Common Definitions

Let us look at Disaster Recovery (DR) and Business Continuity Planning (BCP).  

Disaster Recovery is the process, policies and procedures of restoring operations critical to the resumption of business, including regaining access to data, records, hardware, software, and  communications (incoming, outgoing). 

Business Continuity Planning (BCP) is an interdisciplinary concept used to create and validate a practiced logistical plan for how an organization. 

Two other terns that seem to turn up when discussing  Disaster Recovery are the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). 

Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity . The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. 

Recovery Point Objective  (RPO) describes the acceptable amount of data loss measured in time. The RPO is the point in time to which you must recover data as defined by your organization. This is generally a definition of what an organization determines is an "acceptable loss " in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO the data must be restored to within 2 hours of the disaster.   The definitions for the above terms have been provided by Wikipediai

Introduction

At several recent meetings the topic of disaster recovery has come up.  In one case it was a meeting dedicated to detailing an organization's current plans and procedures.  Another meeting to explore different alternatives that an organization may consider.  This is the basis for this document.

Let us first define a few key terms as they relate to our topic so we are all on the same page.  They have been detailed on the left border of this page for your reference.

What essential questions do you need to ask when your customer wants to talk about disaster recovery? It may be as simple as guidance with a disaster recovery plan to the more intense task of implementation of a DR site.  This is no definitive list.  It seems that the answer to each question can lead to three more questions.

As can be imagined most IT staff don't want to openly discuss this topic if they haven't planned for it. If they have planned and have tested they freely discuss and complain about the process. But they have a "tested" process. Here are a list of questions I collected in preparation for a discussion with one of our larger customers.

Questions to Ask

1. Do you have a business continuity plan?
2. Do you have a technology DR plan today?
3. What kind of disaster is being anticipated that would require a recovery?
4. Does the organization have the ability to financially support a technology DR plan in their budget?
5. Are regular backups of data preformed at least daily?
6. Are regular backups of the applications and operating environment preformed at least daily?
7. Backups kept off-site?
8. Are at lease three versions being retained?
9. What backup technology is employed?
10. Has a complete local recovery of key services been tested?
11. Where is  the DR site?  Planned site?
12. What is the distance between the two locations?
13. What are the critical applications and services which would require DR? 
14. What is the expected recovery time, the "Recovery Time Objective" for specific services?
15. What is an acceptable amount of data loss, the "Recovery Point Objective" for specific services?
16. What percentage of the application usage needs to be supported by the DR site? 
17. What is the size of the disk storage that needs to be replicated?
18. What percentage of the data changes daily? 
19. How often will the data need to be replicated?
20. How far out of date can the data be?  4 hours?, 8 hours? 24 hours?
21. How is the DR site funded?
22. Could the DR site be a co-location facility? 
23. What type of access do you have to the DR site?
24. How do you get essential staff to the DR facility and sustain/support them while working there.
25. Will the DR facility allow access to your essential staff members?  How is access determined/limited?
26. Can the existing networking and security infrastructure support the switchover or failover to a DR site?
27. Can the existing client devices support the switchover or failover to a DR site?
28. Do written procedures for computer operation exist to bring up the DR site?
    
    

The Basic Components of a Disaster Recovery Plan

1. Define what is an acceptable loss both in terms of services provided as well as financially. Then look at the potential costs to fund the development and implementation of a plan.
2. Everything needs to be backed up .How much of your electronic information is not being backed up and why?
3. Organize the services and information by how critical it is to the organization.  Determine their priority. Determine how long the organization can live without them? 
4. Protect against disasters. Most people think of natural disasters when creating a disaster recovery plan. There are nine other types of disasters .  Protect against all of them. 
5. Document what you have done. Put it in writing.  Have it reviewed by whomever you can get to read it. Ensures that the documentation is available during and after a disaster.  Review it frequently.
6. Repeatedly test you plan.  Most DR plans are not successful because they have not been tested. Start with a table top exercise.   Think about that. Testing the plan without leaving your office.
   
   

Summary

The main components of a DR plan are rooted with people, process, procedure, politics, and last of all technology. I have included several pointers for more information related to this topi

• Architecting Availability and Disaster Recovery Solutions, Tim Read, Sun N1 Availability Engineering Sun BluePrint April 2007 Part No 817-5783-11 http://www.sun.com/blueprints/0406/819-5783.pdf

• TIL - Continuity Management & BCP http://www.itil-itsm-world.com/itil-8.htm
• Business Continuity Planning http://www.business-continuity-and-disaster-recovery-world.co.uk
• Disaster Recovery World   http://www.disasterrecoveryworld.com
• IBM System Storage Business Continuity Solutions Redbook http://www.redbooks.ibm.com/redbooks/pdfs/sg246684.pdf
  

I would like to thank my peers for their input and review if this document.