The terrorist attacks in the US have underlined the importance of disaster recovery plans. On a lesser scale, thefts of computer equipment by organised criminals have also focused attention on this issue, which had been neglected for some time. The failure or loss of mission-critical systems can cost companies dearly.
Analyst firm Forrester recommends that IT managers should dust off their plans by going through a disaster recovery drill, and checking whether equipment at alternative locations is working. They should also revisit off-site storage to ensure that backup media can be read, and that data can be easily integrated and recovered. Finally real-time failure should be tested by removing part of the operation to gauge its effect. Ideally firms should have two sets of data, and ensure that traffic can easily be rerouted.
David Hughes, head of technology risk at management consultancy Andersen, said it is crucial that business continuity plans are thrashed out by IT departments in tandem with boards to ensure that important issues are not overlooked.
As IT becomes key to businesses, an up-to-date and comprehensive assessment of the risk to IT systems becomes vital. 'It is crucial that every manager thinks about the extent to which they are dependent on any systems and the impact it would have if they went down for any length of time,' said Hughes. 'Once the degree of dependence has been assessed, you then need to work out the likelihood of that system failing.'
IT managers have a range of disaster recovery options, including renting office space, hardware and software. Guardian IT Services Group has launched a mobile backup service for companies running PC LANs. Following an IT system crash, Guardian will guarantee to deliver a temporary PC LAN to the customer within six hours. Its Rapid Relocatable PC LAN service includes a LAN with 100 PCs, five servers, printers, switches, hubs and cabling. This equipment is held on standby at Guardian's head office in Leicester.
When developing their plans, IT managers should note the importance of interoperability, said Hughes. 'I know of one company that invested a lot of money in enlisting the services of three or four disaster recovery specialists. On paper it was a great recovery plan, but in tests, it turned out that they were quite simply unable to coordinate the three separate strands.'
