Sep 13 2007

Be Prepared

When it comes to disaster preparedness, applying the Scout motto pays dividends.
John W. Ellis
Photo: Hot Shots Imaging
Jim Shanks
Executive Vice President and
former CIO of CDW

Disasters happen — particularly when you least expect them.

The “Murphy’s Law” theory seems to ensure that even if you think you are prepared, something will go wrong. Most likely the issue that goes wrong will be the thing you are least prepared for. Of course, maybe that’s just a matter of perception, depending on whether you are looking at a given situation from a prepared or not-prepared point of view.

Being unprepared for a data center catastrophe or other serious loss of data or network resources can have a significant and lasting impact on your business. You should put in the effort up front to define business processes and understand how various units within your company interact with one another.

To determine your most critical data and network resources, you first must understand how the business functions and which tasks are critical. Once you have a grasp of these points, you can use three main tools to help you establish an action plan to keep your business running if disaster strikes.

1 Impact Analysis: Using a current inventory of your network resources and computer equipment — and possibly other documentation such as network diagrams — examine your systems assets and rate them in terms of the impact they would have on doing business if they were unavailable. You can rate them using a scale of 1 to 5, with 1 being slightly affected and 5 being closed down. Of course, you can also come up with your own scale or rating strategy.

In the end, you need to be able to identify the servers, data and network resources that are most critical to your business, so you can give these the highest priority and allocate your resources effectively.

2 Documented Plan: You should consider all reasonable (and maybe even some seemingly unreasonable) scenarios and document the procedures each employee will follow if an event occurs.

Once you have the impact analysis complete, take a look at the list of equipment and resources on it. This will help you prioritize. Your plan should include both business continuity (how to continue doing business during a catastrophe) and disaster recovery (how to return to a normal state of business following a catastrophe).

3 Test Your Plan: One common mistake is to create a great disaster recovery and business continuity plan and assume it is working or will work when needed. If you find a flaw in your strategy the hard way — after a disaster has affected your business — it’s too late. The damage is done.

Run periodic drills and tests to ensure your process works and the people responsible for executing the plan are trained and understand their roles. You should also periodically test your backup data by doing a data restore to make sure you have successfully saved the data you need so that you can recover it when necessary.

Ultimately, being prepared takes time, but it’s worth it. Even a relatively minor problem can seem like a disaster when you are not prepared. Conversely, with a well-designed and documented business continuity and disaster recovery plan in place, even a major incident can be reduced to little more than a minor inconvenience.

Jim Shanks is executive vice president of CDW, a $6.8 billion provider of technology products and services, based in Vernon Hills, Ill.