DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

The past few years have seen many companies addressing disaster recovery and contingency planning. The recent rash of natural disasters and the bombing of the World Trade Center highlighted the need for such planning, and has gotten the attention of CEOs and corporate directors.

Unfortunately, during the process of assembling the pieces to the contingency plan puzzle, and especially during the search for disaster recovery planning software, many planners disregard certain industry specifics that may merit special consideration. This article describes the typical planning process, including the software search, and highlights certain considerations specific to specialized industries. Included are:

  • Disaster Recovery Plan Development Steps;
  • Software Search Basics;
  • Examples of Specific Industry Considerations;
  • Sources of Industry Information and Recommendations.


Once the support of upper management is enlisted, and the proper resources are dedicated to the project, the assembly of a disaster recovery plan can follow a fairly routine format. A typical plan includes:

  • Executive Summary--This summary details the purpose and scope of the plan, any relevant definitions or assumptions made in its formation, a general description of high priority tasks, an organization chart of personnel assigned to disaster recovery teams, and any other summary information.
  • Identification of Possible Contingencies--These contingencies include potential business interruptions which limit access to operating facilities, as well as, interruptions specific only to computer and telecommunication systems. Keep an eye open for preventative measures that can be implemented when performing this step.
  • Departmental Operating Procedures--These procedures include identification of high priority tasks which must continue to be performed, special considerations for manual processing in the event automated systems are inaccessible, and location and accessibility of alternate sites.
  • Equipment and Software Inventories--These inventories include replacement plans for short, mid, and long-term outages and processing capacity with physical space requirements for all equipment. The software includes database management features which are typically useful for this process.
  • Personnel Inventory and Recovery Team Assignment--This is a most important section which provides detail on how to contact personnel (i.e. home telephone numbers, etc.) and advises each employee of their assignments in the event of a disaster.
  • Plan Testing Provisions and Maintenance--This is a description of the methods that will be used to test the plan, including a timetable and details of required documentation.


There are many software choices available to assist a company in automating its disaster recovery plan. The following basic procedures should be followed when conducting a search.

Appoint a project coordinator and a Review Committee who will be responsible for prioritizing the departmental recovery, attending software demonstrations, and ultimately, selecting the software. While some might argue that a committee might slow the process, the difficult decisions to be made in prioritizing operations deserves the consideration of more than one employee or consultant. In fact, it is wise to include members of upper management or the audit department on the Review Committee.

Formalize a Business Impact Analysis document which describes the organization’s critical functions and ranks the priority that departments and functional areas must address in the event of a business interruption.

Document the needs of each critical department in terms of office equipment, including computer and communications equipment, office supplies, and minimum personnel requirements. It is a good idea to document these needs in terms of the amount of time an outage may last. Critical needs, especially personnel, may vary drastically for an outage that incapacitates a computer system for a week versus a month.

Consider any specific requirements related to your industry or constraints that your geographic location may impose. These considerations may change the requirements of the disaster recovery software.

Prepare a formal Request For Proposal, or a more informal questionnaire to distribute among potential vendors. This document should describe the critical needs and desired functionality of the software, and will serve as a uniform and objective basis to evaluate potential vendors.

Research potential software vendors and distribute the RFP to those that fit a basic criteria. Research questions to ask potential candidates include years of experience, size of support staff, number of installations, training techniques used, financial strength, experience in your industry, and reference list of users. It is also reasonable to inquire as to whether clients of the vendor have ever had to implement their disaster recovery plan, and further information regarding the results of the plan.

Evaluate proposals from vendors by having the Review Committee rank each candidate numerically. This process can be somewhat simplified by weighing each requirement listed in the RFP, assigning a value to the vendor’s response for each requirement, and aggregating the total responses by vendor.

Software demonstrations should be required by the top three ranking vendors. The Review Committee, along with any other necessary personnel should attend these sessions. Remember to inquire about the security features of a particular software package. Contingency plans often include sensitive information that should be kept confidential.

Select a vendor and carefully negotiate any necessary terms and arrangements to avoid misunderstandings regarding the responsibilities of the parties involved, ownership rights of software/licences, confidentiality issues, etc.

Install the software, provide for training of operating personnel, and assign a timetable for the project coordinator to implement the system.


Historically, much of the impetus for disaster recovery planning has centered around the corporate data processing department. Electrical power interruptions and less than reliable computer equipment have heightened the awareness of data center management to the need for contingency planning.

Today, contingency planning is a much broader field. Corporations are interested in organization-wide planning that covers all aspects of daily operations including provisions for client relations, key vendor relationships and other third party service providers.

Unfortunately, not all disaster recovery planning software is written with these broad needs in mind. Many offer an acceptable array of “generic” features some which can be tailored to the needs of your specific industry. The keyword to remember when evaluating DRP software is flexibility.

The following illustrates the varying needs of different industries and work environments:

  • Financial Services Institutions--Banks, Brokerage Houses, and Investment Companies (Mutual Funds) are typically characterized by large computer systems with high transaction processing volumes. Mainframe or minicomputers are the most common platform for these backoffice systems and often the disaster recovery plans in these organizations revolves around these systems and the main data center where they are housed. These companies may, however, use outside service providers or rely on third party data to a great extent.
    As an example, investment companies must price securities held in a mutual fund daily in order to calculate the net asset value of the fund, i.e. the price at which shares can be bought and sold.
    Prices are often received through data communication lines from stock exchanges or security pricing services. These data feeds are critical to the investment company’s capability to operate and should be explicitly addressed in the disaster recovery plan.
    Accordingly, DRP software used by such institutions should allow for the customization of various sections covering these third party service providers.
  • Hospitals and Large Heath Care Providers--Many hospitals and related organizations have contingency plans in place which directly address electrical power requirements and communication line redundancy, widely viewed as the most critical needs of these institutions. In the event that evacuation of a facility is necessary due to fire, flood, etc. precise timing and definite alternate locations are essential to a successful recovery. DRP software in this case must be able to address precise scheduling issues, contain an alternate location database (including adequate directions to each location), and provide a detail contact list (for doctors, technicians, etc.).
  • Professional Services Firms--Many professional services firms (e.g. law and accounting firms) have a multitude of documentation and work-paper files concerning client matters. These documents are often difficult to recreate yet often leave the office with staff members or are left in file rooms that are not protected from fire or water damage. Microfiche copies (or optical scanning) of critical documentation can mitigate the potential damage caused by loss of the original hard copies.

In these instances, a valuable feature of disaster recovery software is the ability to maintain a built-in index of where the backup documents are stored and the procedures necessary to access them.


If you are about to implement or revisit a disaster recovery plan, take a moment to consider specific needs pertaining to your industry. If you are not comfortable that you have covered all the bases, try these additional sources of information.

  • An Industry or Trade Association--These groups often meet to discuss business issues and provide good contacts.
  • Your Current Software Vendors and Third Party Service Providers --These vendors may often have relationships with disaster recovery software and service providers, and typically understand your industry needs.
  • Disaster Recovery Software/Service Providers and Consultants--These contacts are often willing to share ideas and experiences, especially if you are willing to endure a sales pitch.
  • “Friendly” Competitors --Companies in the same or similar industry which don’t directly compete with you due to product line, geographic location, etc. are also particularly good sources of information. This is especially the case if they were provided to you as a reference by a potential DRP software vendor.


Well-chosen software can often make the process of implementing a disaster recovery plan a much less daunting task, however, choosing software that doesn’t meet critical requirements will frustrate and delay the process.

In evaluating the needs of your organization, take a moment to reflect on your industry and its peculiarities in order to formulate specific requirements. This bit of research can go a long way toward helping you select the right software and successfully implement your disaster recovery plan.

Michael A. Natoli is a Senior Manager in the consulting services division of McGladrey & Pullen, in New York, NY.