Peace of mind: disaster recovery plans can keep your business alive.Let's say your client has five offices across the country. They manage their operations, accounting, IT network and all software services for these offices from their local office. Your client hosts its e-commerce website at its local office, and, from that office, also serves all software and information used by its staff at all locations. Further, 40 percent of the company's business originates from customer transactions using its website. None of the company's other offices store information on their local computers. Then, one day, your client's local office is hit by a major storm, flooding the lower floor, which houses the server room, and causing irreparable ir·rep·a·ra·ble adj. Impossible to repair, rectify, or amend: irreparable harm; irreparable damages. [Middle English, from Old French, from Latin systems and hardware failures. In the aftermath: * Work comes to a halt--at all locations across the country. * The company's website is down, thus 40 percent of its customers cannot conduct business with your client. * The set of backup tapes See tape backup. your client locates is more than one week old, and are damaged from water and other elements. No one has been able to locate older backup tapes. Your client is left with no current data, no productivity, limited customer orders and interaction, and no likelihood of restoring any current information with which to do business. Think this is an exaggeration Exaggeration Bunyon, Paul legendary giant, hero of tall tales of the logging camps. [Am. Folklore: The Wonderful Adventures of Paul Bunyon] Jenkins’ ear trivial cause of a great quarrel. [Br. Hist. ? OK, instead of a flood, substitute another real disaster--the possibility of a corporation's data being corrupted or deleted by a hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. or ex-employee. Or imagine power surges An oversupply of voltage from the power company that can last up to 50 microseconds. Although surges are very short in duration, they often reach 6,000 volts and 3,000 amps when they arrive at the equipment. Power surges are a common cause of damage to computers and electronic equipment. or internal staff systems abuse. AVOID THE HORROR No one knows when--or if--a systems failure will occur, which is why it's even more important for your firm, and your clients, to develop, maintain and regularly test a disaster recovery plan to mitigate the losses due to a system failure. Disaster recovery planning confronts the likelihood of a disaster from which a company must recover effectively and efficiently. Business interruption can originate from a winter storm, the loss of electricity, inaccessibility to a facility for an extended period of time, a hardware failure or software corruption--along with the threats of viruses or hacking See hack and hacker. and malicious intent from internal or external influences. In today's information-centric environment, much of a disaster recovery plan addresses IT systems and data loss. However, the plans also must address logistics surrounding sales, administration, manufacturing/production, operations and commerce-based functions. If successful, a disaster recovery plan allows a business to continue as usual--or close to it--in the event of system failures. Disaster recovery planning requires a sizable investment of corporate labor and financial resources in the areas of procedure design, implementation and testing. These efforts rely on the expertise and familiarity of internal managers, and often the use of outside advisers, such as CPAs and IT professionals. The adage "an ounce of prevention is worth a pound of cure" cannot be more applicable than to disaster recovery planning efforts. If your clients resist implementing a recovery plan because they choose to avoid its common sense and prudence, consider this: disaster recovery plan efforts are addressed--directly or indirectly--in regulatory compliance doctrines in place for companies of all sizes, including Sarbanes-Oxley, HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and other federal, state and local privacy protection acts. CREATE, MAINTAIN, TEST The first step in creating a disaster recovery plan is to form a disaster recovery plan/crisis management team, which will be responsible for creating and maintaining the plan, and managing it in the event of any business interruption. [ILLUSTRATION OMITTED] This team must represent all key departments and functions of a given company, and should keep in mind the following objectives: * Continuity and survival of the business; * Protection of corporate tangible and intangible assets Intangible Asset An asset that is not physical in nature. Notes: Examples are things like copyrights, patents, intellectual property, and goodwill. These are the opposite of tangible assets. ; * Creation and documentation of specific preventative measures/activities; and * Ability for the disaster recovery plan to be tested periodically and modified to stay current with the business and any technological advances. The disaster recovery plan creation process involves assessing the myriad business risks that a company would face in the event of a disaster, everything from loss of data to communicating to clients about the disaster. Once these risks are identified, an exercise of prioritization unfolds and the team focuses on preparing for the loss of those corporate services Activities that combine or consolidate certain enterprise-wide needed support services, provided based on specialized knowledge, best practices, and technology to serve internal (and sometimes external) customers and business partners. and resources that are deemed most critical to protect. Subsequently, the team creates action plans and underlying documentation of procedures that mitigate each of these risks and then tests these plans and procedures in real time to the greatest extent possible. This may mean shutting down the company's power or internet connection, for example, during business hours BUSINESS HOURS. The time of the day during which business is transacted. In respect to the time of presentment and demand of bills and notes, business hours generally range through the whole day down to the hours of rest in the evening, except when the paper is payable it a bank or by a as a test. It's extreme, but it often is the only way you can test your disaster recovery plan, the employees' understanding of it and their responsibilities. Sadly, many companies do not test their planned procedures in any way, which simply renders the disaster recovery plan useless. THE IT PART OF THE RECOVERY PLAN Returning to our company described earlier, which suffered flood damage, your client would have benefited greatly from having a disaster recovery plan that addressed the loss of its critical data and business information systems functions. Among others, specific steps should have included: 1. Regular and secure off-site rotation and storage of data backup media, accompanied by procedures on how to retrieve media for restoring systems in the event of a disaster. 2. A mirrored website. This is an alternate live website that kicks in when the primary site fails, providing continuing service. This would require procedures to point the alternative website to an alternative data source to restore e-commerce functionality. 3. Redundant communications configurations to forward telephones to an alternate location, including cell phones, to handle customers' needs during the crisis. 4. Set up a "hot site" to provide for redundant hardware, loaded with current versions of business-specific software, and access to fresh backup data that could be restored in the event of a crisis. Such a site could be a remote client office location or that of a third-party vendor who specializes in this area. 5. More effective server room build-out. Specifically, locate servers and related equipment and backup media in a location less vulnerable to flood or other natural disasters. Disaster recovery plans are critical, and businesses that invest time and effort in their creation, maintenance and testing will be rewarded in the event of disasters. Using a combination of internal business manager knowledge and input from outside advisers--including CPAs--a disaster recovery plan can be created to provide peace-of-mind and value to any business. BY ROBERT GREEN This article is about the English footballer. For other people with the name "Robert Green", see Robert Green (disambiguation). Robert Paul Green (born January 18, 1980 in Chertsey, Surrey) is an English professional footballer who currently plays for West Ham , CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. , CITP (Certified Information Technology Professional) A specialty credential awarded by the AICPA to its CPA members who excel in the provision of technology-related business services. . SCOTT COOPER
1. AND RICK MARK, CSE (Certified Systems Engineer) See Microsoft certification. Robert P. Green, CPA, CITP and Scott Cooper, CMC are managing partners at and Rick Mark, CSE is chief infrastructure architect at Los Angeles-based INSYNC Consulting Group Inc., which provides IT advisory services advisory services advisory services provided to the public, in their capacity as owners and managers of animals, are an important part of veterinary science. They may be provided by government bureaux, by commercial companies who deal in pharmaceuticals or animals or animal and computer forensics The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may include a function that copies the entire hard drive to another system for inspection, allowing the original to services. You can reach them at (310) 446-8600. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion