Disaster/Recovery plans are never finished

Analytics/ Analysis

By Gary Audin

You have adverse events that hamper or stop your IT and network operations. There are power outages, fires, floods, and security attacks. But you must also deal with interruptions due to new application installation, software upgrades that fail, data base changes,

software patches and workload transitions to the cloud. You plan for a disaster, but you cannot plan for all of them. You will need a recovery plan, one that covers what you can imagine will happen and what you can afford. You need to present the plans and budgets to a non-technical audience.

What does the customer see?
Problems can occur across IT and the networks. Consider what would happen if the unified communications and collaboration systems are affected or the disaster recovery plancontact center malfunctions or fails. The problems become public. The public reputation will be impacted and the users and customers will become hesitant to work with the organization. If it is the contact center, once a problem occurs, customers will not be as amenable to purchase products or services. Even after the recovery, there will be marketing costs associated with trying to regain the customer’s trust.

Responding to the problems
Not all problems are from external sources. Adding new applications especially with large data bases like in the contact center can go wrong. Identifying the core business processes requires effort and analysis. Consider performing a Business Impact Analysis (BIA). A BIA is defined as analyzing operational functions and the impact a disruption may have upon them. This first step is conducting an executive discussion about which business processes absolutely must be performed.

When satisfying the business goals, you need to:

  • Identify the core business services that when interrupted will cause financial and reputation harm to your business
  • Evaluate, classify, and prioritize the risks if an interruption occurs
  • Invest the time, effort, and budget to address the risks with the understanding that you cannot afford to deal with all the possible risks
  • Test your recovery plan to ensure that the investment delivers the results you expected

Delivering recovery
You need to address many questions when planning for a business interruption:

  • What failures have occurred in the past and what measures have been taken to mitigate them?
  • How has D/R been budgeted in the past?
  • Are there single points of failure internally and externally to your business?
  • Are your operations dependent on a single source, vendor, service, or specific individuals that can hamper the recovery?
  • Do you have redundant facilities and locations with timely backup software and data?
  • Is this data replicated and how frequently?

What the C-level executives want
The C-level executives do not want to observe outages that last days versus minutes. They want to see the disaster/recovery plans that will demonstrate rapid response with accurate return of service.

The C-level executives expect recoverability and the ability. You need to demonstrate that you can recover effectively. The executives expect that the business services that the organization provides will be there when needed. The faster the disaster resolution, the better for retaining the customer/user.

Presenting the D/R plan
Remember you are the technologist presenting technology solutions to various business units. You need to understand their D/R goals and how they are prioritized. Appeal to their business sense. Don’t focus on products, focus on the challenges and solutions. Don’t try to scare them with fear, uncertainty, and doubt to make your points.

Do not overstate your objectives. Be conservative. It is better to exceed the goals than to not meet them. Expect that disaster recovery is not a topic that C-level members often discuss. Be concise in the presentation. C-level executives have many other business subjects to consider.

Prepare in advance. Executives will ask:

  • What is the business impact of various types of interruptions and outages?
  • What is the budget for the D/R investment and what will it mitigate from a business perspective?
  • How long would the systems and services take to recover and restore from an interruption?
  • Do the recovery solutions align with the customers’ expectations?
  • Is there enough investment to sufficiently manage the business continuity risks?
  • How will the D/R plan be tested and what will be the business impact during the test?