Archives || Search || About Us || Advertise || Feedback || Subscribe-
Issue of June 2005 

[an error occurred while processing this directive]

 Home > Cover Story
 Print Friendly Page ||  Email this story

Disaster Recovery

Avoiding disaster

The Infrastructure Strategies 2005 survey shows that barely a third of Indian enterprises have invested in Disaster Recovery. Companies should do more to thwart or at least mitigate disasters. by Soutiman Das Gupta

It is not enough to have DR solutions if you're not trained and ready to be up and running during a disaster

Only 32 percent of respondents have invested in Disaster Recovery (DR) solutions. Insufficient attention to DR processes is tantamount to courting catastrophe.

C Kajwadkar
Vice President, NSE.IT

"In terms of readiness in the event of a disaster, the figure (32 percent) will be much less than this. It is certainly not enough to simply have DR solutions if you're not trained and ready to be up and running during a disaster," says C Kajwadkar, Vice President, NSE.IT.

Executive Summary
Taking cognisance of disaster

It's important for enterprises to be serious about the possibility of disaster striking. They must put DRP practices in place. 32 percent of respondents that have deployed DR processes, have DRP teams. Many have warm sites and simulate disasters.

Power pill

Although many organisations have put DRP teams and procedures in place, their readiness levels are questionable. Few companies test and revise their DRP procedures.

On a positive note, investments in DR/Business Continuity (BC) are projected to rise by 10 percent in this fiscal. This is the only technology area where enterprises intend to spend more in 2005-06, as technology investments in all other areas are coming down.

Building DRP teams

Building a Disaster Recovery Planning (DRP) team is the first step in creating a well-defined DR practice. Among those who have invested in DR, half of them have DR planning (DRP) teams in place. It is a positive sign, showing that Indian enterprises are becoming serious about DR.

Epicenter, a large BPO service provider based in Mumbai has three operational facilities in Mumbai and an elaborate IT infrastructure.

Himanshu Vaish
Chief Technology Officer, Epicenter

Its Chief Technology Officer, Himanshu Vaish says, "We had created a BCP/DR team right from the time we commenced operations. The team has both operational and business heads."

Kajwadkar feels that a BCP/DRP team should have two layers. People in the lower layer should identify preventive measures, conduct health checks, ensure that the DR site is up and running, and ensure readiness of DR initiatives. In case of a disaster the team should spring into action and activate the DR site.

The upper layer will consist of senior executives. This layer will declare a state of disaster, sanction the activation of job functions from the DR site and approve necessary financial measures. They should also be able to manage the perceptions that a meltdown creates in the minds of the external stakeholders (investors, suppliers and shareholders).

Impact analysis

Survey highlights
  • Only 32 percent of the surveyed companies have invested in DR
  • Investments made by enterprises on DR/BC will rise by 10 percent
  • 65 percent of companies with DR/BC have business impact analysis mechanisms
  • Only 12 percent have a hot site in place
  • 76 percent of organisations with DR/BC in place simulate disaster scenarios

An important requirement to help an organisation put DR and BC systems in place is a Business Impact Analysis (BIA). Around 65 percent of companies that invested in DR have carried out a BIA. See graph: Incidents of impact analysis. Companies in the services vertical have been especially diligent in carrying out BIAs (89 percent).

It is imperative that more companies adopt a BIA analysis for effective DR/BC. For this the CIO has to adopt a BIA process that will identify the needs of the business for up-to-date data and availability (data recovery point objectives). This involves assessing and determining the financial and consequential aggregate loss exposures for each business unit caused by IT-related service interruptions (infrastructure, voice, data). "You can look at your processes and separate them into critical and non-critical areas. This can help look at the impact of business downtime and also gauge the extent of any penalties and legal implications," explained Vaish.

It is important to establish business-unit IT/infrastructure and services' recovery time objectives. Proper understanding of the underlying IT and business residual risks is required for this. At this point the CIO should concentrate on soliciting LOB (line of business) management's expectations and tolerance. This is essential to achieve IT risk acceptance in the business.

The next step is to determine existing IT risks and mitigate them, wherever possible, with cost-effective controls. Determination of DR life cycle costs (both ITO and LOB) and levels of ITO/LOB risk acceptance/tolerance also has to be performed. Funding of appropriate IT controls, DR contingencies, and recovery plans also have to be done. These should be based on the business exposures, IT recovery requirements, and costs versus exposures (financial, legal, regulatory, market).

Warm and hot sites

Out of the companies that have put a DRP team in place, only 12 percent have a hot site. See graph: Option in the event of disaster striking business.

A hot site is a backup site that's fully-equipped and ready to take over data processing operations at short notice. It contains fully configured equipment and communications links, and data is frequently replicated from a live site to a hot site.

Processes should be separated into critical and non-critical areas to gauge the impact of business downtime and legal implications

Hot sites provide very high DR protection, but they're expensive. That's probably why 64 percent of respondents have a warm site with dedicated or shared servers. A warm site typically contains data links and preconfigured equipment necessary to rapidly start operations, but it lacks live data. Commencing operations at a warm site will (at a minimum) require the restoration of current data from backups.

Picking a warm or hot site depends on factors such as business criticality and cost savings required. Many outsourcing service providers offer DR services at competitive rates, as a benefit for enterprises that do not want to save costs on equipment purchase and manpower.

Simulation and testing

Putting DR in place is one thing. Testing it to ensure that it works smoothly when it is needed is quite another. You should test critical restore procedures in a simulated environment with the participation of your end-users.

Putting DR in place is one thing. Testing it to ensure that it works smoothly when it is needed is quite another. You should test critical restore procedures in a simulated environment with the participation of your end-users. While backup is a mundane component of operations, restoration can be harrowing when archived data has to go back into production.

76 percent of companies with a DRP team, simulate disasters regularly. All companies in FMCG/retail, auto & auto components, and oil/power conduct simulations, and 90 percent of IT/ITeS companies do so as well.

69 percent of companies test and revise their DRP procedures, of these only 38 percent do so frequently. 22 percent never test or revise DRP.

The testing and revision of DRP procedures should ideally be done periodically. Companies that carry out these activities are bound to be more successful when the crunch comes.

NM recommends
  • More Indian enterprises should get serious about BC/DR planning
  • Investing in DR isn't enough. Companies should conduct drills and be prepared
  • A DRP team should have members from business functions and IT. It should ideally be headed by a executive from a business function
  • Impact analysis ensures better preparedness
  • Testing and revision of DRP processes should be done periodically

Soutiman Das Gupta can be reached at

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.