How’s your organization’s disaster recovery plan? Do you have one? Has it been updated recently? This post will discuss not only IT disaster recovery issues, but also the other things you should do to prepare for a disaster.
It’s fire season in California, where I live. Along with COVID, a heat wave, power outages, the State just got 11,000 lightning strikes. The latest Evacuation Warning area for a 40,000-acre fire stops about half a mile down the street. So, I’m thinking about disaster planning.
CGNET does a lot of strategic IT assessments. Part of them is to assess the IT aspects of our clients’ disaster recovery plans. We’ve found, however, that about half of our customers either have not looked at their organization-wide disaster recovery plans for years, or they don’t have one at all. It’s sort of like that old joke we used to make, that people only thought about backing up their data after their hard disk crashed.
IT Business Continuity
The exception to this, surprisingly, is IT disaster recovery planning. The industry has spent a lot of time on this, particularly because of the plummeting costs for data transmission, processing and storage. Most software-as-a-service is hosted on platforms with near-real-time – or real time – data replication. The same is true of cloud infrastructure and platform vendors like Azure and AWS.
Backup is still an issue, because replication also replicates deletions, when you may want a record that doesn’t change. But this, too, can be addressed with additional cloud-based solutions. Local backup is becoming a legacy issue.
As a result, IT business continuity and disaster recovery planning has largely been reduced to a technical issue. It still requires expertise, but you don’t have to be a diplomat.
The Bigger Picture
The organizational plans, however, still don’t get much attention. I suspect there are several reasons for this. First, it’s a vitamin, not a painkiller. Activities that you ought to do often take back seat to things you must do right now. Second, it mostly involves people and planning, both of which can be tedious. You can’t just buy a disaster recovery plan; you must customize it, at least.
Fortunately, it’s not as hard as it sounds. Over the years, several organizations have developed guides to how their stakeholders can do disaster planning. Read a few of these, and you’re well on your way to developing a plan.
Here’s a list of the topics I developed over the years from reading these guides. As you will see, technology is only a part of it.
- Definition of Mission-essential Functions
- The Incident Response Committee
- Delegations of Authority
- Emergency Communications
- Vital Documents and Databases
- Personnel Issues and Coordination
- Ongoing Funding, Payroll and Obligations
- Facility Preparation
- Alternative Workplaces/Working from Home
- Training and Testing
- Event-related Community and Grantee Service
Here are the three guides I like the best.
Good luck. Remember, the journey of a thousand miles begins with but a single step, and it’s better to take it before the walls fall in.