Lessons Learned for Disaster Recovery and Business Continuity
The authors of the Disaster Recovery / Business Continuity Template have managed the creation of plans as well as have been through the recovery process. As a result they have learned a number of lessons. They are:
- The success of the recovery is directly related to the quality of the plan, the training provided, and the testing that has occurred before the disaster occurs.
- Personnel issues will be your primary concern - plans should take into account employees' personal needs. If the disaster is wide spread then employees are concerned about their families and can not focus completely of the recovery process.
- Assume that all the right people will not be there in time to declare the a disaster has occurred nor to begin the recovery process.
- Everyone will be under stress and tempers will be short - leadership is what will make the recovery successful
- Assume that no electronic copy of the plan will be available for some time - have an updated paper copy that can be used immediately.
- Power failures take down telecommunications - network providers and individual phone batteries require electricity. Circuits will be overload and land lines may take some time to restore. Cell phones can not work if they can not be recharged.
- Travel and transportation will be restricted - plan for road closures, police blockades, disabled vehicles, limited rental car availability and dwindling fuel supplies. If individuals leave the immediate area they may not be allowed to return.
- Critical facilities should not be located in close proximity. If the primary recovery facility, media, or network are in the same general area they may be affect as well.
- Resources should be staged in safe areas - switching equipment, generators and fuel tanks should be located above flood levels. In addition the assumption should be made that recovery at the impacted site could take several days if not weeks or months.
- Data management challenges will arise - backup systems should not require physical connectivity to your infrastructure. When the recovery process begins you need to assume that nothing is working - hardware, software, media, and license keys.
- Insurance coverage is often inadequate - understand your coverage before disaster strikes, and document activities for adjusters. Also understand that insurance adjuster's primary goal is to limit the liability of the insurance carrier not to fill every one of your enterprise's needs.
- The authors have been in situations where adjusters "argued" that a piece of equipment was useable and would not approve replacement equipment. In situations like that remember that the objective is to get the business back in an operational more - bite the bullet and do what is necessary to get the business back in operation.
- Cash is king but document how it is spent. After the fact the proof of expenditures will be needed for reimbursement from the business and with proper documentation from the insurance company.
- Hardware may be damaged - develop and test a plan for replacing equipment and for disposing of unusable devices. With technology it often is less expensive to replace equipment than to repair. Create a location where damaged equipment is placed and log the reason it is there so that after the fact decisions can be made on what to do with the equipment.
These are just some of the lessons leaned. The Disaster Recovery Business Continuity Template has been chosen by over 3,000 enterprise world wide because it has all of the author's experiences and lessons included.
Data Breaches Continue to be CIO Concern
The FBI received a record number of complaints in 2008, and the associated direct cost of the frauds carried out with stolen data was $265 million versus $235million in 2007. Adding to this is the challenge of securing personal information and intellectual property data. Companies are granting access to more systems and information - bank customers access to account balances; workers maintain their own 401k and investment accounts; web shoppers place orders and make purchases with a single click; and business partners work on projects in a collaborative manner online.
To reduce the risk of a data breach or theft, organizations must adopt new tactics. In addition, companies must address e-mail and Web security along with employing a functional data loss and prevention strategy. The application of multiple security techniques is required to reduce risk. For example, there must be a way to control spam and block the downloading of malicious software from poisoned Web sites. In today's open Web 2.0 and social networking environments, companies need a way to defend against attacks and protect secret or sensitive data. At the same time, they must maintain a flexible and responsive infrastructure to support today's business working habits.
The Janco Security Manual Template has helped over 2,000 enterprises world-wide to meet these requirements.