Disaster RecoveryThe People Dimension

Today’s Agenda

• Why bother with any Disaster Recovery/Business Continuity Planning?

• Importance of the People Factor

• Disaster Recovery Components and SME’s

Question?

• Who has any Disaster Recovery plans?• What does it involve?

Data Equipment Location People

• What’s the most important?

Why bother with Disaster Recovery?

• Reassurance (that if it happens you’re ready!)

• Technology recovery alone is not sufficient• Insurance policies starting to insist upon a

robust proven plan• Allows a more structured approach to

spending and investment• Approx 80% of business’s with no tested DR

plan went bust post 9/11

Disaster Recovery Components

• DR plan should consist of instructions for: Routine data backup. Data security

• Plan should contain checklists, reference documents and worksheets and recovery worksheets

• Plan should be designed so there is no need to read every word – Simplicity!

People have to implement it!!

Importance of the People Factor

• Business Continuity Institute Study Good progress on technology recovery but

need to train staff Many plans flawed due to emphasis on

technology Problem particularly acute among small and

medium sized companies 43% of SME’s do not have or test their

Disaster Recovery plans (or train their staff on what to do in the event!!)

Importance of the People Factor

• IT Disaster Recovery itself is not enough!! Not just data backups

Who keeps them and where?

• Need to have business processes and procedures written down so they can be duplicated

Not just standby hardware What software does it need and where is it?

• At least some testing to see how people and processes interact with IT systems in a DR situation

Not just a standby office/home office Are the appropriate links in place and tested.

People have to implement it!!

What should we all do?

• Understand and record our business processes.

• Know how they integrate with and rely on IT.

• Understand the real risks of something going wrong?

• What are the minimum actions and activities needed to keep the business going.

Why should you do it.

• The fundamentals IT vs. Business Processes Information vs. Business Continuity Survival vs. bankruptcy

• The risks Accepting risk may be appropriate where its

elimination too costly Knowing your business enables spending

only where needed Staff need to know what to do if it happens

People have to implement it!!

What you need to know

• Inventory and Minimum Acceptable Recovery Configuration – Designed to show your entire hardware inventory and what inventory will be required in the event of a disaster

• Operating System/Application Matrix – Lists all Operating Systems and applications running on the hardware

• Software List and Documentation Worksheet – Lists software, records or documentation required to recover from disaster and who holds them (location)

What you need to know (cont)

• Server Recovery Worksheet – One per server and gives all necessary information required to recover a server that is deemed necessary in MARC worksheet

• Internal and External Contacts/Location Report – Lists all internal/external staff or organisations that could be required to recover from an IT disaster

Personnel contact list (mobiles) IT Support company ISP (Internet Service Provider) Telecoms Co.

• Who is going to do what, where!!

People have to implement it!!

So you are Safe

• This check list is there for you now• BUT……..

DO you have your data DO you have alternative IT facilities? HAVE a basic plan on what you will do in the

various business/functional areas HAVE a means of communicating with:

Your staff Another location(s)

Which takes us back to where we started !!

Conclusion?

• Perform at least a basic risk assessment of equipment and processes

• Ensure staff understand their role and procedures in case of a disaster

• At the very minimum produce planning worksheets for IT equipment and applications

• Test Disaster Recovery Plan (at least once!)

Thank You

Any Questions?