Disaster Recovery Business Continuity Planning Challenges for Remote Sites
Disaster Recovery and Business Continuity challenges that affect remote offices, remote sites, and at home computing are often relegated to the back burner. However that can be a serious mistake. The remote office and at home computing site may contain data that unique to a customer, distributor, or sales person. If that information is lost is could have a significant impact on the enterprise.
Areas that need to be considered in the DRP and BCP are:
- Managing growing data - An outdated or under-performing backup/recovery solution may not be able to efficiently manage a growing volume of business data. Valuable IT resources that are needed for other business-critical tasks must spend hours managing data protection, thus contributing to an increase in operational costs and making other areas of IT vulnerable to failure.
- Automated backups - Using stand-alone devices rather than network-based solutions requires dedicated human resources to make sure that backups are started and completed. This leads to an increase in human error as the need for intervention grows.
- Recovering data quickly from storage media - Many companies choose to send CDs, DVDs, and tape backups offsite for enhanced disaster protection. Subsequently, data recovery from an offsite backup may take extra time requiring hours or possibly days to be completed.
- Managing data protection at remote/branch offices - Remote locations and at home computing sites usually operate with few or no IT resources. If the data protection solution at the remote office or at home computing site is outdated, under performing, or unreliable and the local IT resources are unable to resolve the problem for several days or weeks, then the data at the remote site becomes vulnerable to threats.
- Meeting regulatory requirements - Non-compliance with global or industry-defined data protection regulations could result in fines, legal fees, and damage the organization's reputation.
- Lack of budget and IT expertise - Data protection is a complex and expensive effort, and enterprise may choose only basic data protection solutions to address their current needs. Such solutions may fit tight budgets, but they may not deliver all the features businesses need - especially when the next 12 to 24 months of data growth and performance requirements are considered. The use of under-performing solutions leads to a host of backup/recovery management issues and could even disrupt business activities. Additionally, many remote sites seem unaware of the abundance of affordable, simple, and efficient solutions on the market. Unlike centralized IT departments, many of these sites simply do not have the time and resources to research and test new solutions before making a purchase decision.
The ISO Standard defines the Information and Communication Technology (ITC) Requirements for Business Continuity (IRBC) program that supports the mandate for an infrastructure that supports business operations when an event or incident with its related disruptions affects the continuity of critical business functions. This includes security of crucial data as well as enterprise operations.
The ISO standard centers around fours areas; Plan, Do, Check, and Act.
- Plan - Establish a Disaster Recovery Business Continuity policy with objectives, metrics, and processes relevant to managing risk and improving the enterprise's Information and Communication Technology ability and readiness to operate at the level defined within the parameters of the enterprise's overall disaster recovery and business continuity objectives.
- Do - Implement and operate the Disaster Recovery and Business Continuity policies, procedures, controls, and processes.
- Check - Assess and monitor the performance metrics as defined within the Disaster Recovery and Business Continuity policy metrics and communicate the results to the management of the enterprise. This process can be done via an audit, a test of the plan, or an actual execution of the plan via a post event analysis session.
- Act - Modify the Disaster Recovery and Business Continuity policies, procedures, and metrics based on the "Check" (audit, test, or execution of the plan) in order to improve the Disaster Recovery and Business Continuity Policy.