CHICAGO -- Disaster recovery specialists have got to be shaking their heads and wondering why it took a tragedy like the World Trade Center attacks to get businesses to start thinking about their backup plans.
The believers have been preaching it for years. Now, businesses want to know the truth. What's it going to take to get a disaster-recovery plan in place that's going to protect my company in case of another attack?
"Most disaster planning is done after a disaster," said Jon William Toigo, an independent consultant and speaker at the Storage Decisions 2001 Conference held here last week. "In the companies that I visit, people don't like to talk about disaster recovery. But, you have to stare disaster in the eye."
Many of the nearly 400 high-level storage executives attending the show said they were there to learn more about disaster recovery, which jumped to the top of their agendas after the attacks.
According to Damian Walch, senior vice president for Comdisco's continuity services, most companies don't prepare for a disaster such as the attack on the World Trade Center. "If Sept. 11 taught us anything, it's that we do have to plan for catastrophic events."
Walch told attendees that if they didn't have a strategy in place, then they needed to get one. "If you have one in place, but aren't sure if it's effective, you need to start rethinking your strategy."
More than just data recovery
According to Walch, the businesses in the World Trade Center that were able to recover data after the attacks had plans that took a number of things into consideration: They were efficient, used experienced teams, relied on wireless communications and knew the lines of communications.
While they planned for backup, many companies didn't plan for how they were going to communicate, they didn't have backup staff for recovery, they didn't have "rally points" or designated meeting spots and they did not have a temporary facility in which to conduct recovery.
While many companies focus on the backup aspect up to disaster recovery, Walch said users have to go way beyond just data. Businesses need to think about all their business-critical functions. It's not just about recovering data, he said. Companies have got to assure that all business functions can continue such as office and finance support. "The paychecks still need to get out," he said.
"You should really be looking at the entire information flow," he added. "If I had to leave you with one thing, it is that you need to focus on the one critical business process in your company. For instance, in an insurance company it's claims processing; in manufacturing it's logistics."
Businesses also have to think about the other aspects of disaster planning, such as logistics. Does the alternative site have enough parking spaces do handle the overflow? Are the entrances secure? What network carriers are providing service to the building? Is there a generator to provide power backup?
But, Walch stresses that even though businesses should plan for every scenario, the plan should be brief.
"Don't create a big project out it," Walch said. "The actual written plans should be brief, because the big ones will never work."
He added that the plans should be held in a briefcase or safe place and they should be accessible. Keep the basic procedures on a Palm Pilot so they can be accessed from anywhere. Also, the plan has to be adaptable.
And finally, businesses have to test the plan.
"The objective of disaster-recovery planning is not to write a plan," said Toigo. "It is to develop a capability that changes as the business changes. It is therefore an iterative undertaking. You develop strategy, you test strategy, you refine strategy, you test, you refine, you test, you refine. Forever."
FOR MORE INFORMATION:Featured Topic on Disaster Recovery Storage Decisions 2001 Special Events Page Toigo's Tips