Business Continuity and Disaster Recovery
As most IT professionals know, Business Continuity and Disaster Recovery are not the same thing. Moreover, Business Continuity and Disaster Recovery are not the exclusive domain of IT, either in the scope of importance to the ongoing operations or the resilience of a Business Enterprise as a whole.
Indeed, it is the Business Enterprise that identifies and prioritizes those critical processes and functions that drive the scope and priority of systems – both automated and manual – for restoration and Business Continuity during a Disaster Recovery event.
Business Continuity and Disaster Recovery Planning should not be myopically ignored as suggested by those who would portend “people will have more important things to worry about in the event of an earthquake than whether or not some database or system is up”. To the extent that this may be true from a Maslow’s Hierarch of Needs perspective – it is certainly shortsighted to suggest that only earthquakes would be the cause of “events which impact the normal and optimal operations of a business enterprise.”
While Business Continuity focuses on the plans, priorities and procedures for maintaining business operations, despite unplanned interruptions; Disaster Recovery addresses the resources – people, communications, equipment and processes both technological and non-technological, required to bring the business back to Operational Effectiveness. (note: we did not say “Normal Operations”.)
Across the enterprise the role of the Business Units is to define which processes, in the context of their relative priority, are essential for restoration to operational effectiveness. A Business Impact Analysis (BIA) is the delivery vehicle for these facts and is essential as the foundation of any Business Continuity Plan intending to be credible and effective.
There are various methods for developing the BIA; but it is essential to adopt a methodology with clear deliverables. In collaboration with IT, the business units often develop a matrix of business processes while IT identifies the automated systems that support those processes. As IT performs a deep-dive on the physical location and other characteristics of the automated systems collecting integration details, current backup and recovery processes and a host of other details, the business units must make some critical policy decisions.
How long can the business “reasonably” afford to be down – or severely impacted? That is, what is the Recovery Time Objective (RTO). How much data can the business “reasonably” afford to lose? That is, what is the Recovery Point Objective (RPO). Given the overall business RTO and RPO policy objectives – what is the Mean Time To Recovery (MTTR) that must be achieved by each of the processes slated for restoration in order to achieve the stated Recovery Objectives?
Naturally, the business units will assert that they must be up and available at all times and have no data loss. This natural response persists until they see the cost of restoration in context – which the following graphic attempts to convey.
The challenge for IT is to clarify, for the business enterprise, that not all processes have the same priority for restoration to operational effectiveness. There is no need for the same backup method for all process because they don’t all have the same data restoration requirements.
Fortunately, there are numerous backup and recovery techniques and technologies at the disposal of IT to manage costs and efficiencies while maintaining reliability in data restoration.
Load Balancers, Snapshot Replication, Multi-Node Clusters, Global Traffic Managers and a host of other sophisticated technologies can be integrated to provide a robust environment that meets the High Availability and Disaster Recovery Requirements of even the most demanding enterprise.
There are substantial intrinsic values for C-Level Management in embarking on a Business Continuity and Disaster Recovery effort, aside from the obvious ones. Discerning which processes, systems and activities are of critical importance in the event of a disaster can be enlightening.
Armed with a prioritized assessment of what operational processes are truly important to the business in the context of their interdependencies – executive management has a more effective insights for making informed decisions in response to requests to upgrade a system or application. There is greater clarity for where to cut costs and where to invest for greater return.
Contact Intersect Consulting to discuss how we can help in partner or provide guidance in the development of your Business Impact Analysis (BIA), establish Recovery Time Objective (RTO), Recovery Point Objective (RPO) policies for your organization’s Roadmap to Resilience™ for Business Continuity and Disaster Recovery.