A number of respondents to last week's IT Manager channel poll thought that IT departments should be involved, or driving, an organisation's disaster recovery planning (DRP).
One IT manager wrote about how everything had been hayware when they had first joined their current employer. "Nothing was done as a precaution [in case] we had data loss or something happened to the server," the respondent explained.
This particular IT manager said that eventually a plan was laid down as to how the IT department should act if there was a problem. "In order to maintain the high level of [data] availability, procedures were laid down so that data was treated as an important factor [in] the organisation," the manager said. "As of today we can say that if there is any major problem the data and the entire network can be brought up with[in] an hour's time".
Graham Robinson--who has worked as a senior system engineer involved in Disaster Recovery Planning (DRP)--also thought that IT departments should be intricately involved, even though IT was a subsection of the complete DRP.
Likewise, Colm Tarpeyâ€"a respondent who has spent time working as a senior project manager and dealing with DRPsâ€"agreed that tech departments need to be involved. "DRP is a business issue and should be driven by the business, but requires major input from the IT manager," Tarpey said. "My point about DRP, and indeed general security, is that the business must define the strategy and manage/own the implementation as it is always a balance of cost against risk for the business. IT, however, should be able to provide technical and management services to help make it happen".
Regulatory requirements may also make it a requirement for some organisations to set up disaster recovery plans. Caroline Le Couteur, IT manager at funds manager Australian Ethical Investment, said the organisation already had a disaster recovery plan in place. Le Couteur added that it was also a regulatory requirement for some enterprises. "As part of our process to get our new licence from the governmentâ€"an Australian Financial Services licenceâ€"we have to prepare and submit to ASIC [the Australian Securities and Investments Commission] a business continuity plan," Le Couteur.
Another respondent commented about how the IT department was able to help the business in planning infrastructure, applications set-up and support as part of a DRP. However, this IT professional believed that because it also involved business processes and practices it should not be an IT-driven project.
Yet, despite a growing interest in DRP Stephen Savage, program director in enterprise planning and architecture strategies at industry analyst META Group, believes some organisations still have inadequate plans in place. "Only 20 percent of global 2000 organisations have plans that are sufficiently developed to stave off the long-lasting effects of a major enterprise disaster," Savage said. "Often organisations are approaching [DRP] from the wrong perspective".
Savage argued that the characteristics of successful organisations focussed planning efforts from an information architecture requirements perspectiveâ€"looking at the requirements at each stage of the information lifecycle.
"Organisations that are following the lure of high availability redundant hardware need to balance that against what is the information that must be available at all times and places," Savage said.
He sees it as both a business and IT issue, as information needing to be protected can be hard-copy as well as electronic.
3%
2%
