A sound disaster recovery/business continuity plan is essential to protect the well being of an organization. by M. D. Agrawal

There are some things that people wakeup to only after experiencing the consequences that result from not being earnest. More specifically, I'm referring to Disasters and Backups. Most IT Heads are quite content and almost complacent until disaster strikes. Then they take extra pains to avoid future disasters. But you don't have to wait so long to get your act together. Just pull your network together and bind it with a carefully planned disaster recovery and backup policy.

A survey conducted in 1994 by the University of Texas, Center for Research on Information Systems, revealed some disturbing facts. The survey reports that, out of all companies that lose their data in a disaster, 90 percent are out of business within two years, and nearly 50 percent never reopen their doors at all after the disaster. Although these findings were unearthed six years ago, I can bet my last rupee that the figures haven't changed much ever since.

CONTINUITY AND RECOVERY POLICY

It is now an accepted fact that business continuity planning and disaster recovery planning are imperative. The creation and maintenance of a sound business continuity and disaster recovery plan involves a series of steps.

Before creating the plan, it is essential to consider the potential impact of disaster and to understand the underlying risks. These are the foundations upon which a sound business continuity plan or disaster recovery plan should be built. Once the plan is created, it must be maintained, tested and audited to ensure that it remains appropriate to the needs of the organization.

It would help to consider the potential impacts of each type of disaster or event. Having determined this you can consider the magnitude of the risks, which could result from these impacts.

Disaster recovery policies define an organization's approach to contingency and disaster recovery. They determine the fundamental practices and culture followed throughout the enterprise. They are usually linked closely with information security policies, and address basic defense requirements to ensure the stability and continuity of the organization. It is essential therefore that they exist, that they are comprehensive, and up-to-date.

LEARNING

We can perhaps learn a lot from organizations like GE and Citibank in India. These companies have created continuity plans for systems and businesses. In the event of a technical crisis—like a WAN link breaking down or data center servers collapsing—the systems do not stop. In an economic crisis the business is also not affected to that extent. This is because the companies have looked at backup and disaster planning not only in terms of technology, but also in areas like manpower planning and business policies.

These companies have broken the plans down in segments. Each segment clearly states the business requirement, how the business will be serviced, system requirements, and arrangements with outsourcing partners. The segmentation provides a clearer focus on individual activities.

A sound disaster recovery/business continuity plan is essential to protect the well being of an organization. But many enterprises side step the issue or hold plans which are clearly out of date or inadequate. Part of the reason for this is the complexity of the task. And it isn't made any simpler by vendors and consultants who offer services, but lack specialized knowledge.

DATA BACKUP

Taking regular, reliable data backup is a part of preventive maintenance and system care. No matter how well you treat your system, no matter how much care you take, you cannot guarantee that your data will be safe if it exists in only one place. The risks are much greater than most people realize. It is troubling when people lose large quantities of data because they have no backups. They get upset and talk about how important that data was.

There are many reasons why people neglect doing backups:

• They don't understand how important the data is, because they haven't encountered a disaster
• They don't know how to perform backups
• They forget to do backups because they don't have a routine for the function
• Performing the backup is a time-consuming and bothersome chore

It's about time enterprises break this mould and get cracking on solutions because data is always at a risk. There are many different risks to your data. A disk crash is just one of them.

Other problems that can cause permanent data loss are:

Memory errors: Many systems run without error detection or error correction on system memory. So there's a chance of a memory error corrupting the data on hard disk. This is rare, but it does happen.

System timing problems: Setting the timing for memory or cache access too aggressively, or using a hard disk interface transfer mode that is too fast for the system or device, can cause data loss. Often, this isn't realized until the damage is done.

Resource Conflicts: Conflicts resulting from peripherals that try to use the same interrupt requests, DMA (Direct Memory Access—a specialized circuitry or a dedicated microprocessor that transfers data from memory to memory without using the CPU) channels, and I/O addresses. This can corrupt data.

Power Loss: Losing power at the wrong time, like when you are doing sensitive work on your hard disk, can easily result in the loss of many files.

It is possible for data to be lost due to software bugs, or just poor software design. A program might have a problem where it crashes upon saving a file. Some software bugs may cause even more damage by causing the loss of files unrelated to them. Fortunately, this doesn't happen very often.

A total plan

'Disaster' is not a new word for an experienced IS Head. The disaster may be minor or major. It may just be a server that hangs, a WAN link that goes down, or an ERP server that collapses due to high traffic. Enterprises that plan solutions should have a vision of the total solution and not rely on a single entity upon which the entire solution rests. In case of failure, the services can suffer but it should not close down.

M. D. Agrawal is Chief Manager, IS Refinery System, Bharat Petroleum Corporation Ltd.