Insurance data shows that about 75 percent of businesses lack a Disaster Recovery Plan (DRP), or a set of steps to help them resume critical operations as soon as possible after a disaster. Without a recovery plan in place, businesses can stand to lose thousands of dollars ($300,000 per hour on average, according to Gartner)
Natural disasters may strike any place at any time, and they occur all too often. Hurricane Sandy, 2015’s extensive flooding in the Southern United States, and, most recently, the wildfires in Fort McMurray all serve as reminders of what may happen to anyone, and to any business.
While use of the Cloud and other modern technologies generally make businesses better prepared for facing a disaster, the need for well thought out and tested DR Plan is not going away. However, having a “cloud DR/backup” may give a company a false sense of being ready for promptly resuming critical operations in case of a disaster. And this is likely not the case.
Many Businesses Don’t Have Disaster Recovery Plans
There are many reasons why businesses delay creating a Disaster Recovery Plan or neglect to do it altogether.
- There is always “a bigger fish to fry”. Priority for generating a working DRP tends to escalate only when there are big news of another company going out of business due to a natural (or human made) disaster. But then there is not enough bad news to keep the momentum going and DR Planning subsides with time.
- DRP requires continuous revising to keep up with business and technology changes as well as testing to validate its solvency, which is expensive, laborious and becomes hard to justify due as the time goes by.
“Technical DR Backup” does not equal “Working DR Plan”!
When CEO asks: “Do you have a DR Plan?“, a CIO’s answer often is: “Yes, we backup to the Cloud (or/and another remote site) and the users are all mobile“. Beware that such dialogue might be an indication of a disconnect between business and IT of what “Disaster” means and what the goal of Recovery should be.
CEO is interested in being able to promptly recover and retain certain critical business functions in case of some rare, catastrophic event. Mind that such event does not even have to impact existing IT capabilities. What CIO’s answer means is that he is confident in IT’s ability to recover critical systems in case of their catastrophic failure.
Recovering business capabilities and recovering IT capabilities are two completely different things!
A Company must have a Business Continuity Plan working in concert with IT DRP to Ensure a Successful Recovery of Critical Business Functions
Business Continuity Plan (BCP) goes above and beyond of mere data and information systems recovery and it embraces IT Disaster Recovery Plan as one of its essential components, making it support the recovery of critical business functions and processes through technology.
A CEO/CIO dialogue above is when there is no BCP, or the BCP is completely disconnected from IT DRP. Moreover, IT has a wrong understanding of what “Disaster” even means in BCP context, attributing “Disaster” to a trivial failure of a critical piece of technology (Critical or Major Incident).
Without well coordinated and timed action plan, triggered by particular events (invocation protocol), and targeting prioritized recovery of specific business functions (which is what BCP/DRP is), just having data sitting somewhere remote with a promise (often from a 3rd party) of being available, a disaster recovery effort is going to be at best chaotic and its results are unexpectedly poor.
Read further to learn how in4BIT Inc. can help you with BCP and DRP alignment, documentation management and recovery test simulation.