Is Your Disaster Recovery Plan Up to Date?

Ensure Continuity with a Business Impact Analysis

Kevin O'Connor

It doesn’t take a rocket scientist to see that IT is now the lifeblood of most companies. Yet it’s alarming how many IT shops still don’t have a handle on disaster recovery, let alone have a clear picture of just how much downtime and data recovery risk their organizations can afford. Read on to discover just how important a comprehensive disaster recovery plan is to your organization.

Myriad industry reports paint downtime as a major problem that’s nearly impossible to ignore. In a recent IDC report exploring the cost of downtime for Fortune 1000 companies, unplanned application downtime costs were pegged at between $1.25 billion to $2.5 billion every year. Infrastructure failures, on average, were estimated to cost large enterprises about $100,000 an hour, while critical application failures had a far greater impact – to the tune of between $500,000 and $1 million per hour. As if those numbers aren’t enough to make IT and security professionals sweat, there’s more: 35% of respondents to the survey said it generally takes up to 12 hours to rectify an outage with double-digit percentages often spending days fixing a problem.

Those are the ramifications for the industry at large, but what about in your own company? Firms that haven’t approached business continuity planning seriously or conversely, and have gone at the problem with guesswork as a guide, should take a step back and perform a formal business impact analysis (BIA) before initiating any formal program. A BIA is a systematic information gathering process to help organizations identify their essential functions and processes (everything from applications, data, and networks), determine the exact organizational impact in the event of an unplanned interruption, and set recovery priorities mapped with specific recovery strategies. One fallacy of many organizations’ DR plans is that the same approach must be used for every application or workload, when in reality several should be considered and can be applied to best meet business requirements.

With that in mind, here are four tips DR experts recommend to ensure a BIA hits the mark:

Recruit the right BIA participants. An effective BIA is all about collecting the right information and to do that, you need to canvass the right people. Aim for balance, interviewing both executives, who have insight into organizational priorities, in addition to employees who are more familiar with the day-to-day machinations of department activities.

Set goals and enlist senior management support. While the BIA team will lead the charge prioritizing project goals and setting scope, it’s also crucial to have senior management on board. As with most enterprise IT initiatives, having a high-level executive sponsor will underscore the importance of the BIA effort and set the tone for making business continuity and disaster recovery a priority, including getting full cooperation from business users and advocating for investments that stem from the effort.

Think business interruption, not application downtime. Too much emphasis can be placed a specific application going down, when the focus really needs to be on what happens if a particular business function can’t be performed. Remember, the application is the enabler to the business function – not the other way around. This is the most critical mindset shift that must be instilled to the BIA team before they embark on the initiative.

Go beyond the financial impact. It goes without saying that determining the costs associated with various disruptions scenarios is central to a well-crafted BIA. But IT champions shouldn’t stop there – there are other impacts that are important to measure, including effect on reputation, as well as the customer and employee experience.

No matter how extensive, a disaster recovery plan is questionable if you don’t know the real risks. A well-done BIA eliminates the guesswork and defines the landscape for a business continuity plan that will deliver.