IT Business
Contingency / Disaster Recovery Interchange
January 30, 2007
Focus: This Interchange focused on current
plans and actions that member companies are taking to understand
and resolve
the developing conflict between current disaster recovery actions
and the critical, separate, and significant possibility of
armed conflict. Are you ready?
What are the differences between business contingency and disaster
recovery?
Business Contingency:
A prevention plan
What it takes to keep the business going
Pro-active rather than re-active
What is needed in case of a disaster?
Disaster Recovery:
The disaster has already happened
All systems are down, complete breakdown
Re-active vs. pro-active
Taking steps behind the scenes to get the company up and running
Emergency response takes place
Plans:
Schedule hot site tests on a regular basis
Having internal audits to keep plans up to date
Go to outsourcing for guidance when putting a plan together
Have a method to track change control
Gathering the support of executive management is key to implementing
a plan
Risk analysis is very important when planning people loss
What should be in your plan or policy?
Identification of roles and responsibilities
Contacts (internal and external) phone numbers, addresses etc.
What to do and where to go in case of a disaster
What are the priorities to getting the business up and running?
Time frame of down time
Identification of critical applications
Auditing and testing schedules
Communication for associates (!-800 #)
Who is authorized to declare a disaster?
What happens when systems are back up and running?
Who has the authority to make phone contacts during an emergency?
Testing:
Can show upper management why they need DR/BC.
Hot site testing
Server testing
Mainframe testing
Tabletop testing (exercises)
Determine what does and doesn’t work
Emergency Response:
Develop an ER team
Evacuation steps
Educate several people as to what to as a first step during
a disaster
Head count exit points
Risk analysis
Meeting points
Comments/Benefits:
Gaining business buy-in
Testing Strategies/Make sure we thought of everything – Valuable
insight to benchmark ourselves against and to solicit feedback
on alternative approaches.
Metrics - Valuable insight to benchmark ourselves against and
to solicit feedback on alternative approaches.
Frank conversation with peers
No vendors
Validation / contradiction of my knowledge in a “safe” environment
because it rekindles my energy to move forward with plans.
Standards
DR Ownership/Challenging for all organizations – Do we
need to revisit with management
People planning/Not commonly considered
Business vs. DR/Different objectives
Buy-in vs. responsibility
Process & Procedure/New knowledge -
Priorities - Valuable insight to benchmark ourselves against
and to solicit feedback on alternative approaches.
Tools/Validation of lack of tools
Frameworks/Helps me identify gaps in our approach
|
