The In-Depth Matters Of A Disaster Recovery Plan
- Published on October 29, 2007
Data processing and computer disasters are unfortunately nothing new or exciting to those of us who have personally experienced a real disaster, lived through it, and helped one or several clients to recover from it and plan for future occurrences.
I have been experiencing them, aiding organizations in recovering from them and helping devise and compile realistic plans to handle disasters and contingencies for over 25 years. Although it sounds almost lackadaisical, I must testify with a high degree of certainty that four aspects are most important, even though they tend to be forgotten among the other matters typically given attention in disaster recovery plan.
These matters are the details pertaining to the availability of an alternate site, the details related to personnel at the alternate site, often referred to as the “forgotten asset,” dealing with the news media and the extreme necessity that a disaster recovery plan be a specific plan for a particular company and organization. Even in situations of extreme criticality, data processing people tend to emphasize the technical matters and ignore the business side. Because all of the overlooked matters are non-technical, the crucial details tend to be forgotten or given low priority ratings during the critical planning efforts.
THE ALTERNATE SITE
During a common disaster, in any type or size of geographical area, organizations tend to gravitate toward a central location, often referred to as “the natural flow of commerce.” This “focal” point causes a predictable and hectic flow of traffic along with a high state of panic, confusion, and oftentimes gross misjudgment. Traveling to an alternate site in the same area as other sufferers create obvious problems.
In selecting an alternate site, some simple considerations might be suggested to minimize such confusion. First, if possible, travel in the opposite direction of normal commerce and not in the obvious exit path of the masses. For example, during the Three Mile Island crisis in the middle of Pennsylvania in 1979, most people seeking alternate sites traveled toward Philadelphia because most commerce in Central Pennsylvania followed a natural line between Harrisburg and Philadelphia. Baltimore is much closer than Philadelphia and Washington, DC is approximately the same distance. Yet most people and commerce in Central Pennsylvania gravitated towards Philadelphia.
To counter this flow, I provided for some of my clients to travel to Washington DC and Pittsburgh. These cities are in the opposite direction and afforded easier and more relaxed travel environments along with less hectic processing environments when the alternate destinations were reached.
When considering the ease of travel in view of everyone else going to Philadelphia, the choices seemed and were very logical. On top of that, if the widely publicized nuclear reactor had really exploded as the television and radio broadcasters reported could happen, the downwind location of Philadelphia in relation to the upwind locations of the other two cities would have made the “city of brotherly love” a poor choice in relation to the other alternatives.
Next, ascertain that one will have access to the alternate site and determine what interferences might interrupt effective processing. Many offsite companies have too many firms sharing a “hot” site. Under such a condition, one might find that they cannot do much processing before they must cease and, in effect, go to the back of the waiting line. Unfortunately, they discover this too late.
I know of several common disaster recovery plans which will be less than effective because a common disaster will force a group of important organizations to go to the same site and wait in line to process. One involves an important aspect of the federal government. In all of these cases, talking with the top level of management is an exercise in futility since planners have convinced them that the available site is the best choice.
Prior to signing a contract, ask the company offering the alternate site services how many other clients might be sharing the facility and from what geographical areas they might originate. To overlook this situation might result in having to use an overcrowded facility and, in effect, being “shut out.”
PERSONNEL AT THE ALTERNATE SITE
When one must function at a distant site, there is a natural tendency to attempt to utilize temporary or contract personnel. By doing so, the company is being exposed to inefficiencies and errors from which they might experience great difficulty in recovering. Nothing functions as well as an organization’s own personnel, especially in the data processing environment. One’s own personnel are typically very familiar with the company procedures, policies, systems and systems idiosyncrasies. It would take an excessive amount of time to obtain optimum results from temporary personnel. Therefore, the very strong recommendation is to use one’s own personnel.
When a disaster strikes, it is only natural for everyone to consider the safety and needs of their own families rather than the needs of the company. Therefore, provisions for the well-being and comfort of the families of the personnel who must travel to an immediate family must be allowed to travel to the alternate location and live reasonably yet comfortably.
This may seem expensive. However, when evaluating the overall costs and negative effects of not allowing them to accompany the breadwinners, this is really not that expensive. It almost guarantees that the breadwinner will work sincerely and productively at the alternate data center. This applies whether he or she is a programmer, analyst or computer operator.
In this respect, the company must publicize, ahead of time, what the plans entail regarding families for those who must travel to the alternate site. Included within this is an expense account - up to a pre-determined yet reasonable amount - to pay for the living, eating, and reasonable entertainment accommodations at the alternate location. Only after these assurances have been publicized can the company expect active and enthusiastic participation by the staff at the alternate site.
A recommended course of action is for the financial department of a company to make arrangements ahead of time with the cashiers of several hotels or motels. It might surprise them, but inform them that in case of some crisis or disaster with one’s own data center, which might be located hundreds or thousands of miles away, a number of persons and their families would be traveling to their geographical area and staying at their facility for some estimated period of time. Coupled with this would be a request to provide for sending invoices on a periodic basis back to the financial headquarters of the company along with a guarantee to pay promptly.
A PARTICULAR PLAN FOR A PARTICULAR COMPANY
Unfortunately, there are too many disaster recovery companies offering alleged disaster recovery planning help to unsuspecting companies and organizations. They offer to help construct plans and many of them offer alternative site facilities as well.
While they are doing nothing illegal, they are offering services which will not result in effective and realistic actions if the disaster plan must be activated. What these organizations do are to go through a facade pretending to compile a disaster plan for a given company. What they really do is to take the same plan they have presented too many other companies, modify logos, change the names of corporate officers and personnel, and then present it to the unsuspecting client as a plan tailored specifically to them. For those who also offer alternate site services, they include their site within the disaster plan.
There is a need to assure that a disaster recovery plan, prepared primarily by an outside firm, is well known by the appropriate personnel in the company which is to allegedly benefit from the disaster recovery plan.
When plans are prepared by outside firms, it is commonplace for the outside firm to have most, if not all, of the knowledge and information about the plan. This makes it very difficult to put the plan into action when a disaster occurs, especially if very suddenly.
I came across a company in the Southern United States which had a disaster recovery plan completely designed and written by a large outside services firm. No one at the alleged beneficiary company could tell me much about the details of the disaster plan. In effect, if anything of a dire nature occurred, they would have to call the outside services firm, some 800 miles away, and have them travel to their location to put the plan into action. In addition to this, I found a myriad of other shortcomings which made the plan almost useless even though they had paid out huge sums of money for the plan. They were angry and embarrassed that I had detected this oversight as well as the other shortcomings during a normal EDP audit.
One should assure that if they utilize an outside company to help prepare a disaster recovery plan, it is a plan which will work within the operational environment of the company and not force them to modify their actions to suit the services firm. One should also assure that plans prepared entirely or partially by outside firms are well known by their own personnel. Having to call the outside firm to understand the plan or to put it into action is plain ludicrous!
THE PRESS - PUBLIC RELATIONS
When dealing with the press be prepared to have special identification cards issued to top corporate officers and others who might wish to visit an alternate processing site. This means persons who do not normally visit the computer center in normal times and who would not be familiar to the operators and other data processing personnel. The press has a reputation for not observing protocol and pushing themselves into areas where they should not be.
All personnel should be told, without question and perhaps with some threat of punishment within, to act calm, not to grant interviews or answer questions from anyone from the press or other strangers. It should also be known to all concerned and at all sites, that all members of the press and news media should be directed to an official public relations person. That person should answer questions very carefully or, preferably, very briefly. Freedom of the press does not mean that every American is obligated to speak to, give information to or to allow themselves to be bothered by the press.
Any organization compiling a realistic data processing disaster and contingency plan should provide for some matters which, seeming rather mundane and trivial, are oftentimes overlooked while emphasizing more technical matters.
It is very important to assure that reasonable access to an alternate processing site will allow for realistic processing of the company’s information needs. It is extremely important to provide for immediate family members to accompany those who must travel to an alternate processing site.
It is absolutely necessary to compile a disaster and contingency plan which fits one’s own organization and is not merely a modified version of a plan offered to someone else.
Finally, it is imperative that one have a definite plan and procedure for dealing with the press and news media. This includes telling all personnel not to discuss matters with the press and the appointment of official public relations officers who should be the only ones to deal with the news media.
Of course, the most important matter of a disaster recovery plan is to have one created, tested and polished before a disaster occurs. It is important to verify that each member of the organization who will be affected knows the parts of the plan in which he must be involved.
Once a disaster occurs, it is too late to do anything effectively and rationally.
Richard Katzman, owner of Richard A. Katzman Associates Inc., has worked in the data processing disaster recovery and contingency planning field since 1963. He has served as consultant on such disasters as the Three Mile Island crisis.
This article adapted from Vol. 4 No. 3, p. 17.