Be Prepared for I.T. Disasters
July 1, 2008
By Pasquale Saccomanno, ISL Engineering & Vito Mangialardi, MTS Allstream
Like most organizations, ISL Engineering and Land Services (ISL) of Edmonton relies heavily upon information technology and the use of electronic data. For this reason, it took action to protect again...
Like most organizations, ISL Engineering and Land Services (ISL) of Edmonton relies heavily upon information technology and the use of electronic data. For this reason, it took action to protect against the potential of IT failures and loss of data. The aim was to ensure that in such an event, the company could recover quickly and not risk its relationship with clients.
A company can lose its IT infrastructure and suffer an interruption of business due to many causes, including:
• hardware/platform failure
• fire, smoke or water damage
• power outages
• employee theft or fraud
• man-made disasters such as sabotage, terrorism, hacking or viruses
• natural disasters such as earthquakes, flooding or hurricanes.
Some may argue that such disasters occur so rarely, they do not justify businesses spending the time and finances to prepare a disaster recovery plan (DRP) and business continuity plan (BCP). This, however, is a myopic and dangerous frame of thought.
In 2007, ISL undertook to develop a formalized IT disaster recovery plan. To assist with this plan, ISL retained MTS Allstream’s Professional Services Delivery Division. The division includes individuals certified by the Disaster Recovery Institute Canada as Business Continuity Planning Professionals.
To address preservation and continued operation of the company’s IT infrastructure, the plan provided for:
• the protection and security of data
• reducing event response and recovery time
• improving organizational support and resilience
• reducing risk and exposure to loss
• creating value that is recognized by all stakeholders. The project was executed over two months, and had three key components:
1. A Business Impact Assessment. This not only established the business recovery time objective, but also identified critical business processes with related internal and external interdependencies.
2. Site Risk Assessment. This identified the risks that pose the greatest threat to the company’s business assets and operations. It also provided a technology-based review of the IT infrastructure to determine its capability and robustness.
3. Recovery Procedures and Documentation. These define the resources, actions, tasks and data required to manage the business and recover the IT systems in the event of an interruption.
It is important to note that in order for an IT disaster recover plan and business continuity plan to be successful, they must be manageable, adaptable and realistic.
To ensure the continuity of IT operations, organizations should assess five key IT infrastructure components: facilities, hardware, network, data and IT departmental resources.
When crisis strikes, hardware and networks can usually be quickly replaced, and facilities can be relocated. Corporate data, on the other hand, may require extra consideration.
Justifying the plan
Justifying the investment in IT disaster recovery programs involves more than identifying consequences if the company fails to act. Senior management needs to be given a business case that clearly outlines the costs and benefits of disaster recovery planning in terms that are relevant to the financial performance of the organization. In terms of benefits, a formalized plan pays positive dividends not only towards the survival of the business, but also towards building employee and customer confidence.
Business and IT recovery planning and preparedness is a day-to-day practice and must be the responsibility of a business unit that is ready to execute such a plan. It requires the appropriate investment of resources, including time and finances.
Given the current world conditions and volatile economic environment, organizations today can’t afford not to have strategies to protect their data and business continuity as part of their overall disaster recovery plans.
The impacts of data loss can be far-reaching and can result in the loss of real dollars, client dissatisfaction, shareholder insecurities and an overall negative corporate image. The Gartner Group, which is the world’s leading informa- tion technology research and advisory company, estimates that two out of five companies that experience a large scale disaster will likely be out of business within five years.
Pasquale Saccomanno is a senior IT manager with ISL Engineering and Land Services of Edmonton, www.islengineering.com. Vito Mangialardi, CBCP, PMP is a senior manager responsible for the corporate emergency planning, response and recovery operations for Canada at MTS Allstream, www.mtsallstream.com