The concept of disaster recovery, clearly a topic coming to the forefront of critical issues for enlightened management, is nonetheless a fairly recent phenomenon. As a result, its place in assuring a company’s continued health is often misunderstood. A good example of this misunderstanding is the frequent comparison of hot-sites to insurance policies. While a hot-site subscription is a form of risk management, for many reasons it is not merely an insurance policy. Among the reasons are:
- Insurance policies are largely passive in nature; hot-site subscriptions are proactive.
- Insurance policies are fundamentally actuarially-based and function by paying covered losses; hot-site subscriptions have, by definition, a business continuation orientation.
- Insurance policies may be able to compensate for management’s personal liability exposure/losses, while hot-site participation has, to date, allowed management to avoid the personal liability issue.
Disaster recovery covers such a broad category of philosophies, approaches, costs and implementation techniques that a description of the most frequently implemented options may help us expand on these three significant differentiations. Among a company’s options are:
Maintain status quo
This option, accepted by a surprising number of companies, assumes that the online systems and the general integration of the systems into the organization has been sufficiently superficial that the company could survive without their data processing department. To realize how implausible this assumption is, we need only reflect upon how critical databases are to virtually all companies. Consider, for example, what occurs when you call an airline reservation agent at the time that their computers are down. It would seem that it would be easy enough for the agent to refer to a printed document such as an Official Airline Guide, yet not once has this happened to me or to anyone I know--invariably the agent politely asked me to, “Call back when our computers are up.”
A similar, rather limited, view is that nothing has interrupted data processing so far. Why accept an additional expense on the assumption that something will in the future? Not only does this position ignore the headlines we read each day describing fires, floods, earthquakes, hurricanes, as well as disgruntled employees, dissatisfied customers, etc., it also ignores how complex our society has become in a very short period. Examples include:
- PCB leaks, which were unknown to us only a few years ago, have now become a major concern.
- High-rise buildings and urban congestion have placed significantly more stress on an infrastructure that continues to decay in almost every city.
- The potential for computer sabotage, as in the recent, highly publicized spread of viruses, grows daily.
In short, we live in a far more complex world than we did just a short while ago and the risk to each business becomes greater each day. The potential for catastrophic loss due to this “just-in-time” world is exponentially higher each year.
Execute a Reciprocal Agreement
Many believe that a reciprocal agreement is both cost effective and meets the tests of prudent management. Executed properly this approach is, without question, the most costly of all alternatives and presumes a level of system availability rare in any organization. It is extremely difficult to test and, of course, an untested plan is only a theory likely to fail when it must perform. Assuming a testing schedule can be agreed upon (which, itself, is an expensive and inordinately time-consuming exercise), the coordinated effort required to assure that both organizations discuss, review, accept and implement each and every modification/upgrade required by the other participant normally calls for a dedicated staff and extensive support staff. This level of commitment and expense is rarely anticipated and typically doesn’t happen--which means that a minor interruption of normal computer processing can escalate into a catastrophic occurrence.
Contract for a Cold-Site
Some assume a cold-site can be either some unused corporate property prepared to accept a computer and to become quickly operational, or a contracted site with a company offering computer-ready floor space. A cold site would meet their needs. A fairly cursory risk analysis frequently disproves this theory. During an unexpected event, the period of time it would take for all the necessary vendors to provide the required computers, peripherals, telecommunications, cabling and testing required to run the business might take longer than the business could afford to wait. The formula should also include the impact of each vendor being asked to respond to more than one customer, since the risk that any event would be restricted to only a single company diminishes daily. Normally, the period of time required to recovery is between six and eight weeks or longer. If a company could live without data processing for at least two months, a cold-site might meet their needs.
Subscribe to a Hot-site
A hot-site is a facility that mirrors a company’s own data center in terms of meeting the requirements for computing capacity, peripherals, data storage and telecommunications. Technical and operational support are also often available. This option can normally assure recovery within 24 to 48 hours and typically costs less than 1 percent of the data processing department’s annual operating budget. It would be inappropriate to place even this small cost entirely in the insurance expense category, as insurance is essentially a passive expense. Unless a disaster occurs that is specifically covered under a policy, nothing happens.
Conversely, hot-site protection is proactive. The regularly scheduled testing (a requirement of good hot-site contracts) measures the ability of the plan to act as expected during any event. This too, is unlike an insurance policy where the question of the adequacy of the coverage is unknown until after some disaster occurs and a claim has been filed. The hot-site vendor is regularly involved in testing and preparing for the required support and proving that the plan can perform as expected.
Additional benefits of this testing procedure are enhanced employee skills, increased data processing department performance, and improved company policies and procedures. It might be fair then to place a portion of the subscriber fees in the consulting services category.
Insurance is a key product which functions by measuring loss, while hot-site vendors are risk-avoidance oriented. Insurance companies are prepared to help measure the loss sustained during a covered event. They may cover defined measurable costs post-event, but an organization’s lost momentum, the customers that discover a new vendor, the employees that leave for new employment and so forth, are all costs that the company must bear. Hot-site protection is oriented toward working to recognize potential risks and helping subscribers to deal with them. Once a subscriber is on site, the hot-site provider is dedicated to helping his customer to get back in business in a matter of hours and to stay in business.
The Foreign Corrupt Practices Act has been interpreted to hold officers of publicly held companies personally liable for assuring prudent stockholder’s assets. The personal liability cannot be measured prior to an event that would cause stockholders to file a lawsuit challenging management’s decisions. A company that had hot-site participation has yet to be sued for its management practices.
In conclusion, a hot-site subscription is not only another form of key insurance coverage, it is a critical requirement for most organizations to assure their ability to keep their business in business. Additionally, it serves as a catalyst to build and improve data processing performance, skills, policies and procedures.
For the cost of a very small percentage of the data processing budget, hot-site coverage has proven to be the best value for dealing with a disaster which affects an organization’s critical computer systems.
Michael B. Pearce works for Weyerhauser Information Systems.
This article adapted from Vol. 2 No. 2, p. 15.