A recommended Disaster Recovery Program can be divided into two stages.
Stage 1 consists of five steps:
Step One should consist of the signing of a base contract with a vendor that you feel will be able to satisfy your requirements over a long period of time. This agreement will cover monthly charges, your allotted monthly processing hours, and the equipment configuration of your assigned dedicated resources to be used to complete Step One. Remember that a commitment to disaster recovery is not for the short fall, but for the long-term protection of your company. Therefore, since your investment both in time and money will be considerable, you must make sure that this investment is made wisely.
Any disaster recovery vendor should offer contract terms that will fit your particular needs. A five-year term may not be in your best interests, therefore your vendor should be able to provide terms that will best serve you. As an example, you may require that the initial term be for a period of six months with some automatic extension at the end of this period. This will give you the leverage to get out of an unsatisfactory arrangement while at the same time protecting the vendor’s investment if the service is as advertised.
Perhaps the most important aspect of your contract is if the vendor guarantees that you will have access to the facility in case of a disaster. If there is any remote possibility that you would not have access to the disaster recovery facility, then that vendor should be discarded as a possibility. Also, delete any vendor that restricts your usage of the facility to a certain time frame. It only serves to hinder any recovery if you are forced to pack and move to another site prior to having your home site back in operation.
When negotiating your hardware configuration, make sure that you have a certain amount of dedicated resources that are customized to your particular requirements and not generic to data processing. With dedicated resources you will be able to have the required software in place on an ongoing basis which will save time, effort and money both in testing your plan and in the implementation of that plan should a disaster occur.
Ideally, the agreement should contain provisions for an amount of facility usage that are included with the base cost of the service. As an example, you should have a certain amount of allocated hours to initially complete the installation of your software onto your dedicated resources. In addition, you should be granted a certain amount of hours whether monthly, quarterly or yearly to test and maintain your system and plan.
Finally, get all charges defined so that you do not have any surprises whether testing your system or worse, during an actual disaster. Find out all optional services that the vendor can supply and what the cost will be for these services.
Step two is to backup your critical data, both business and systems. If there is no data to recover, then recovery is impossible. The backup data then will be stored at the disaster recovery site. Several paper records also should be stored off-site, including your production schedules, operating procedures, hardware and software inventories, phone lists, organization charts, vendor call lists and system manuals (all information necessary to run your system in an unfamiliar site). You would maintain a complete inventory of all backup materials with these inventories being distributed to personnel involved in your Disaster Recovery Plan.
In Step Three, you would plan and implement the installation of your operating system onto dedicated resources at the disaster recovery facility.
Your critical recovery personnel should interface with the disaster recovery team from your vendor to plan the hardware addressing scheme and set time tables for the completion of this step. Then a definite schedule to complete this step should be set and kept. Once this step is completed, you can proceed to Step Four, which will involve thoroughly testing the system to your satisfaction of the work done in Step Three.
In Step Five, your recovery team and that of your disaster recovery vendor will conduct a formal analysis of your stored data and paper materials, change inventories as required and then set final retention periods and off-site rotation schedules.
Stage 2 consists of the following six steps:
During your Business Process Analysis, you determined the priorities and criticality of the data to be recovered, and installed this software onto the dedicated resources at the disaster recovery facility. Now is the time to review the applications and determine a schedule to keep these programs as current as possible. Again, priority is your main concern. Therefore, A Group would have a tighter schedule that the B, C or D Groups. Since you do not want your personnel running back and forth between your site and the disaster facility, you may look at a remote type access to that facility, such as ProComm Plus, to allow some remote testing and updating of your system at the disaster facility. Also, make plans to update and test the system at the disaster recovery site every quarter to ensure that it will be as current as possible in case a disaster does strike.
At this point in your recovery planning and implementation, it is time, again, to address the contract covering the service that your vendor is providing. You would think that once you have entered into an agreement that you would not have to worry about it again until the initial term is completed. However, just like other circumstances of your recovery plan change, so does that of the contract between you and the vendor supplying the service. You may require more disk space, tape drive upgrades, additional terminals, printers or specialized communications which can add to the cost and configuration of your system at the disaster recovery facility. In addition, at this point you should now feel comfortable with your vendor and be prepared to offer to sign for a longer contract term which may help you in pricing the service they provide along with the additional services that you may now require.
Now it is time, again, to evaluate your plan by conducting yet another analysis of the plan. Be sure to include a team from the disaster recovery vendor after you have concluded your internal analysis.
Start by reviewing your hardware configuration at the recovery facility to ensure that there are not any deficiencies here. At this point the most common inadequacies occur with the communications configuration, so special attention should be directed to this area. One other note regarding your communications: Test! Test! Test! As important as testing is to the rest of your plan, that goes double for the communications.
Now conduct another Business Process Analysis as before to determine if any adjustments need to be made in your critical processes. Also, make any adjustments to your data and the inventories that control them to reflect your findings. Also, during this procedure you should review and update all of the paper records that you established earlier and make sure that these records are kept current at all locations. As an example, you do not want to be in a disaster mode and find out that one of your suppliers has gone out of business, a critical telephone number has changed or that your organizational chart is out of date due to personnel changes. Having these records up to date will make a crucial difference should you ever find the need to implement your disaster plan in a real emergency.
In the next step of your plan, there should be a full scale meeting between all concerned personnel from your organization and that of your disaster recovery vendor to focus on the future direction of your plan and its implementation. This should be conducted as a mini conference at a neutral site where complete focus can be given to the subject. Plan on setting aside one afternoon to conduct this meeting with you and the vendor sharing the cost of the conference.
Finally plan for a simulated disaster recovery test once per year. These tests should be conducted as if a disaster actually hits your operation. One company even put yellow tape over the affected areas of their operation simulating that an airplane had crashed into the building. The President of this company wanted to see how his investment in disaster recovery would pay dividends in case they really needed to use the plan. There is a good ending to this note; he was so pleased with the results of the test that the next day he awarded bonuses to the personnel responsible for his disaster recovery plan.
By this time, you should be well prepared should a disaster hit your data processing operation. By completing these stages of disaster recovery, maintaining your plan and having a disaster recovery vendor that responds to your individual requirements, you will be able to guarantee that your business will be able to continue should a disaster strike your facility.
Mike Underwood is President of UHW Corporation, a computer maintenance and disaster recovery company, located in Carrollton, Texas. They can be reached at 972-242-7747. Their web-site address is www.uhw.com.