Pages

Thursday, April 25, 2013

10. DCP / DRP / BRP / BCP

All of the acronyms around Disaster Planning are TLAs (Three Letter Acronyms)!  Some of them are:
  • DCP - Disaster Contingency Planning
  • DRP - Disaster Recovery Planning
  • BRP - Business Recovery Planning
  • BCP - Business Continuity Planning
Regardless of what you call it, at most companies it does not get enough attention - especially from the business.  In most companies IT has been doing some version of this for years.  If they weren't before SOX, they probably had to then.  

From a technology perspective, the approach has often gone through the following phases:
  • Back up systems to tape nightly and store the tapes off-site.
  • Have a contract with a recovery location provider and test at least annually.
  • Have a back-up data center - either at another of your own locations or at a service provider.
  • Early back-up sites were updated on a regular but not real time basis.
  • Newer sites were mirrored using one or more of a variety of hardware and software tools and some sites were kept synchronized real time.
Obviously business requirements need to drive the solution.  A brokerage company or bank probably has a need for higher uptime than a smaller manufacturing company.  The real question is - how long can the business afford to be down.

While there are many other technical issues such as:
  • Obtaining emergency SW License keys.
  • Having all your recovery information accessible when your data center is down and building access is impossible.
  • Telecommunication connections - to other facilities, to employees, and to customers and vendors.
They are all solvable.  More difficult at many companies is getting the business to step up to the plate to address all of the business issues such as:
  • Where will people sit?
  • What computers will they use (unless everyone has laptops they always take home and no one has a desk top)
  • How to communicate with everyone.
  • Are all forms and printers available?
  • Are there manual files you need access to that should be electronic?
  • Is a Corporate seal available?  Critical for certain types of businesses with many government contracts and bonds.
I think one of the reasons it is difficult to get the business actively involved is that often there is no clear business owner other than IT.  

While cloud solutions may help IT from the technology perspective, the business risks remain.  Moreover you need to have confidence that your provider's possible down time in case they have a disaster is acceptable to you.

Basically all of this is insurance.  Just like you have auto insurance that you hope to never need, you need a viable and tested BCP that you hope to never need.
Posted by at

No comments:

Post a Comment

Insightful comments are always welcome whether in agreement or disagreement.

Subscribe to: Post Comments (Atom)