DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

Cost-effective recovery strategies and written agreements related to the most feasible alternatives are important aspects of business continuity planning. Numerous unpredictable and often unpreventable hazards can endanger the organization. Because of these threats, recovery alternatives for human resources, facilities, critical systems, data and voice communications, and business processes should be evaluated.

The recovery strategies should be based on the critical resources as determined during the business impact analysis (BIA). This article focuses on the methodologies for determining the most beneficial technical recovery strategies and assumes that a comprehensive BIA has been performed.

Overview of Technical Recovery Strategies
Commercial Hot Sites

A commercial hot site is a fully equipped, back-up site that is provided by an outside vendor. Hot sites tend to be the most expensive alternatives available for contingency processing. A hot site may be using electronic vaulting that allows the transmission of back-up copies of computer data through transmission lines to a storage facility at the hot site location. A fully equipped hot site service may feature amenities beyond the necessary equipment to process data including varying degrees of security, fire protection, and telecommunications capabilities. Security could be elaborate, including electronic card-entry systems, 24-hour security guards, motion detection systems, water sensors, and closed circuit television.

Mobile computer hot sites are also available for specific equipment. In this case, a large trailer containing backup equipment and peripheral devices is sent to the scene of the disaster and connected to existing communications lines.


The advantages of a commercial hot site include the following:

- Hot sites are generally available following a disaster, especially if the subscription is with a larger provider with multiple locations.
- Hot site providers can offer all necessary environmental equipment, computer equipment, communications equipment and technical support staff for alternative site processing.
- The time frame for recovery is relatively short for a hot site.
- Hot sites can be routinely tested to ensure compatibility of hardware, operating software, communications network, etc. They can also be tested remotely without having to travel to the hot site location.
- The configuration requirements at a hot site can typically be expanded by purchasing more computing power. Multiple processors are usually available and the subscriber pays only for the capacity required at the time. As an organization’s requirements grow, the contract can be expanded with the hot-site provider.


The disadvantages of a hot site include the following:

- Hot sites tend to be an expensive recovery strategy alternative.
- Daily usage fees at a hot site tend to be very expensive.
- Hot sites are only available for a fixed period of time, usually six weeks. Within this period of time, the organization must rebuild or relocate its data center to a cold site facility or another, more permanent location.
- The hot site may not be able to provide for special equipment requirements, such as unique laser printers, forms handling equipment, etc.

Commercial Cold Sites

Some organizations choose to acquire cold-site (empty-shell) services from the outside or provide empty-shell capabilities internally. An empty shell is an environmentally protected computer room equipped with air conditioning, wiring, and humidity control for continued processing when the equipment is shipped to the location. Some empty-shell sites have communication links already set up in case of a disaster. Empty shells would be a lower cost approach, but difficult and expensive to test.

Some companies specialize in providing portable empty-shell services. In this scenario, an environmentally protected and readied structure would be transported to the disaster site so equipment could be obtained and installed near the original location. These services have a relatively lower cost.


The advantages of a cold site include the following:

- A cold site is the lowest cost strategy in comparison to warm sites and hot sites, yet offers some degree of protection to the organization.
- A cold site generally contains all the environmental equipment, such as a UPS system and air conditioning, to protect the computer system. There may be security systems and, in some instances, communications links already established in the event of a disaster.
- Portable cold sites are also available. In this scenario, an environmentally protected and readied structure could be transported to the disaster site so equipment can be obtained and installed near the original data center location.


The disadvantages of a cold site include the following:

- Cold sites cannot be tested unless equipment is expedited and communications lines installed.
- Cold-site testing is often expensive because the equipment must be temporarily rented or leased, shipped to the cold site, installed, and then returned to its owner.

Internal Hot Sites

Another recovery strategy is to establish an internal hot site. This alternative is more applicable to distributed systems because the cost of server equipment is lower than a mainframe and requires less space and a less restrictive environment. Used equipment may also be available, either through the original vendor or through equipment brokers.

Additional complications may arise when implementing this alternative, such as equipment obsolescence and replacement. Some organizations choose to keep their older processors when upgrading equipment and use the older units as backup equipment. When planning the construction of a new remote facility, extra floor space could be allotted for a hot site or could be designated as a shell for temporary processing. The internal hot site should be sufficiently distanced from the original computer location to prevent its destruction in an area-wide disaster.


The advantages of an internal hot site include the following:

- An internal hot site could continue to provide processing for critical business functions. These functions may be provided at a reduced service level, but the service continuum would not be broken under this scenario.
- An internal hot site could reduce the impact of a disaster to the organization.
- An internal hot site would be easier to test than most other alternatives because of the similarity of operating environment and applications processed.
- An internal hot site would provide additional resources for other uses. It could assist in maintaining service levels in times of high transaction volume and growth.
- An internal hot site would reduce or eliminate the need for hot site/cold site fees, including monthly subscription fees, declaration fees, daily usage fees, etc.
- Technical support staff would be more familiar with the operating environment in a second data center. Technical support staff would not have to set up a completely new operating environment if one already exists.
- Support staff would generally be available at the second site.


The disadvantages of an internal hot site include the following:

- Cost of operating an internal hot site.
- Management and operation of two facilities and two staffs could be more complex.

Reciprocal Agreements

In the past, when data processing was more batch-oriented than online oriented, reciprocal agreements were common. Reciprocal agreements assume that adequate resources are available at the reciprocal site and adequate time is available for processing – probably during third-shift operations.
Reciprocal agreements are not practical for most systems that require extensive online processing or require batch processing beyond one shift to accomplish a day’s work. Reciprocal agreements tend to be inexpensive and, in many cases, cost nothing. The use of reciprocal agreements for backup purposes is also discouraged because there is usually no guarantee involved.


The advantages of reciprocal agreements include the following:

- Reciprocal agreements could be relatively inexpensive in comparison to other alternatives or, in some cases, have no cost.
- Reciprocal agreements are easy to administer and conceptually understand.
- It is possible to test reciprocal agreements for critical applications.


The disadvantages of reciprocal agreements include the following:

- Processing resources may not be adequate to process critical applications for the organization.
- With changing requirements, equipment and operating software may not be compatible between both sites.
- Often, the only time available for processing is during the third shift, which is probably outside of the business hours of the using organization.
- Often, no guarantee of availability is provided. The site may not be available following a disaster.

Vendor Supplied Equipment

Many vendors will promise, in writing or verbally, “Should a disaster strike, you will receive the next machine of comparable capability from the manufacturing line for shipment to the disaster recovery site.”


The major advantage of vendor-supplied equipment is:

- Minimal cost.


The relative risks associated with this means of recovery are:

- The equipment may no longer be manufactured.
- Some peripheral equipment may be difficult to obtain.
- A delay may be experienced in identifying hardware and components, shipping them, installing them, and making them ready for operations. A minimum of one week could be experienced.
- Costs could be high for expediting shipment at the time of the disaster.
- This alternative is difficult to test.

Quick Ship Arrangements

For critical applications processing on servers and PCs, the organization could designate certain equipment that can be shipped in an emergency situation from one location to another. Arrangements can also be pursued with equipment manufacturers, brokers, and dealers for expediting PCs, file servers, printers, and other peripheral devices following an emergency.

The servers may also have connectivity through an enterprise-wide network to other locations and facilities. In the event of a disaster, personnel would need to move to a temporary location – at another facility within the organization or to leased space. Server backup files would need to be obtained from the off-site storage facility and a minimal number of PCs, servers, and other equipment should be dispatched to the temporary location either from another location within the organization or from equipment manufacturers, brokers, or dealers. Network personnel would then restore the server from server backup files and establish server connectivity with the enterprise-wide network. At that point, the organization could perform ongoing operations from the temporary location.

Output distribution from the temporary site could be accomplished using couriers or through remote printing capabilities.


The advantages of quick ship arrangements include the following:

-Relatively low cost.
- The time frame for recovery is usually within 24 to 48 hours.
- Usually there is no declaration fee.


The disadvantages associated with this means of recovery are:

- The organization would need to have a location available for receiving shipment of the equipment.
- Quick ship arrangements usually apply only to servers, PCs, and related peripherals.
- Some equipment may not be available for quick ship arrangements.
- A delay may be experienced in identifying hardware and components, shipping them, installing them, and making them ready for operations.
- Costs could be high for expediting shipment at the time of the disaster.
- This alternative is difficult to test.

Cooperative/Consortium Arrangement

This option is similar to the internal hot site except that the facility is owned cooperatively by several organizations. The major advantage is shared costs. The major disadvantage is that it may have to be shared if a disaster affects more than one co-op member.

Electronic Vaulting/Mirroring

Electronic vaulting/mirroring can be used to decrease recovery time. Electronic vaulting allows the transmission of back-up copies of computer data through transmission lines to a storage facility. The transmission can be immediate or delayed. This technique eliminates the need to physically move tapes and allows for real-time recovery. It requires high-speed communication lines.
There are three major types of electronic vaulting: online tape vaulting, remote transaction journaling, and database shadowing. All three types of electronic vaulting can reduce the time required to reconstruct applications at the computer recovery center by reducing the exposure of data and applications to the disaster.

Grid Technology

“Grid” computing has emerged as an important new technology providing flexible, secure, and coordinated resource sharing among dynamic and diverse organizations. Grid architecture supports distributed processing capabilities by connecting multiple sites, devices, and platforms transparently, and is designed to recover from failures. Grid computing can contribute to business continuity by ensuring computer availability, managing data locality, supporting IT security, and eliminating disaster reaction time.

Comparison of Technical Recovery Strategies

Numerical Analysis

A methodology for comparing various recovery strategies is presented below. The methodology is based on using several evaluation criteria. Each evaluation criteria is assigned a priority (high, medium, low, or n/a) as listed below, and each recovery strategy is assigned a rank (completely, partially, no, or n/a) as listed below. The score is calculated by multiplying the priority by the rank using the following values:

The sample analysis presented below compares the following recovery strategies:


Cost Analysis

It is also important to perform a cost analysis for each alternative. A request for proposal (RFP) is a useful technique for obtaining information on various recovery strategies to gain a basis for comparing the advantages and disadvantages of each approach. The purpose is to define the necessary requirements for recovery services at an appropriate level of detail to facilitate preparation of responses and subsequent evaluation of alternatives. Below is a sample format for a cost analysis.

The final step is to compare the relative costs, benefits, and estimated recovery times for the various recovery strategies:



Selecting the most appropriate recovery strategies and related services are the foundation of the business continuity planning process. Therefore, it is important to perform the analysis carefully and thoroughly. Recovery alternatives should be determined for all critical resources including systems, data and voice communications, business processes, human resources, and facilities.

 Geoffrey H. Wold, CPA, CMA, CMC, CDP, CSP, CISA, CFSA, CIRM, is a partner and the managing director for LBL Technology Partners. He specializes in providing a wide range of technology planning services for a variety of industries and has written 20 books on several technology topics including eight books on business continuity and security planning.

Tina L. Vick, CBCP, CFSA, is the CEO and managing director of Innovative Advisors, Inc. She is a Certified Business Continuity Professional specializing in risk and security analysis, plan development, project management, and software design and development. Wold and Vick have consulted on hundreds of business continuity plans in several industries.