Introduction
A disaster is a sudden catastrophic event that occurs and hinders the normal operation of a business or organization such as efficient processing of information technology systems that support business functions. Many organizations and businesses invest a lot of resources towards various infrastructures to ensure they remain afloat in their businesses but forget to plan against any form of unforeseen circumstances such as disasters which are a threat to business continuity.
Disaster recovery planning is the procedure and policies set aside by a given organization to ensure their continuity and recovery from a natural or human-caused disaster. Disaster recovery planning mainly focuses on information and technology systems that support various business functions. Many businesses have integrated information technology systems in most of their business functions, but lack better mechanisms to prevent these information technology business functions from stalling and restarting in case of any form of disaster (Bradbury, 2008).
Elements to consider in disaster recovery planning
For efficient planning and process of information technology disaster recovery, there must exist a set of defined rules and processes which should be followed in case of a disaster. The defined rules ensure that critical business processes continue to function after a disaster which may affect the information systems and telecommunication equipment of a business. There are critical elements that should be considered and incorporated by any business or organization for practical disaster recovery planning. These elements include the establishment of a planning group in an organization, performing of risk assessments and audits to ensure they are in function, the establishment of priorities for applications and networks, development of reliable recovery strategies, preparation of inventory and documentation of the disaster recovery plan, development of verification criteria and procedures and finally the implementation of the actual disaster discovery plan.
Establishment of a planning group
Businesses and organizations should identify and involve key people in disaster recovery planning. These people should form a team that understands all the processes of business functions and core information technology systems that support the business. The planning team set aside should look into all the key structures needed in order to introduce a reliable disaster recovery plan.
Risk assessments and audits
Disaster recovery planning group should do a risk assessment and analysis in the business so as to identify the most eminent potential disasters in an organization. The analysis should focus on major business operations and how they can be affected by the disasters established.
Establishment of priorities for applications and networks
The identified disasters which are likely to affect information technology business operations should be prioritized and reliable ways of recovery from such disasters should be established. An example would be, keeping updated inventory records and locations of data centers and establishing a reliable manual system in case of systems breakdown (Trim, 2005).
Development of reliable recovery strategies
The disaster recovery plan should also involve recovery strategies that a business should adopt to recover from a disaster. According to Trim, (2005), an information technology disaster recovery plan should involve major business technological operations and recovery possibilities in case of a disaster. Trim, (2005) gives an example where employees can be a major threat to business information systems. Security and necessary measures should be put in place to recover from such disasters which are inflicted by employees. The risk posed to the information systems by such employees should be evaluated to a level acceptable by the management and consequences of their actions to the business operations.
Development of verification criteria and procedures
A verification process should be created after a draft of the plan has been created so as to prove disaster recovery strategies evaluated. The verification process should be documented and should involve real-life experience disasters where each disaster recovery should follow specific rules.
Implementation
Disaster recovery implementation is the most crucial element towards the actual recovery of a business from a disaster. Implementation should look at the members of the business or organization to be involved, their roles towards the implementation process and how the laid down plan is to be implemented. Information technology disaster recovery implementation should involve critical members of an organization and proper mechanisms to recover from a disaster should be established. The implementing team should hold round table discussions and scenario training with the approval of the top business management so as to give the entire process the necessary support.
According to Dhillon, (2007), information technology disaster recovery planning should address both the technical and human systems security features. Businesses should equip their disaster recovery plans with the latest form of technology. These include the use of intelligent information technology devices such as computers, central servers and other technological equipment which can enable businesses to recover from disasters. Better information technology infrastructures ensure quick restoration of Information technology services in a business after a disaster.
As noted by Bradbury, (2008) Information technology disasters can range from simply deletion of an important file in an organization to major natural catastrophic disasters such as earthquakes to hurricanes that destroy data center buildings. Businesses should establish technological mechanisms which can detect and give early warnings before a disaster strikes. There should be efficient formal channels of communication to alert the entire business community in case of an emergency. Training of other members of an organization and equipping them with the necessary precaution measures in case of a disaster should be encouraged to facilitate quick disaster recovery in a business organization.
To facilitate efficient disaster recovery, all information technology services in a business should be categorized and ways of reactivating them back to operation in their order of urgency after a disaster. There should also be alternative facilities to switch over core business functions during the disaster recovery period. Data backup procedures should be enhanced as they ensure business data is not lost in case technological hardware equipment is destroyed by disasters. These should involve backing up configuration files, software, system support files and copies of data. Businesses should also ensure off-site storage of data and software to enhance portability as offsite data centers become handy during disaster recovery.
Information technology disaster recovery should be part of business continuity which should be imparted to all members of the business community and members should be equipped with the testing procedures of the information technology disaster recovery plan. According to Hiatt, (2006), the business community should be aware of the scope which should be covered by the disaster recovery plan and an identification of the recovery area.
Conclusion
Out of all the elements of information technology disaster recovery planning, the business community should dwell most on the development of reliable recovery strategies as this element lay down all the required procedures which are required to restore core business functions after a disaster. Recovery strategies should also cover non-critical business functions which do not need to catch up when the information technology business functions are restored after a disaster (Hiatt, 2006).
References
Bradbury, C. (2008). DISASTER! Creating and testing an effective Recovery Plan. The British Journal of Administrative Management, 14.
Dhillon, G. (2007). Principles of Information Systems Security: John Wiley & Sons, Inc.
Hiatt, C.J. (2006). A primer for disaster recovery planning in an IT environment. Idea Group Inc (IGI): London.
Trim, P. R. J. (2005). Managing computer security issues: preventing and limiting future threats and disasters. Disaster Prevention and Management, 14(4), 493.