Taking a ‘fire drill’ approach to business continuity

While most Canadian companies recognize and understand the importance of proper business continuity and IT disaster recovery strategy, a lot of enterprises aren’t adequately prepared for a computer systems failure, according to one data and storage management firm.

Seven Group Data Management Company Inc. (Seven Group), based in Burnaby, B.C., offers companies a proactive approach to business continuity known as an “IT Fire Drill.” Anthony Brown, managing director of business development for Seven Group said the IT fire drill creates a test environment that allows companies to create a set of plans and procedures to protect corporate and financial data.

According to Seven Group, the IT fire drill consists of: risk identification; identifying the “single point of failure” in a particular IT system; projecting the impact of prolonged IT system downtime; and testing of the business continuity and disaster recovery plan. The test is usually done on-site and during off-peak hours, Brown said. Based on what the organization wants to test, the Seven Group does this by selecting an “unexpected event” — a power outage, for example — and use defined metrics to determine the usefulness of an organization’s plan, Brown said. Most companies see business continuity and disaster recovery much the same way they view traditional insurance — something that’s paid for and forgotten about until needed, he said.

But most organizations haven’t put the correct countermeasures in place that weigh the risks associated with the loss of valuable data. And even if a business continuity plan is in place, Brown said, if it hasn’t been tested with it’s almost as bad a having no plan at all. “In an emergency situation, the last thing you want to have happen is the IT staff starts scrambling through this plan that they’ve never even tried before,” Brown said. “There are no metrics in which to measure IT success and IT doesn’t have the experience to enact the plan that’s been put in place.”

Companies that brave the waters without an adequate disaster recovery plan should ask themselves, Brown said, the amount of enterprise data that they are willing to lose and also how long it can run manual processes when the automated processes are offline. The costs associated with the downtime of an enterprise’s IT system can be up in the millions per hour, he said.

Brown concedes that tests such as the IT fire drill is an invasive type of activity, one that the average enterprise, outside of the IT department, might not see the value in. Also, there’s a cost involved in running tests.

But until the plan has actually been tested, enterprises won’t fully appreciate its value and effectiveness, Brown offered. A business continuity and disaster recovery plan is essentially a “living document” and should always be kept up to date, Brown said. “Every time there’s a new application added, every time there’s a change to the network…that should be built into the plan.”

QuickLink 053693

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now