A disaster has struck!
                 What are you waiting for?
                                     Pull out your DRP and implement it.

What you see above is a Disaster and the resultant is loss of revenue or profits!!!!!

Disaster, Disaster, Disaster……………….. How many times have we heard this word before? Not only in our day to day personal lives, but also in our professional lives. There was a time when one heard this word after the disaster had completed its job. In today's age of Information Technology, call it competitive information technology, the word disaster spells disaster only and should be read as "DISASTER".

Let me now get down to the topic of Disaster Recovery. In today's competitive world, where Information Technology plays such an important part in our lives and in every organisation's life, it is imperative that we need to know a lot about Disaster Recovery. Plans are important in order to safeguard the availability of data. Unfortunately, even the most planned organisations also go into the disaster loop and then realise that it is too late.

Could the Titanic disaster have been avoided or reduced if a proper planning and disaster recovery exercise had been put in place? Too late now, but there have been enough incidents after this, where it has been proved beyond doubt that Disaster Recovery could have saved the day and night, in some cases. I would think and recommend that every organisation, however big or small, no matter how many computers they have, needs to have a Disaster Recovery Plan in place. Even one PC is good enough reason for the organisation to have a Disaster Recovery Plan in place. If some of you are nodding your head, ask those who have gone through it and could do nothing but just sit and stare in disbelief.

There is a common myth that Disaster Recovery Plan is useful only for computer disasters. Absolutely not, Disaster recovery is an excellent way of ensuring that your business does not suffer and even in the event of a calamity, you are well protected.

The basic objective of a Disaster Recovery Plan (DRP) is to necessarily reduce the impact of disruptions on the company's operations. It is not enough to just have a Disaster Recovery Plan in place, it is important that we have a proper and systematic Disaster Recovery Plan in place which can be implemented. Having a document is no good if you cannot implement it at the time of an emergency. What is also worth mentioning at this place is the location of your DRP. Please have it in an approachable place where it is easily accessible.

The Mission of the Disaster Recovery Plan should be to safeguard the organisation's information, and to guarantee the continuity of essential Information System Services within a few hours or as the case maybe. This is the easiest part. In order to ensure effectiveness of this plan, the Information Systems Team has to ensure that they:

• Perform periodic reviews and update this plan in order to ensure its accuracy and also the completeness at all times. A plan, which is not updated, is not a plan at all
• Ensure that the company confidential information is properly maintained and managed
• Ensure continuity of business operations
  

It is the responsibility of every IS Manager to ensure that the above is adhered to at all times. A Disaster plan is always for "What if?"

Disaster Recovery includes the process of Managing, Maintaining, Securing and finally recovering the data that is essential to run every business. Backup operations and Actions of recovery are critical and are an integral part of the DRP.

It is very important to have the Disaster Management Team clearly defined with names, designations, telephone nos. etc. so that they can be contacted in case of an emergency. It is also imperative to identify the critical people who can take decisions. Obviously, it has to be a member of the Management team.

A copy of the DRP document must be given to each and every member of the Management Team and the user task force so that they understand it and know what to do in case of an emergency. I would go one step further and actually get all the people in a conference room or a training room and walk them through the entire DRP document, starting from the point of defining a disaster and explaining the importance of having such a document in place. It is best not to assume that everybody knows in such a case. Do not take any chances. This is very similar to having a fire drill and practising emergency evacuation measures. Furniture lost can come back or can be covered with Insurance, but once you lose data, no amount of insurance can help you. The only insurance for a disaster is your Disaster Recovery Plan. Based on my experience, here is what I recommend should be the plan of action for a DRP and this is what we followed to make it a successful action.

Recommended Plan of Action:

1. Put together a complete Disaster Recovery Plan
   
2. Run it through all the Information System Team members
   
3. Share the Draft with Management Team members
   
4. Receive feedback and incorporate it into the plan
   
5. Finalise the DRP and print it
   
6. Send a copy of the DRP under a covering note to all the management team members and the task force inviting them for a training session on DRP
   
7. Set out a clear agenda for the training. Split up the training into two parts. One for the entire organisation and another for the management team and task force members
   
8. After the session, have an open house/question & answer session 9. Make minutes of the meeting and share it with all concerned
   

This is the beginning in the entire process, and it is imperative to review this plan once very month or at least once every quarter for any changes, amendments that is necessary. (For e.g. If any new person has to be added or the phone nos. have to be changed). In fact, if there is a change that is needed immediately, then it is critical that it is put into action immediately and not wait for the review date. (e.g. Telephone nos.). The system administrator has to take charge of this process. It is also the duty of the task force and the management team members to ensure that they inform the Administrator or the IS Manager in case of any changes or corrections.

As a routine, there are certain responsibilities prior to disaster that need to be strictly adhered to:

• A current and updated copy of the Disaster Recovery Plan needs to be kept at a safe place and in the office
  
• The vital records should be kept in a safe and secure off-site storage area
  
• Application programs need to be periodically backed up and must be sent to an offsite place
  
• It is also important that the application restoration procedures be tested with appropriate members from the application team to ensure that the backed up data is in proper shape

Disaster Recovery Team

The DRP management team members should comprise of people from the management team of the company and the Team members should comprise of people from the Information Systems department and Administration department.

The objectives:

• To ensure that critical services are restored as they are required
  
• To provide necessary communication facilities and other services during the period of recovery
  
• To co-ordinate the implementation of manual procedures during the recovery period

IS Team for DRP

In addition, an IS team should also be formed. This team should comprise of people who are application specialists and network specialists. For e.g. if the company is running a payroll application, then the IS personnel supporting this application should be on this team. If the company is running an E-mail system, then the IS person supporting this E-mail system should be on this team.

Objectives:

• To make sure that all the information required for the recovery of critical functions is safe and easily retrieved
  
• To assess the extent of the damage and identify what can be salvaged
  
• To ensure that the critical application processing can be resumed in the required time frame, in order to facilitate the business continuity process
  
• To co-ordinate contacts with computer vendors
  
• To ensure that all the software that is required for the recovery process is functioning properly
  
• To restore all the necessary critical applications without loss of data
  

It is very important to define responsibilities of each of the team members, whether they are management team members, IS team members or User Team members. The responsibilities of each of these members are different from a business point of view. Although the ultimate goal is to ensure business continuity, it is very important that each one of the team members performs their role so that the entire process is completed in line with policies and procedures.

Imperatives in the Disaster Recovery Plan:

1. Disaster Recovery Teams (Management, IS, Users) and Phone list of Personnel
   • Management Team
   • Information Systems Team
   •User Team
   •Telephone nos. of all Team members
   vImportant Telephone nos. (Hospital, Fire station, Police station etc.)
   
   
2. Current and updated Vendor contact list
   • List of all vendors with products supplied by them
   • Phone nos. and contact names
   
   
3. Hardware and software requirement for restoring the data
   • Profile of Inventory that is required to restore critical applications
   •List of all consumables required for restoration
   
   
4. Alternate Site recovery checklist
   • Equipment list needed at the alternative data centre for recovering operations and ensuring business continuity
   
   
5. Backup procedures which are being followed currently
   • Listing of all the different backup procedures being followed currently
   • Description of the various backup procedures (e.g. Daily, weekly etc.)
   • Split the backup by application type, with timings etc.
   
   
6. The critical business functions
   • List the critical business functions and identify by business process
   
   
7. Offsite Storage inventory
   • Inventory list of all the applications, documents, data etc.
   • List of offsite locations with complete address

Implementation Plan

The Disaster Recovery Plan needs to be tested in order to ensure that the recovery procedures are executable and accurate. It is also important to test the implementation plan from a point of view of training the personnel. The training of these personnel is imperative, since they will be responsible for executing the recovery plan.

One has to keep in mind that all the test results and problems encountered are documented and reviewed with management and also used to update current procedures. Only a good process will ensure the effectiveness of the backup and recovery procedures.

The objectives should be to restore the data, verify the availability of the system, and determine the time frame for restoring the system in the event of a disaster.

TEST PLAN

Last but not the least, it is also very important to test out the Implementation Plan. This is imperative from a completeness point of view. Not only does this test out the efficiency of the plan but also ensures that the plan is implementable. A point to be noted here is that the test plan should never be announced. It should be a surprise move. This will also ensure that every member of the DRP team is ready and plays his role efficiently. The DRP can be successful only if every one of the team members plays his role. In addition, there would also be small disasters that happen in a day-to-day operation of a company and it is important to document the process. An example could be an employee losing his mailbox or the mail file getting corrupt. In this case, a recovery process has to be performed and the individual's mailbox has to be restored back to its condition based on the last backup taken. This process when done needs to be documented and the user sign off obtained to certify that his mailbox is working properly.

It will be an ideal plan to test out the DRP once every month, if not in total, at least for some major applications to ensure its effectiveness. However, once a quarter is a good idea and also is workable from a business point of view.

With a proper Disaster Recovery Plan in place, you can safely say, "I am ready for a disaster". Good luck to all of you for a safe and successful DRP. Once the DRP has been executed, we can all say "Chashme Buddoor" or "Insha Allah".

-Venki Mahadevan