Disaster Recovery The People Dimension

1
Disaster RecoveryThe People Dimension
2
Todays Agenda

• Why bother with any Disaster Recovery/Business
  Continuity Planning?
• Importance of the People Factor
• Disaster Recovery Components and SMEs

3
Question?

• Who has any Disaster Recovery plans?
• What does it involve?
• Data
• Equipment
• Location
• People
• Whats the most
• important?

4
Why bother with Disaster Recovery?

• Reassurance (that if it happens youre ready!)
• Technology recovery alone is not sufficient
• Insurance policies starting to insist upon a
  robust proven plan
• Allows a more structured approach to spending and
  investment
• Approx 80 of businesss with no tested DR plan
  went bust post 9/11

5
Disaster Recovery Components

• DR plan should consist of instructions for
• Routine data backup.
• Data security
• Plan should contain checklists, reference
  documents and worksheets and recovery worksheets
• Plan should be designed so there is no need to
  read every word Simplicity!

People have to implement it!!
6
Importance of the People Factor

• Business Continuity Institute Study
• Good progress on technology recovery but need to
  train staff
• Many plans flawed due to emphasis on technology
• Problem particularly acute among small and medium
  sized companies
• 43 of SMEs do not have or test their Disaster
  Recovery plans (or train their staff on what to
  do in the event!!)

7
Importance of the People Factor

• IT Disaster Recovery itself is not enough!!
• Not just data backups
• Who keeps them and where?
• Need to have business processes and procedures
  written down so they can be duplicated
• Not just standby hardware
• What software does it need and where is it?
• At least some testing to see how people and
  processes interact with IT systems in a DR
  situation
• Not just a standby office/home office
• Are the appropriate links in place and tested.

People have to implement it!!
8
What should we all do?

• Understand and record our business processes.
• Know how they integrate with and rely on IT.
• Understand the real risks of something going
  wrong?
• What are the minimum actions and activities
  needed to keep the business going.

9
Why should you do it.

• The fundamentals
• IT vs. Business Processes
• Information vs. Business Continuity
• Survival vs. bankruptcy
• The risks
• Accepting risk may be appropriate where its
  elimination too costly
• Knowing your business enables spending only where
  needed
• Staff need to know what to do if it happens

People have to implement it!!
10
What you need to know

• Inventory and Minimum Acceptable Recovery
  Configuration Designed to show your entire
  hardware inventory and what inventory will be
  required in the event of a disaster
• Operating System/Application Matrix Lists all
  Operating Systems and applications running on the
  hardware
• Software List and Documentation Worksheet Lists
  software, records or documentation required to
  recover from disaster and who holds them
  (location)

11
What you need to know (cont)

• Server Recovery Worksheet One per server and
  gives all necessary information required to
  recover a server that is deemed necessary in MARC
  worksheet
• Internal and External Contacts/Location Report
  Lists all internal/external staff or
  organisations that could be required to recover
  from an IT disaster
• Personnel contact list (mobiles)
• IT Support company
• ISP (Internet Service Provider)
• Telecoms Co.
• Who is going to do what, where!!

People have to implement it!!
12
So you are Safe

• This check list is there for you now
• BUT..
• DO you have your data
• DO you have alternative IT facilities?
• HAVE a basic plan on what you will do in the
  various business/functional areas
• HAVE a means of communicating with
• Your staff
• Another location(s)
• Which takes us back to where we started !!

13
Conclusion?

• Perform at least a basic risk assessment of
  equipment and processes
• Ensure staff understand their role and procedures
  in case of a disaster
• At the very minimum produce planning worksheets
  for IT equipment and applications
• Test Disaster Recovery Plan (at least once!)

14
Thank You

• Any Questions?