Today’s Agenda • Why bother with any Disaster Recovery/Business Continuity Planning? • Importance of the People Factor • Disaster Recovery Components and SME’s
Question? • Who has any Disaster Recovery plans? • What does it involve? • Data • Equipment • Location • People • What’s the most important?
Why bother with Disaster Recovery? • Reassurance (that if it happens you’re ready!) • Technology recovery alone is not sufficient • Insurance policies starting to insist upon a robust proven plan • Allows a more structured approach to spending and investment • Approx 80% of business’s with no tested DR plan went bust post 9/11
Disaster Recovery Components • DR plan should consist of instructions for: • Routine data backup. • Data security • Plan should contain checklists, reference documents and worksheets and recovery worksheets • Plan should be designed so there is no need to read every word – Simplicity! People have to implement it!!
Importance of the People Factor • Business Continuity Institute Study • Good progress on technology recovery but need to train staff • Many plans flawed due to emphasis on technology • Problem particularly acute among small and medium sized companies • 43% of SME’s do not have or test their Disaster Recovery plans (or train their staff on what to do in the event!!)
Importance of the People Factor • IT Disaster Recovery itself is not enough!! • Not just data backups • Who keeps them and where? • Need to have business processes and procedures written down so they can be duplicated • Not just standby hardware • What software does it need and where is it? • At least some testing to see how people and processes interact with IT systems in a DR situation • Not just a standby office/home office • Are the appropriate links in place and tested. People have to implement it!!
What should we all do? • Understand and record our business processes. • Know how they integrate with and rely on IT. • Understand the real risks of something going wrong? • What are the minimum actions and activities needed to keep the business going.
Why should you do it. • The fundamentals • IT vs. Business Processes • Information vs. Business Continuity • Survival vs. bankruptcy • The risks • Accepting risk may be appropriate where its elimination too costly • Knowing your business enables spending only where needed • Staff need to know what to do if it happens People have to implement it!!
What you need to know • Inventory and Minimum Acceptable Recovery Configuration – Designed to show your entire hardware inventory and what inventory will be required in the event of a disaster • Operating System/Application Matrix – Lists all Operating Systems and applications running on the hardware • Software List and Documentation Worksheet – Lists software, records or documentation required to recover from disaster and who holds them (location)
What you need to know (cont) • Server Recovery Worksheet – One per server and gives all necessary information required to recover a server that is deemed necessary in MARC worksheet • Internal and External Contacts/Location Report – Lists all internal/external staff or organisations that could be required to recover from an IT disaster • Personnel contact list (mobiles) • IT Support company • ISP (Internet Service Provider) • Telecoms Co. • Who is going to do what, where!! People have to implement it!!
So you are Safe • This check list is there for you now • BUT…….. • DO you have your data • DO you have alternative IT facilities? • HAVE a basic plan on what you will do in the various business/functional areas • HAVE a means of communicating with: • Your staff • Another location(s) • Which takes us back to where we started !!
Conclusion? • Perform at least a basic risk assessment of equipment and processes • Ensure staff understand their role and procedures in case of a disaster • At the very minimum produce planning worksheets for IT equipment and applications • Test Disaster Recovery Plan (at least once!)
Thank You Any Questions?