Symantec.com
Partners
About Symantec
cartCart
  CIO Digest Logo  
  Current Issue
 | 
 Back Issues
 | 
 Subscribe
 | 
 Advertise
 | 
 Online Only
 | 
 About
 | 
 Contact

10 Disaster Recovery 'Gotchas' to Watch For

1. Unrealistic expectations - Make sure people understand how long (2 minutes, 2 hours, or 2 days) it will take for systems to come back after a disaster. Usually established within the Business Impact Analysis, the Recovery Time Objectives are the time requirements set by the business to recover critical systems.

2. Assuming a tool will fix everything - Don't make the mistake of assuming that you have a business continuity or disaster recovery plan because you bought a tool. A backup and recovery tool is not a plan. More than simply creating an IT Disaster Recovery Plan, organizations need to create a Business Continuity Plan.

3. Understand the risks - Threats and risk exposures come in all shapes and sizes. It is important to weigh and categorize these exposures. Once they're weighed, a decision can be made to mitigate them. Additionally, the potential financial loss exposure should be determined to establish mitigation cost models.

4. Project mentality - Business continuity/disaster recovery plans are not projects-they're processes that are never finished and need to be continually reviewed, updated, and integrated into an enterprise change management culture.

5. Inadequate testing - Plans are only as good as the last time they have been tested and can fail when organizations simply test for success and not for the range of potential issues. After the inaugural test, introduce variables into the test methodology, e.g., some recovery team members are "unavailable" to participate.

6. Lack of documentation - It's important for organizations to document the business continuity/disaster recovery plan as well as the assumptions that went into defining it, so the plan be changed as the organization evolves. Documentation should define all BC/DR team roles (and alternates), responsibilities, and procedures.

7. Forgetting the people - Systems and applications are useless without people to use and manage them. Don't forget to build appropriate personnel resource considerations into your plan. Include manual process workarounds when applicable since some systems may not be operational for an extended period of time.

8. Education - Money invested on business continuity/disaster recovery education and training is well spent and should be included in the plans, the results of which can be measured during BC/DR drills.

9. Downplaying security - Recovering from a disaster is critical, but not so critical that you can forget about security. BC/DR and security are intimately related, as often security breaches beget the need to declare a disaster.

10. Doing business as usual - Don't assume that just because it's always been done that way, it's the right thing to do. Organizations need to make sure they question assumptions when establishing a recovery program. Lastly, it's important to have provisions to return to a normal state as soon as possible following the recovery efforts.

[Source: John Janachowski, a principal and team leader for the Business Continuity and Security Planning team, The Revere Group, Chicago. The Revere Group is a consulting firm owned by NTT Data of Japan. Janachowski is responsible for working with clients to implement effective business continuity and disaster recovery programs and has more than 20 years of experience.]


Article Finder
>



TOP ENTERPRISE LINKS

ENTERPRISE RESOURCES
Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2007 Symantec Corporation