Business Continuity (BC) and Disaster Recovery (DR) have become imperative to ensure organisations can handle the many different elements that may affect their data and thus their ability to operate. However, while the terms are often used interchangeably they are not in fact the same thing. A DR plan is the domain of the IT department and forms part of the overall BC strategy, which needs to be championed by the business as a whole. There are many different elements that make up a DR and BC plan, which organisations need to ensure they have in place for adequate protection.
The first step is to understand and quantify requirements by prioritising business critical systems and identifying the relevant data locations, according to risk, dependencies and core value to business. Once this has been assessed, only then can the organisation understand whether the systems and data need to form part of the BC or DR plan. It is also important to consider the impact of a mobile workforce on the type and location of data that needs to be included in any plan or strategy.
Another element that needs to be considered, especially with South Africa’s power situation in a state of flux, is an alternate power source for mission critical systems. While these can be costly to obtain and maintain, should the power situation worsen they will be invaluable. In order to optimise the investment, the power supply needs to be driven by the extent of the business requirement and dependence on systems and data accessibility.
DR plans can turn out to be less than effective if they are not implemented correctly, or for that matter if they are not tested on a regular basis. Data management specialists will be able to help an organisation to evaluate its data so that only relevant data is backed up and protected, saving the business in storage and recovery costs. However, testing is the most important step in ensuring that there are no holes or problems in the BC and DR plan. Businesses need to ensure data recoverability and this process must be tested frequently – only doing successful backups means nothing if the data cannot be recovered and restored. Most organisations asses their backup plan annually, but this is not often enough, especially with businesses that are rapidly evolving and the exponential growth of business data and data reliance.
While technology is an important component of DR, it is also vital to take the bigger picture into account. Both DR and BC also involve the management of people and processes that will affect the technology. This means that business and IT need to work together to ensure that BC and DR are effective and up to date to meet the needs of the organisation.
Establishing proper reporting procedures is critical. In the event of a disaster, the last thing an organisation should be doing is trying to remember what needs to happen next in the BC or DR strategy or for that matter, who is accountable for executing which aspect of the strategy and for which business unit. Business and IT custodians also need to ensure access to the relevant resources is maintained. This must include regular reporting on any changes to requirements, which may be impacted during a disaster.
It is also key that businesses engage with the right service provider to ensure a proper analysis of their backup requirements and testing. Although conducting tests internally may seem more efficient, they are not always accurate and can be skewed. Organisations need to have peace of mind that their data is accessible, protected and available at all time, so that they can focus on maintaining business functionality when any sort of disaster impacts their operations.