Every organisation needs to recover its data after disruption or disaster and it’s an area that many business believe they have under control.

However all too often in-company systems and processes are inadequate. Research undertaken into businesses that lost data or infrastructure in 2001, before organisations relied as much on data management as they do now, showed that 43% never reopen; 51% close within two years, and only 6% survive beyond that.

Disaster Recovery is the restoration of ICT (Information and Communications Technology) to a usable state, generally after some significant disruption which affects data use or storage. Accordingly, it is part of an organisation’s Business Continuity planning process. Disaster Recovery is not a substitute for Business Continuity however, the two must always be aligned.

Here are some typical considerations for companies when drawing up a Disaster Recovery plan:

Control measures

These steps reduce or eliminate various threats for organizations, and include:

1.      Preventive measures, aimed at preventing an event from occurring

2.      Detective measures, used to detect or discover unwanted events

3.      Corrective measures, used to correct or restore the system after disaster

Examples of these might include:

• Mirrors of systems and/or data and use of protection technology such as RAID
• Surge protectors — to minimize the effect of power surges on delicate electronic equipment
• Uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure
• Fire preventions — alarms, fire extinguishers
• Anti-virus software and other security measures

These controls should be always documented and tested regularly.

Strategies

Before selecting a Disaster Recovery strategy, organisations should review their business continuity plan, which determines the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for various business processes such as sales, manufacturing, or even payroll processes. These timescales define from and by when specific business processes need recovering, and hence when ICT processes need restoration, to ensure the infrastructure and data can be recovered to meet those deadlines.

There is a real correlation between the RTO, RPO and cost, and typically the nearer both of these are to zero loss, the higher the costs. Oftentimes, the organisation will have to consider how to balance the competing needs of protection and budget.

Common strategies for data protection include:

• Backups made to tape and kept off-site
• Backups made to disk on-site and copied to off-site disk
• Replication of data to an off-site location
• High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data

Our capabilities

ibd provides access to specialist and professionally qualified advisors with specific Business Continuity expertise, and live experience of invoking plans following disaster or disruption.