Disaster Recovery – What a Business Continuity Manager should know about their organisation’s IT systems
I am just about to go down and see a clients IT department and was preparing a list of questions to ask them. I thought I would share it with the readers of this blog.
These are the questions I think all Business Continuity Managers (BCM) should know about their own IT systems. I believe you don’t need to know the finer details and how the technology works but you need a good understanding of the following points.
Data centres and IT hardware
- Where your main data centre or data centres are physically located.
- Is there anywhere else data is stored such as local servers (team and individual drives and e-mail servers) collocated with its users or servers which serve all the people in one building.
- If you have a data centre and a back data centre do they have the same capacity or what is the ratio of live to back-up
- If two (or more) data centres are mirrored or employ visualisation over the two sites how good is the network between the two and how much data could be lost if one data centre was lost
- Are there any known risks to the data centres or are they located in a risky area
- What has been done to protect them against power failure
- Are they manned 24 hours or do they have alarms on them to warn staff of a bust pipes or the centre overheating
- If VOIP telephony is used, where are the servers located and what capacity could be lost under different disaster scenarios
- If cloud computing is used, where is the location of the cloud data centre(s), which companies are involved in the running of the data centres and what are the backup plans and data loss if a data centre is lost
- Are there third party contracts for disaster recovery and what do they cover. Is there regular testing of the provision
Network
- Ask for a network diagram and look at single points of failure
- Is the network in a loop enabling data to feed both ways or is the network a single strand
- Look for locations which house nodes on the network which if lost would cause the network to be lost at other connected locations as well
Backup and restoring
- As part of the understanding the organisation process the critical systems for the organisations should be established
- For each of the systems the backup regime should be known by the BCM
- The present Recovery Point Objective (RPO) should be known for each system. This is the amount of data which could be lost under a catastrophic failure and having to restore the system from the backup. This can vary from days and weeks if you don’t back up regularly, 24 hours if your backup is nightly tape back up, to no data loss if mirroring and other technologies is used.
- The time taken to restore systems under catastrophic failure / worst case scenario should be known and the order given of system recovery. This is looking at the loss of a data centre rather than the loss of individual systems.
- Recovery of individual systems should be known if they are critical to the organisation or they underpin activities with short RTOs (Recovery Time Objectives).
IT department’s plans
- Does the IT department have disaster recovery plans in place and what do they cover
- Are their plans purely technical or do they cover incident management and decision making
- How often are the plans tested and to what level do they test them
If you can think of any other questions I am happy to add them to the list.
Business Continuity Top 10 Tunes
In December Charlie put out the following challenge on the BCMIX Group on LinkedIn: “I am looking for tunes so I can compile the business continuity top 10 to play at the Christmas party. Does anyone have any appropriate tunes? My starter for 1 is Gloria Gaynor – I Will Survive….”
I got back 225 suggestions!
Here is the official (according to me!) business continuity top 10 taken from the suggestions.
1. The Flood – Take That
2. Tragedy – Bee Gees
3. Going Gets Tough – Billy Ocean
4. Land Of Confusion – Genesis
5. The Show Must Go On – Queen
6. I Get Knocked Down – Chumbawamba
7. Under Pressure – Bowie/Queen
8. Communication – Spandau Ballet
9. Taking care of business – BTO
10. I Will Survive – Gloria Gaynor
If you would like the full list of suggestions send me an e-mail at cmb@planbconsulting.co.uk and I will send it to you.
Some initial business continuity thoughts on the Japanse Earthquake
- Whatever resilience you have within the organisation mother nature by sheer power can overwhelm them.
- Think about your supply chain – do any of you essential good come from Japan. They may come from the affected area or as there will be a shortage of power your supplier my be impacted by the lack of electricity.
- Business deals. I heard on the radio that a business man had decided to take the next flight home from Japan. Not so much fearing for his safety but thinking that at the moment nobody will want to talk about serious business.
- Accounting for staff. Do you have mechanisms in place to ensure you know were your staff are when travelling and then can quickly account for them if a disaster occurs in the area they are visiting.
- What is the business continuity plan for nuclear fallout and contamination over a wide area. Even if your staff are available to work will their heart be in it, if they are worrying about whether they have been effected by radiation or lost their house?
Our thoughts are with the people of Japan……
