Today’s organisation is increasingly dependent on its IT infrastructure and communications network. Remote offices, customers and business partners are all reliant on their ability to access your core systems, Intranet or Extranet – often 24 hours a day, 7 days a week.
Disaster recovery of your systems is therefore fundamental to your organisational risk strategy. In assessing your risk, you need to consider:
- How would you recover your key business data in the event of a major equipment failure or outage caused by a service provider failing to deliver?
- What would be the financial consequences of a temporary shut-down of your data centre location – due to site contamination, industrial action or an extended telecommunications or power outage?
- Worse still, if your computer systems were destroyed in a major disaster such as a fire or flood, would your business even survive?
According to industry analysts, the top three business risks from failure to implement an effective disaster recovery plan are decreased employee productivity, customer dissatisfaction and the loss of current and future revenues. Let’s consider the ramifications of each.
If your premises are uninhabitable, where will you relocate your staff? If you operate an inbound contact centre – or even a rotary phone system – can you afford for it to be down for more than a few hours? Should your central computer systems become unavailable, it affects not just your head office staff, but all users of those systems across your network. For each hour of downtime, you must multiply by the number of employees unable to complete their work.
When – if – your systems are eventually restored, those same staff will have a backlog of processing to catch up with, which may cost you overtime, and will certainly generate frustration and workplace stress.
As well as costing time to recover, some data may be lost forever, causing ongoing reductions in employee productivity. A single server outage at WorkCover NSW in April 2006 cost the organisation nine working days to recover 98% of the lost data, with the remainder having to be retrieved on an ongoing case-by-case basis. Computerworld Australia reported an IDC analyst as being blunt about the glitch: “It shouldn’t have happened. At least 50% of organisations’ data is not adequately protected [and] in the event of a major disaster you may not get it back. I’m sorry for them, but every organisation should have systems robust enough to withstand a failure. It’s a wake-up call for everyone.”
If you are unable to maintain customer service levels because your systems are down for an extended period, the best you can hope for is loyal but dissatisfied customers. But most likely, they will seek another, more reliable supplier.
Consumers will seek an alternate supplier whose systems are available. If your customers are other businesses, they will need to have confidence – for their own survival – that you have an effective disaster recovery plan in place. In fact, depending on their level of dependence on you, they may require to see it before they agree to do business with you.
If your computer systems are unavailable for a considerable period of time – or your disaster recovery plan doesn’t cover every base – loss of revenue is bound to occur. Current revenue will be lost while you are unable to take and fulfil orders, or complete production schedules. Future revenues will be lost as your staff struggle to make up the backlog, and your customers desert you for a supplier with more dependable operations.
Failure to ensure disaster recovery of your computer systems has such serious ramifications that, according to Gartner, “two out of five enterprises that experience a disaster go out of business within five years” (Disaster Recovery Plans and Systems are Essential, September 2001).
Disaster Recovery: Planning for the Worst
Just as there are many types of organisations, there is – unfortunately – a Pandora’s Box of potential disasters. Like your business, your disaster recovery plan will be unique, and will be based on a balance of cost and risk. Gartner again: “There is no ‘one size fits all’ when it comes to developing business continuity management strategies and plans. Using someone else’s requirements, which might turn out to be based on limitations or regulations that your company doesn’t have, could spell disaster of another type.” (Gartner, March 2005)
You may choose to completely replicate your data centre at an independent location, or opt for a cost-effective multi-subscriber disaster recovery service – or even choose a hybrid solution such as live data/shared equipment.
Whatever your decision, your business recovery plan must be up-to-date, regularly tested and comply with your corporate risk strategy, corporate governance and regulatory requirements. Most important, you need the assistance of an expert – a specialist disaster recovery services provider who mitigates risk on your behalf, and offers the economies of scale, responsiveness and high level of services and facilities your organisation will need should disaster strike.
In future articles in this series, we’ll review the attributes of the ideal disaster recovery services provider, and consider how you’d fare in a disaster scenario affecting your entire street, city block or suburb.