Monday, April 21, 2003		Guest Speak

A stitch in time...
Ashit Panjwani

NO one can forget Sept 11, 2001. This day unquestionably drove home the fact that disasters and calamities can strike a business most unexpectedly. Only companies that had proper business continuity plans and disaster recovery management (BCP/DRM) procedures in place were able to continue business at alternate sites with minimum loss of data and minimum downtime.

The events of 9/11 added a new perspective to the term worst-case-scenario, and were a wake-up call to organisations all over the world to focus on and take a fresh look at the capability of their contingency plans not only to withstand major pressures that go well beyond just the safety and recovery of business data, but in effect even provide for the continuity of all crucial business processes.

Gartner Research, in their perspective on business continuity and disaster recovery planning and management, have stated "business survival necessitates planning for every type of business disruption including — but not limited to — categories of natural disasters, hardware and communication failures, internal or external sabotage or acts of terrorism; and the failures of supply chain and sales affiliate organisations."

An unfortunate fact is that organisations in various parts of the world will continue to experience downtime and data loss due to technical problems, natural calamities and even man-made disasters. Whether the outcome of these events is a minor inconvenience or complete dissolution is totally influenced by the organisation’s state of preparedness. And it’s not just direct calamities, but even the fallout of seemingly unrelated or far-off events that can have a profound effect on business processes. All would agree that even when a company is able to recover from disruptions or loss of data, it’s the tremendous loss of time, energy, and opportunity, which is irrecoverable. Studies by Gartner Research indicate "40 per cent of enterprises that experience a disaster will go out of business within five years. In some cases, the disruption to business operations causes customers to lose confidence in the organisation’s viability. In other cases, the cost of recovery is simply too great."

While organisations do claim to have some sort of a contingency plan, in actual practice this is currently more often than not limited to varying degrees of data backup schedules rather than a comprehensive plan that encompasses various business processes.

Implementing a business continuity/disaster recovery plan need not necessarily have a high cost attached to it. A good solution will, in fact, leverage the existing infrastructure and more than pay for itself in a short period of time by offering the organisation numerous benefits and a quick return on investment.

An effective business continuity and disaster management solution must address certain crucial issues like data access and recovery, emergency response, restoring communications, security mechanisms and workspace recovery

In its most basic form, a data recovery plan should cater to backing up data and critical applications so that it can be manually restored if needed. A more comprehensive plan requires organisations first need to assess the value and criticality of the data generated as well as applications needed by the various business processes.

In the event of a crisis, it is critical that key management and administration personnel are able to establish and continue communicating with each other.

Once the administrators and key personnel are able to stabilise the situation the next requirement is to be able to restore communications for actual users. Users must be able to avail of access to all their communication and collaboration facilities like integrated e-mail, calendaring, scheduling, workflow and document management.

If disaster occurs, employees should quickly regain communication with each other, with customers and with business partners. This must be available across the network and via the Internet for employees and partners, from both wired and wireless devices.

A key component of a disaster management plan is the prevention of disasters in the first place. This involves providing for adequate levels of security to ensure that the most important asset of the company i.e. its data is well protected.

Adequate safeguards are required to be in place to prevent any unauthorised access. An effective plan is one that includes proper access methods, security barriers, authentication schemes, connection safety and physical facility security.

The ability to access IT resources from or at an alternate location is an important feature of any recovery plan. In the event of any localised network failure, users must be able to access their data and applications from other convenient locations. Putting in place a comprehensive and complete business continuity and disaster recovery solution provides tangible and intangible benefits for organisations and businesses of all sizes. And if by fortunate circumstance nothing happens, there is still the benefit of piece of mind.