Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
November 13, 2007
2 Min Read
"A disaster is an event big enough to cause your IT services to be unavailable but small enough that restoring them is important."
"You can't plan for any particular disaster. The one that gets you will be the one you didn't plan for."
Those are the words of Howard Marks, chief scientist of Networks Are Our Lives Inc. and a past contributor to sister bMighty.com publication Network Computing, at last month's Interop New York. I was so impressed with Marks' presentation titled "Disaster Recovery For The Small and Medium Enterprise" that I decided to interview him on video and lay out a list of his nine (plus) key steps for all to see. VIEW VIDEO: Interview With Howard Marks: 9+ Steps to Disaster-Recovery Planning Step 1. Take Inventory of Assets
What are you trying to protect? Most smaller companies have no idea what they have to protect, including applications, telephony/fax, phone numbers, support for IM, and other "unofficial" apps that you claim you don't support. Don't forget outside, outsourced apps as well. You need to assemble everything you'll need, including installation media, serial numbers, key codes, etc. Then you have to rank it all as Critical, Vital, Sensitive, Nice To Have, or Should Be Dead Already and attach recovery time objectives (RTO) and data loss objectives (DLO) to each one. This is a big deal; you can't do it in a few days. The security of your business assets is on the line. Step 2. Assess Risk
What does losing this asset really mean? What is the cost of not having it for the short term? Typically, this is the cost of downtime, in dollars per hour of lost revenue. But it's a little more complicated than that. You need to include PR and customer relations costs, for example, and data reconstruction costs. Some data might not be recoverable; what does that cost? And remember, it's not a straight line. The first minute of loss has a negligible cost. But at 3 months, you're out of business. Step 3. Assign Roles
This is pretty straightforward: Who does what. Be explicit. "Multiple people being responsible means nobody is responsible," says Marks. "Individual people get assigned to individual roles so they can be held responsible."
You May Also Like