DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 31, Issue 1

Full Contents Now Available!

In response to a Global Strategy Group survey, 85 percent of New Yorkers answered that they felt it was likely that a widespread power outage would occur in the next decade. However, how many of them do you think consider themselves very prepared in the event of an emergency such as a natural disaster, fire, power outage, or act of terrorism? Surprisingly, only 14 percent are confident in their plan of action.

A power outage or small fire is no disaster. However, they can be devastating to a small business. Closing down for three or four days could strike a hard blow and cause a business to go under. With recent events, more and more companies are looking into disaster recovery programs for their important data and documents.  However, until now, many document management companies have been far too expensive for many business’ budgets.

Today, with a greater number of companies looking into and utilizing disaster recovery programs, the market has grown tremendously. There are now more companies with capabilities to handle both smaller and larger businesses.

What are the basic steps a disaster recovery team takes?

Before a disaster occurs, the recovery company will try to think of what would be the most catastrophic event their client could survive.

It is important to get an understanding of the systems your company already has in place. The document protection company will help you do this by taking an inventory of hardware, software, business systems, and all the system’s interactions. By doing so, you can keep track of and properly protect each piece of data. Then, they will decide which of the many technologies are the most critical to the company’s operations. You can then be guaranteed that the most essential pieces of information necessary to your company’s survival is top priority.

Next, the documentation of such inventory and prioritizing is critical and taken very seriously. The company will make a simple chart of the systems used: how they are installed, where the installation CDs are located, how they are backed up, and how to get support.

The realities of protecting a business

Directly after the events of Sept. 11, 2001, affected companies’ technology managers were declaring an emergency to alert their providers. Those companies and organizations that did have disaster recovery plans were promptly and efficiently operational within hours or in some cases, seconds. Those that did not have any plan in place at all unfortunately lost their data. After the events, businesses became much more aware of the possibility for a disastrous event to occur.

 Also, remember the steam pipe explosion? That pipe was installed in 1924. New York is an old and unpredictable city. Due to fear of asbestos, some people were kept out of their office buildings for days to adhere to safety precautions. If the explosion had been located closer to an office building, it could have been even worse.

All of these factors plus an increasing number of hurricanes and threats to homeland security have caused many businesses to rethink their plan of action.
A law firm that had just moved into Manhattan and had a very small office experienced such a disaster: To conserve space, they put their server in the closet (along with their water cooler) and when someone went to change the water it spilled on the server. They lost all of their data. After this, they began putting their important documents and data on tape and felt more comfortable knowing it was out of the building and in safe hands with a document manage facility.

Another story involves an architectural firm that kept their server in an office next to the break room. An employee made a common mistake and cooked something for just a little too long in the microwave and started a fire. Now, because the server was so close to the microwave, it was damaged before the fire even spread much. This small, everyday mistake turned into a big disaster fast.

Small problems like the over-heating of a server can completely destroy the entire collection of a company’s records. Employee sabotage is another example of something uncontrollable. You really never know. You may ask, “How do I know my business will recover?” By having a plan in effect, small businesses are protecting their investments every day.
Backing Up Your Important Information
Just backing up the company’s data at the end of the day to tape isn’t enough. If the tapes even make it out of the building they can be damaged in transport. For example, on a subway the tape can become demagnetized by the tracks. Or, extreme hot and cold can severely damage the integrity of the tape causing all data to be lost.

Having the tape transported professionally is becoming the common solution to these problems. A document management company will send someone to retrieve, scan, transport, and safely store the tapes once to five times a week. Having tapes stored in other states is also very common in case of a more widespread disaster such as a hurricane or earthquake.

Another option is something called electronic archiving. The program electronically extracts, encrypts, and stores data. It gets the data out of the building and in a safe location quickly and easily. The information is then viewable on a password protected Web site allowing for ordering and delivery of certain documents.

In either case, businesses feel more comfortable knowing their critical information is out of the building and taken care of. It’s like an insurance policy for your business.

SAS70Type II Certification
Many companies are looking for programs that are “SAS70 type II certified.” It is greatly preferred because it regulates the conditions and services provided by a company, one of the most stringent auditing standards for service companies. SAS70 Type II certification verifies that the company delivers fully secure, reliable, effective operating environments with the proper controls for conducting high available Internet operations. Third-party auditors conduct audits which require meticulous reviews and tests of the operational procedures and controls.

SAS70 was developed by the American Institute of Certified Public Accountants (AICPA) for service providers that wish to display a high level of control and  effectiveness to independent auditors and to be recognized as certified and, reliable. It has become one of the most widely recognized auditing standards for service companies.

Knowing a program is reliable and professionally audited gives companies the confidence in knowing that their disaster recovery will happen efficiently and successfully.

Where do we go from here?

Maki Isayama, the manager of information technology at Copper Development Association Inc, said in reference to previous information protection that his company “… ran backups on a regular schedule, but because the tapes were not taken off-site as frequently as we would like, we felt that there were vulnerabilities to our system.”

However, once beginning a disaster recovery program he felt “the frequency and regularity of the process make the policy more robust. The fact that the storage facilities are secure and protected also adds a level of confidence that we lacked previously,” said Isayama.
A disaster is the last thing most of us expect. In a matter of minutes, any kind of danger can catch us unprepared and unable to deal with the devastation that follows. In the event of an emergency, company data may not be the first thing on your mind. However, the financial, physical, and psychological damage of an unplanned business interruption can be both crippling and catastrophic if it isn’t dealt with in a timely and efficient manner.

The awareness of occurrences such as bomb threats, fire, flood, lightning, network failure, power outages, terrorism, hurricanes, tornados, falling glass, gas leaks, crane collapses, and water main breaks have gotten companies to look at their own protection programs. Some questions businesses are asking themselves in the event of an emergency include: How quickly can I rebuild my network?  How will I recover client information?  Where will I operate?  Who are the key players involved in the recovery? Sometimes the answers to these questions can feel pretty open ended and overwhelming. However, research and assistance can help find the answers.

Data protection companies offer consultation and services to hold or electronically store commercial data. Software programs or storage facilities can save an entire business by helping create and execute disaster recovery plans. A small business can’t afford the losses experienced in just a few days out of commission.  Small accidents happen every day and there’s no way of knowing how hard they can hit. Pipes leak, fires start, fuses are blown.

Unfortunately, businesses today are faced with many more possible disasters than ever before. With everything being electronic these days, it can make effects even more catastrophic. However, modern technology is working with these changes to find new ways of protecting both electronic and paper documents. More and more small companies are taking advantage of these advances, keeping them in business for decades to come.

Mario Amato is the vice president of data protection service for GRM Information Management Services.  He has been in the data protection services industry for 18 years and has held management and vice president positions with Dataport Securities, Arcus Data Security, Iron Mountain, and GRM Information Management Services.