Essay Requirement - Disaster Recovery Planning for Large Organizations Assessment Answer

Subject Name : Surveillance and Disaster Planning

Introduction

While natural disasters are making headlines and getting more destructive, many firms still fail to have a meaningful business continuity and disaster recovery plan. Large business locations that close down following a disaster are always at a risk of never recovering, unless, they have pre-planned for such risks. Hence, a disaster recovery plan and insurance are keys to help companys resume their operations and protect it from natures fury. It is important that larger organizations plan for such disasters before hand and therefore, there is a need to establish a proper disaster recovery plan. For small organizations with one or two people running the business it is still a manageable thing but, for larger organizations with operations at multiple locations it is important to establish a detailed plan to protect the company from huge losses. Thus, it becomes important to discuss about the importance of disaster recovery for large organizations with operations in multiple city, the key elements of business continuity or disaster recovery plan and learn about how to implement the same. With understanding of these aspects, and by paying attention to developing measures to overcome the aftermaths of a disaster, any large companies can effectively prepare itself to face natural disasters with minimal effect on their resources and can efficiently run back into operations not harming their business largely.

Regardless of how simple or complex the IT environment of a company is, it is important to plan for business disruptions, which can range from local power outrage to some massive natural disasters, like hurricanes or tornado or an earthquake. Some of these can be predicted or tracked while others can be completely unexpected, like the 9/11 attacks. While this may prove that having a business continuity and disaster plan is of utmost importance, statistics prove otherwise. It has been observed that many companies do not even have proper data back up plans in place let alone the recovery plans. According to the results of State of disaster recovery survey, there is a significant disconnect between IT and business executives regarding preparedness to disaster recovery (Snedaker, 2013). The survey data revealed that most do not have a plan to achieve minimization of downtime in case of an unplanned IT outrage. A previous study by Harris interactive also showed that CIOs across industries lacked confidence on their disaster management plans. But even after these conditions, there are companies with BC/DR plans that either have no plans or plans that are off site and were prepared almost a decade ago and never revisited since then (Snedaker, 2013). In todays time, larger organizations must be even more alert about this as it may lead to data breach, loss of revenue and effect the operations leading to losses at a large level. The statistics for the failure rate of companies post a disaster are alarming which must increase the seriousness of IT professionals towards developing a management plan. To develop a proper disaster recovery plan it is important to understand the key elements of the same.

The most important element in developing a BC/DR plan is to first analyse the risks. For large organizations, risk analysis helps to identify the possible problems that may arise in the coming future. The risk analysis therefore, leads to vulnerability assessment and this data further helps in understanding the impact of various risks on the business. Finally, with the help of this data, the organization can now identify the mitigation strategies i.e. the actions to be taken in order to reduce, transfer, avoid or accept the various risks identified (Snedaker, 2013). With the help of all these data and various analysis results the company can move forward towards identifying methods of implementation, as well as, understand the resources required to complete the same. There are many methods to create a BC/DR plan but, two primary purposes for doing the same. First is to think through the risks and implications of a disruption, and second, to ensure having a logical road-map to follow post a disaster. There are two essential parts to the plan. The set of tasks that can be undertaken to reduce the risk before a BC/DR event takes place. This is the risk mitigation plan and is very crucial. Another important element is the planning of the steps to be taken if a disaster or disruption occurs (Snedaker, 2013). Therefore, broadly speaking the two key elements are risk mitigation and disaster recovery. The plan needs to fundamentally establish the risks , the vulnerabilities and the expected impact on the crucial business functions. Another important part is to define the teams and key personnel. In a large organization, teams are required to fulfill various needs before, during and after a business disruption or disaster. In order to implement the BC/DR plan successfully, it is important to understand the various phases of the disaster recovery process and then allocate or identify teams for each process and their roles.

Given the threat environment today, it is likely for most businesses to activate some part of their BC/DR plan at some point of time. Following the fundamental steps makes a large business prepared enough to activate the plan in any event. The phases of the BC/DR plan are activation, disaster recovery, business resumption or business continuity and transition to normal operations (Correia et al., 2013). The activation phase addresses the time during and immediately after a disruption. In this section of the plan, it is important to mention when the BC/DR plan will be activated and how especially setting up parameters which can be used to determine when to activate this plan. Also, it is important to identify, who has the authority to activate it. Next phase is the disaster recovery phase, where it is generally assumed that the cause of the disruption has subsided and the company must now begin the recovery process. This defines the basic efforts taken by the company to initiate a recovery and is majorly situation dependent. The steps would be different for different types of disaster. After recovery is the business continuity phase, which includes the steps that need to be taken to resume back to normal operations. This includes strategies to begin operation from temporary locations, implementation of work around, identifying the manual methods to be used etc. The final step includes transition from the temporary location to the repaired location. Although it might seem obvious that after recovery normal operations would resume, there can also be some permanent changes incorporated by the company (Snedaker, 2013). Disruptions can change the way companies see their business and the way they approach operations. The maintenance phase occurs whether or not the BC/DR plan was activated. This is to review the relevance of the plan in case there is any change in the operations and technology or facilities and location. In order to ensure proper implementation there are various teams to be incorporated such as crisis management team, damage assessment team, operations assessment team, IT team, Administrative support team, transportation and relocation team, media relations team, human resources team, legal affairs team, physical security team, and procurement team (Snedaker, 2013). Though the types of teams and their roles are briefly defined, the responsibility of each team must be defined clearly for a broader BD/DR activity. Having clear boundaries help in ensuring that teams do not work at cross purposes and coverage of all aspects of the plan. Gaps and omissions may occur due to wrong definitions. Creating team descriptions helps identify major attributes like job functions, objectives, responsibilities scope, delineation , escalation path and other important data. A crisis management teams helps to bring together all members after a major business disruption. They are in charge of activating, implementing, managing and monitoring the business continuity and recovery plan. To succeed in proper achievement of disaster recovery it is important that all steps and phases are properly constructed and communicated to ensure minimal effect on the organization at times of major disasters and ensure that other locations of the large organization do not suffer due to the affected location.

Conclusion

It is of utmost importance that large organizations start taking BC/DR planning as a mandate to ensure smooth functioning and speedy recovery from the aftermath of a DR event. It is necessary that larger organizations plan more efficiently for unforeseen circumstances and understand the importance of a BC/DR plan. A proper plan helps the company to resume operations and minimize its risks related to this. It is important therefore, to understand all the key elements and phases of recovery planning and implement the DR plan efficiently. Another important part of the entire process is to identify the two phases pre-event and post event which have various tasks and roles to be incorporated under them. It is important therefore, to identify the various teams and allocate roles and responsibilities so that under crisis situation people have a clear idea of the roles to be undertaken by them and the tasks to be completed. Another important aspect of recovery plan is maintenance which is irrespective of whether the event took place or not. It is important to evaluate the plan and understand whether or not the technologies and the strategies are relevant and updated to meet the current business needs. All in all it can be concluded that the business continuity and disaster recovery plan implementation is of utmost importance for large organizations and hence, must be incorporated after critical planning..

References

Correia, D., Hayes, B., Kotwica, K. (2013). How Do I Implement the Four Pillars of Business Continuity Program, pp 13 27. Business Continuity Playbook, 2nd Eds.
Snedaker, S. (2013). Business Continuity and Disaster Recovery Plan development, Chapter 7, pp 369 - 412. Business Continuity and Disaster Recovery Planning for IT Professionals. William Andrew.
Snedaker, S. (2013). Business Continuity and Disaster Recovery Overview. Business Continuity and Disaster Recovery Planning for IT Professionals. William Andrew.