Printer Friendly

Eight steps to a disaster recovery plan.

Eight Steps to a Disaster Recovery Plan

While the term "disaster recovery" refers to the actual process of recovering from an unanticipated event, the terms" contingency planning" and "disaster recovery planning" are used interchangeably referring to the process of developing a disaster recovery plan as opposed to the recovery process itself.

Historically, disaster recovery focused on the potential risks to an organization, with an emphasis on natural disasters. Consequently, the risk analysis process focused primarily on the probabilities of a natural disaster occurring. However, today the risk analysis process has moved away from the probability scenario and concentrates on the consequences of a potential risk.

There are eight major phases an organization must go through to develop a comprehensive disaster recovery plan: acknowledgement, acceptance, commitment, development, testing, maintenance, expansion and use. In order to understand the full scope of this issue, it is important for an organization to view this activity as the development of a capability rather than just the writing of another plan.

During the acknowledgement phase, the organization's members designated to create and implement the recovery plan set out to understand the subject of disaster recovery as it relates to the specific needs of their industry. This is accomplished through extensive reading and attending workshops and classes related to disaster recovery planning.

The acceptance phase is a process of understanding how and why disaster planning relates to a specific industry and organization. A business impact analysis is performed to determine the problems a company would face as a result of a computer system outage during a crisis situation. Finally, the application systems supported by data processing are evaluated and the potential risks resulting from a system outage are established.

During the commitment phase an organization evaluates all available solutions to the potential problems. An alternate site is chosen to house a back-up computer system if the main system is rendered inoperable or is completely destroyed and any plan development solutions must be considered. A major step in the commitment phase is the presentation of all problems and possible solutions to the organization's management so they can properly evaluate the situation and commit to the chosen solutions.

The actual implementation of the solutions selected to protect against the identified risks takes place during the development phase. During this time the back-up computer facility is built, equipped with hardware and software comparable to that in the main facility, and put on-line. In addition, back-up copies of all vital records, are stored at the new facility and any fire prevention systems should be installed and activated at this time.

The testing phase entails a thorough evaluation of the organization's ability to successfully move to the alternate computer facility, restore the operating systems software and reload critical applications program files and job control files. This phase also includes the testing of all on-line connections from the main computer facility to the alternate facility.

The maintenance phase typically requires individuals assigned to create and implement the disaster recovery plan to conduct periodic reviews of the plan's overall effectiveness to keep the disaster recovery process fresh and in step with changes in the organization.

The expansion phase takes the disaster recovery process out of the computer facility and into the rest of the organization. First, all employees using computers outside of the main computer facility must be aware of the steps that will be taken by the data processing department to reconstruct applications systems in the event of a disaster. Should a disaster occur, each affected department will need instructions on how and when to implement specific back-up procedures to bridge the gap between the time of the outage and the point of recovery.

As a separate issue, each department should independently and periodically evaluate its own disaster recovery capabilities to ensure that they are consistent with the organization as a whole. Individual department heads should instruct each employee in his or her role should an disaster occur, decide what criteria separates critical data from non-critical data and how each should be entered into the system. Each decision must be made according to guidelines for the main computer facility's disaster recovery plan.

No organization wants to be faced with the use phase, but every organization should be prepared by thoroughly completing the first seven phases. As an organization moves forward on a continuous basis with its disaster recovery plan, it is important that it view the entire process as a key and critical component of its MIS capabilities.

Many organizations mistakenly view disaster recovery as an isolated component and attempt to plan, develop, write and maintain their recovery plan in a vacuum. The maintenance of a disaster recovery plan requires an organization to closely monitor its MIS capabilities, keep an eye out for potential incidents that could damage or destroy its computer facility and cause a partial or complete loss of data, understand the effects such incidents can have on the successful implementation of their disaster recovery plan and integrate any necessary changes into the plan.

John A. Jackson is executive vice president of Comdisco Disaster Recovery Services, Inc. in Rosemont, IL.
COPYRIGHT 1989 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:includes related information
Author:Jackson, John A.; Martin, Thomas
Publication:Risk Management
Date:Nov 1, 1989
Previous Article:Does insurance really ensure computer security?
Next Article:The fine line between business and operational risks.

Related Articles
Taking the risk out of disaster recovery services.
Six steps to disaster recovery.
Protecting million dollar memories.
Establishing safe harbor: how to develop a successful disaster recovery program.
Give your LAN a hand.
Disaster recovery planning and accounting information systems.
Prepared or not ... that is the vital question: when unplanned events or full-blown disasters strike, RIM professionals must have a strategy to...
Peace of mind: disaster recovery plans can keep your business alive.
Is your business prepared for disaster? The computer equipment and information critical to your business is most vulnerable to disasters.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters