternate locations fully stocked with the computers, network infrastructure, process necessities and communications devices your staff can work from during an event. But as you work towards a fully functioning contingency location for your business continuity plan, you can:

  • Know your current contingency equipment options and what you’ll need to fill the gaps
  • Set an emergency meeting location every employee can report to
  • Place emergency kits in your offices and in the emergency meeting location
  • Establish who can work from home and, in the event of an emergency, how they know to work from home until notified otherwise

BCP Step 4: Ensure the plan is communicated and that people can communicate. A BCP requires many interconnected — and disparate — parts. But they all must reside in one final version that the right people can access. Once you know employees can access the business continuity plan, ensure they also have the communications devices they’ll need as well as a phone-tree list so information is passed quickly and methodically. Be sure to include in your business continuity plan contact information for external contacts so your organisation can communicate with partners and vendors.

Remember: a BCP is never “done.” Think of it as a living document. Because business always changes, so must your business continuity plan to keep your organisation afloat.

The Future of Unified Communications

As more businesses look to increase productivity and mobility, unified communications and collaboration will grow bigger and better to meet these technology needs. Even with individual tools such as video conferencing and presence making a difference for organisations and integration between the different technologies possible, unified communications is popping up in other areas such as personal mobile devices and the cloud.

Making mobile communications possible

Employees are using their own devices for work, which means they will eventually need access to the same unified communications tools on their mobile phones and tablets. Providers such as Cisco will soon let users access their mobile phones like a corporate desk phone, providing features such as unified inbox, call back and conferencing. Employees will be able to work from the road and still reach colleagues as they would in the office.

Cisco will also offer connection to third-party devices by the end of the year as a new feature of Cisco Unified Communications Manager. This means users can use another device as their office phone and have all calls routed to whatever phone they are using on the road.

A move to the cloud

It seems technology trends are folding into each other more and more, and unified communications and the cloud are the latest marriage. What’s so great about the two together? Well, more freedom in how and when you access your communications tools, for one. Ideally, unified communications platforms hosted in the cloud should let you instant message, video chat or call someone from whatever device and (secure) network you want. There might also be fewer infrastructure maintenance costs and tasks involved.

Datacom has seen organisations leverage both public and private cloud to lay the groundwork for their unified communications programmes. Organisations can also use a hybrid cloud approach to unified communications, the latter of which gives organisations even more flexibility to mix and match the technologies and vendors they want while better controlling costs and implementation challenges.

A vendor-neutral solution stack

In the past, organisations have often opted for a unified communications technology stack from one provider. This makes sense to a point — it can simplify licensing and make management easier. But organisations that don’t consider solutions outside a single provider can miss out on technologies that might be better-suited to their business.

The trend in years to come, according to an article from earlier this year on TMCnet, will have organisations instead looking to unify the best-of-breed technologies under an IT integrator. Not only will this help organisations take advantage of an array of technologies from different providers — it will also allow easier integration of these new technologies into existing systems.

Which communication and collaboration capabilities will your organisation look into?

3 Considerations for Finding the Right Disaster Recovery Solution

Now that disaster recovery (DR) is as big a concern among CIOs as it is for potential customers, a piecemeal solution combining in-house servers with several off-site backups will no longer suffice.

Ensuring business continuity for internal and external customers in the midst of a disaster can separate your business — and your leadership — from the pack. And, in a short manner of time, it will be a minimum requirement for even the SME crowd.

According to a study by KPMG, 20 per cent of all organisations will undergo some type of disaster during a five-year period. And 40 per cent of businesses that survive a disaster will go out of business within a two-year timeframe. As businesses become more aware of their vulnerability, the demand for comprehensive disaster recovery will only escalate.

As your organisation considers a disaster recovery plan and begins vetting solution providers, question their ability to meet these DR requirements.

1.  Do they cover the DR gamut? Before diving into the details of each component, make sure you’re dealing with a full-suite DR solution. Verify they offer:

  • Server infrastructure services that cover assessment and reporting to demonstrate the state of your data, optimised server architecture to create the appropriate solution and hosting/management of systems infrastructure to ensure your data isn’t compromised if your location has been compromised.
  • Enterprise storage infrastructure, primarily data security and management, that guarantees the data that supports the processes is unharmed and available.
  • Strategies and solutions for DR as well as business continuity that go beyond hardware and data to prescribe the actions everyone from senior management to the janitor should take in the event of a disaster.

2.  What recovery time does the provider offer? The answer will vary from organisation to organisation and situation to situation. But after providing a glimpse of your services and size, expect fairly concrete answers during the proposal process. Focus on the two key areas of recovery time:

  • Recovery Time Objectives (RTO) – the time necessary for your business systems to return to functionality after a disaster.
  • Recovery Point Objectives (RPO) – the time necessary for the most recently saved data to become available after a disaster.

Of course, the time necessary for recovery goes hand-in-hand with the DR system’s availability. As you negotiate the service-level agreement, look for an extremely high guaranteed server and network availability number, usually 99.9 per cent. During the 2011 floods and cyclone that hit Queensland, Datacom was able to help one metals producer maintain 100 per cent uptime throughout the disaster and offer 24/7 remote support.

3.  What stability and scalability do the company offer? The concept of stability goes far beyond hardware, processes and data recovery for a quality DR provider. You’ll need a service provider that can grow with your organisation and remain in it for the long haul. Be sure to discuss scalability and flexibility. Can the provider adapt to your evolving organisation? Is it at the bleeding-edge of technology, procedures and thought leadership? Is it prepared for your pending expansion?

If the DR provider you’re evaluating meets these criteria, you’ll be well on your way to launching a comprehensive DR solution that ensures business continuity during the unexpected.