Companies Uprepared For Computer Disasters
- Published on October 26, 2007
An overwhelming percentage of companies with small to large sized computer systems, up to and including the IBM 308X, are not adequately prepared should a disaster strike their computer facility.
Almost 90 percent of the companies responding to the independent survey said they had no comprehensive disaster recovery program if such an event were to occur.
There were several additional aspects highlighted by results of the survey. The increase in the use of, and dependency on, computers by rapidly expanding companies is followed only gradually by a realization of what trouble a facilities shutdown would cause. An additional profile shows a sense of false security. These companies believe that adequate precautions have been taken against natural disaster, crime, maliciousness, accidents, equipment failure, etc., by merely duplicating computer data programs.
In any disaster program, it is important to continue functioning with a minimum of disruption. Professional guidance that can provide resources and supervision of site construction or reconstruction is also needed when time is important.
There is also the question of legal liability in a data processing disaster. While directors of corporations are personally at risk for actions taken by a corporation, there have been enough legal precedents established to place senior managers also at risk.
Disgruntled shareholders have been known to sue officers, directors and other company agents for alleged wrongdoing. In recent years, this has developed into a standard called the “Prudent Person Rule.”
There are two ways in which one can reduce personal liability. The first is adequate Directors and Officers Insurance and the second is an adequate disaster recovery plan. El Camino Resources Ltd., located in a suburb of Los Angeles, buys, sells and leases new and remarketed IBM computer equipment. Its Disaster Recovery Program is targeted to companies that either do not need a hot or cold site, or cannot afford one. The program is a viable alternative to the expense of maintaining hot/cold sites, and in contrast to many other programs which require investments of funds and long term commitments, their program is renewable quarterly.
Michael Nemiroff, director of the company’s Disaster Recovery Program, points out a number or precautions which should be observed before subscribing to any plan. These include:
1. A plan designed for the individual company.
2. A commitment from the provider company that it can guarantee immediate response should a disaster strike.
3.The program is supervised by a plan principal.
4. Assurance that a disaster in another area will not effect equipment availability.
5. Delivery of replacement hardware within five working days.
6. Review and evaluation of present disaster recovery plan, and identification of risk/impact analysis, critical applications and resource identification.
Nemiroff stressed that there are several other reasons to use a professionally supervised Disaster Recovery Program. If the plan is specifically designed for the individual company, it will allow such systems as billing and receivables, client/customer records; inventory control; accounts payable and disbursements, order entry and distribution, payroll, decision support, fixed assets, and general ledger to continue functioning with minimum disruption.
In addition, subscribing to a service is a very practical matter of insurance. A comprehensive disaster recovery program may result in a credit or discount on current premiums. It should definitely be checked with the company’s insurance carrier.
This article adapted from Vol. 1 No. 3, p. 34.