Business Continuity, Backup and Disaster Recovery Plan - Research Paper Example

? Contents Business continuity, Backup and Disaster Recovery Plan Analysis 2 Solution design 3 Implementation 4 Testing and Acceptance 5 Maintenance 5 Back-Up 6 Disaster Recovery 8 Conclusion 10 References 12 Business continuity, Backup and Disaster Recovery Plan Disasters are bound to happen. Whether natural disasters such as hurricanes, terrorism, workplace violence, corporate malfeasance, suicide and faulty products, all these crisis are unique. Therefore, it calls for intelligent future planning by business managers. This explains the necessity for a business continuity, backup and disaster recovery plan. The purpose of this research paper is to define what this plan is, analyze its components and effectively see its overall success and limitations. Business Continuity is a planning process that provides a framework to ensure survival of a business at any presenting risk. It insures the future of the business with respect to key customers, business reputation and suppliers. (Bell. J., June 2000). The components of the business continuity life cycle include; Analysis, Solution design, Implementation, Testing & acceptance and Maintenance. Business continuity plans need to be clear and concise. They should clarify all the protocol and procedures to be followed in the event of a disaster. It should be part and parcel of any business. (Harney, J., 2004). We will consider the above five steps in coming up with an effective business continuity plan. Analysis Here, we formulate a list of potential vulnerabilities within the business. That is, whether risk pose within the resource department, or systems, processes, or suppliers. Therefore, it implies a consideration of each department separately. We analyze the overall performance of each department with regards to its input in the business. Sample questions that help us at this stage are; finding out the equipment in use at the department, the roles of each personnel, the period a department will be un-operational on the event of a disaster among other useful questions. The idea is to collect enough information. This information will prove critical in defining an effective strategy. The purpose of this phase is to determine the risks. The risks can present as business-driven risks, data-driven risks, and event driven risks. Business-driven risks include application outages, or surplus from marketing demand-generation campaigns. They may cause business-wide ramifications that result in breaches in compliance, governance, availability, security and performance. (IBM Global, June 2011). If left unattended, they may cause concern to the top management and stakeholders. Data-driven risks focus on a wide range of factors such as disk failure, corruption, viruses or exponential data growth. This impacts negatively on the business. Event-driven risks disrupt the company’s personnel, processes, applications and infrastructure. They present as power outages, natural disasters, pandemics, fires, and thefts. (IBM Global, June 2011) Solution design Once we have identified potential risks after a rigorous analytical method. Then we strategize on the solution design process. (Dimattia, S., November 15, 2000). We customize the solution to the risks. A robust resilience solution for business-driven risks goes beyond simply restoring the business IT infrastructure, to keeping the business continuously operating and easing management of compliance with industry regulations. It calls for the provision of virtually anytime, anywhere accessibility to approved users. To protect against data-driven risks, the business solution will focus on a delivery of an efficient backup and quick retrieval of critical data and information. It requires an indexing method with efficient search capabilities. The data also needs to be managed continuously and kept safe from viruses, thefts and other forms of loss. To mitigate the Event-driven risks, the business must be able to distribute operations beyond the area of immediate impact. (IBM Global, June 2011). This implies business decentralization. This strategy can keep the critical resources such as networks, IT services and other facilities safe and available to meet the recovery objectives of the business. Implementation Once the business has designed a solution, it needs to see its implementation. This section outlines various key processes of the plan. It defines the roles and responsibilities of the recovery team and its coordinator. It outlines Incidents checklists for key Staff. With the recovery team created, it will oversee the implementation of various protocols. It will schedule days preferentially outside the business operating hours to perform issues such as data backup, Data synchronization, Employee Training and Communication planning and insurance. (Haag, Cummings, McCubbrey, Pinsonneult, and Donovan, 2004). It will verify that all the solutions for the various risks are in place as per the scheduled time. Testing and Acceptance Testing and rehearse of the plan is crucial. It presents with an opportunity to examine the arrangements and principles of the plan in a “safe” environments: Without risk to the business. We can use different levels of evaluation. These will vary with price and benefit. However, a planning life cycle should provide for periodic testing. We can evaluate the plan using a “what if” scenario. (Records Management Services, 2004). New data can be added as the scenario unfolds. This is a table top exercise. We can do a communications test. We send a test message to every staff. We carry out an audit to evaluate the level of message dissemination. A full rehearse will show how well different elements of the plan work together. It is the ultimate testing model though is extremely expensive to perform. TESTING PLAN COSTS VALUE Table Top Exercise Moderately inexpensive Moderately efficient Communications Test Cheap Less efficient Full rehearse Expensive Very efficient Maintenance The final phase of the plan is maintenance. It oversees the continuous application of the plan. It continuously monitors the risks and updates the business whether the plan is outdated or still valid. The business can make continuous update to the plan at this stage. In maintenance, we do schedules, triggers, and assignments for the periodic review of the business continuity. It outlines details of corrective action program to address deficiencies within the plan. After looking at the business continuity plan, we will focus on some areas. These are the Backup and Disaster Recovery Plan Back-Up So what is back-up? It is a subset of the business continuity plan that focuses on archiving of enterprise data. It can be done on several places, and so distributing the risks. As we saw earlier, it comes in play especially in Data-driven risks. We will consider the types of Backups, and the types of Backup sites. Backup types include the following; Full Backups, Partial Backups, Incremental Backups and Differential backups. (Tandberg Data Corporation, 2002). A full backup houses copies of all the files on the system, the software files and the data file. We do it on a weekly, bi-weekly or monthly basis. With this backup, we can restore the entire system should a disaster erase all files. A partial backup copies all files added or changes since the last backup. The types of partial backups are; incremental and differential. The table below shows a summary; Backup Type Files Copied Incremental Files added or changed since the last full or partial backup Differential Files added or changed since the last full backup. Incremental backups save in time and cost for regular backup. Differential backups save on the restore time and trouble in the event of a disaster. An ideal backup strategy combines full backups with incremental or differential backups. The situation in play determines the backup type we choose. We consider time and cost. The table below highlights the pros and cons of incremental versus differential backup strategies Backup type Advantages Disadvantages Incremental Faster backup time since only new files are added Reduced wear and tear in backup device Few devices needed. Slower restore rimes because there may be more than two backup devices for restoration Higher cost of downtime in a system disaster Differential Faster restore times since there are only two devices needed. Lower cost of downtime in a system disaster Slower backup process as more files are copied Increased wear on backup devices More devices needed. Back-Up sites can be categorized into three; Cold sites, Hot Sites and Warm Sites. (Haag, Cummings, McCubbrey, Pinsonneult, and Donovan, 2004). Cold Sites are inexpensive. They do not have copies of backup data. It usually takes time to start them. The hot sites are expensive. They back up all the time and has all copies of data. They are current. They take few hours to make them work. The warm sites lie between the two extremes. They have a backup on hand. The business will determine the backup site to use. If the business provides for no chance of operation time lapse in case of an event, meaning the business should be operating as quickly as possible after a disaster, then hot sites are the choice. Such a business is the banking industry where few hours of non-operation could mean enormous revenue loses. (Judith C. Hoffman, 2001). However, certain business can allow for an operational time lapse in case of a disaster. Such a business will efficiently use cold sites. An instance is a downtime in the website of an educational institution. The business budget for the backup sites will influence the choice of the backup site it will use. Small businesses rely on cold sites due to capital constraints. Large businesses can adequately manage hot sites. Disaster Recovery Disaster recovery consists of the planning and activities that enable an organization to return to an acceptable state of service after a sudden unplanned calamitous event, which cause damage. Calamities could take the form of natural or Man – made disasters. Natural disasters include; floods, hurricanes, tornadoes, earthquakes, tsunamis among others. (Trial by Tornado, March 2000). They are unpredictable, and we associate them with large loses. They are the worst disasters kinds for businesses. They should take the highest priority in the recovery plan. Man – made disasters include; material spills, infrastructure failure, bio-terrorism, environmental pollution, accidents among others. They are a sequel of actions of man. They could be direct or indirect. Their magnitude is less than most natural disasters. They are avoidable and preventable in most scenarios. In coming up with disaster recovery plans, we can consider the following areas of interest; the current Backup Processes, Traditional verses Bare Metal Backups, Offsite Storage, Cloud Based Backups, Bandwidth Considerations, Cloud Based Services, Print Media, Telecommunications, Documentation and testing. (Monaco F., 2001). The disaster control measures could take three main forms. We can apply preventive measures. This aims at preventing the occurrence of the disaster. If followed, they could save the company millions in revenue. They are suitable for Man-made disasters. There are ineffective in most cases to the natural disasters. Detective measures aim at discovering unwanted events prior to them happening. They are effective for natural disasters. These measures detect hurricanes, tornadoes, earthquakes earlier and so help the business plan fast. Unlike preventive measures, these measures do not provide protection to the event, but rather inform the business in advance. Meaning the tragedy still takes place. A good detective system could save the business a lot. It can facilitate rapid transfer of valuable business assets prior to the event. They are best for natural disasters. Corrective measures focus on restoration of the business after a disaster. They focus on bringing the business back to running. These measures are ineffective with regards to saving the businesses from towering loses prior to a disaster. However, they save the business from further loses after the disaster. A good restoration plan should show no signs that a disaster hit the business. A well rounded business should focus on having all three control measures. Preventive measures will protect the business from a disaster. Detective measures will notify the company prior to a disaster and so save it. Corrective measures will bring the business back to operations as fast as possible. In most instances, it may not be feasible to have all the three measures in place. Should a business be forced to choose, then its main objectives will guide it. That is if the business cannot afford to have a disaster on its ways, then it will opt for preventive measures. Such is the case for hospital settings. If a business can survive provided it gets advance notification, then detective measures can be in place. Most business fall under this place. Finally, should a business need a fast restoration plan, then corrective measures should be in place. Conclusion Business continuity plan is a prerequisite for all businesses. The trend is to prevent what is preventable, detect what is detectable and correct what is restorable. A good plan defines all the cycles of the continuity. We know the risks businesses face regarding data loss. We can take actions to minimize these risks. The time it can take to recover from a massive data loss can range from hours to literally years or never. It all depends on the solutions’ type and disaster recovery policies and procedures a business has in place. The key point to remember in regard to disaster recovery is that there is a significant cost associated with doing nothing. It is good to take action and reap the benefits of continuous operation of the business. Shrewd business managers should invest in a business continuity, backup and disaster recovery plan. References Judith C. Hoffman. Keeping Cool on the Hot Seat – Dealing Effectively with the media in Times of Crisis. Highland Mills, N.Y.: Four C’s Pub. Co. (2001). NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs – 2010 Edition. (2009). Trial by Tornado: One records facility’s response to a devastating tornado demonstrates the necessity of a solid disaster recovery plan. Infopro, Volume 2, Number 1 page 37 – 39. (March 2000). Monaco, Frank L.; IT Disaster recovery Near the World Trade Center, EDUCAUSE Quarterly, Volume 4, (2001), pp. 4-7. Records Management Services. Vital Records: How Do You Protect and Store Vital Records? Retrieved from the UW Records Management Website. (2004, July 15). Haag, Cummings, McCubbrey, Pinsonneult, and Donovan. Information Management Systems, For the Information Age. McGraw-Hill Ryerson. (2004). Tandberg Data Corporation. SMB Guide to Backup Best Practices: Data protection strategies for the small to medium size business. (2011). Dimattia, S. Planning for Continuity. Library Journal, 32-34. (November 15, 2000). Harney, J. Business continuity and Disaster recovery: Back up or Shut down. (2004). Bell. J. “Disaster Survival Planning: A Practical Guide for Businesses”. (June 2000). Read More