Executive Summary
To begin with, it is necessary to mention that disaster recovery is the set of processes, regulations, policies and rules closely linked and aimed at preparing for recovery after failure, or performing strategic innovations and procedures critical for the extreme situation after any natural or human-induced disaster. In the case of the business activity, it should be stated that the recovery process takes into account all the necessary procedures aimed at restoring the business activity and providing all the necessary strategies for successful activity on a market.
Analysis and Discussion
Taking into account the strong necessity of restoring the successful business activity, it should be stated that the only strategy for disaster recovery which may suit is the business continuity plan (BCP): it entails planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. The BCP also entails planning for non-IT aspects of business, end touches upon the spheres of human resources, facilities crisis communication and reputation protection, and generally is the part of the general disaster recovery plan (DRP) for IT-related infrastructure recovery/continuity. (Comfort, 2004)
The commonly accepted plans of the Disaster Recovery Plan are elaborated with the aim of providing the general principles of recovery, however, they should be adapted for the real situation, as the origin of a disaster, the reasons and consequences may vary essentially. Thus, the first step is the identification of the scope and boundaries of the business continuity plan. This step is intended for defining the scope of BCP. Moreover, it offers an idea on the borders of the plan, as the initial steps for recovery should be careful and accurate in order not to aggravate the consequences. Risk analysis and report on the matter of consequences and forecasts are also provided o this step.
The following action that should be undertaken is the business impact analysis. Originally, the effects of a disaster on the business sphere are evaluated separately. This analysis entails the calculation of the financial losses for the organization which has already occurred, and that will occur if the services will not be restored. If the company has a complicated structure, the main concepts and principles should be provided for the upper management: first, it should coordinate the recovery process, second, there is a strong necessity in the unified strategy. It is one of the most crucial tasks during the initial stage – to convince the management in the necessity and success of the offered plan.
Then each department should provide all the necessary changes to the plan for adapting it to the real circumstances within each department. The understanding of the role of the plan is rather essential; consequently, heads of all the departments should be convinced in its effectiveness. Anyway, any department should have a preliminarily elaborated emergency plan. After the plan is approved and synchronized, the Business Continuity Plan project team starts its implementation.
Taking into account the matters, linked with the plan elaboration, it should be stated that Jasanoff (2004) emphasized the following fact in his research “The planning committee should prepare a risk analysis and business impact analysis that includes a range of possible disasters, including natural, technical and human threats. Each functional area of the organization should be analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk assessment process should also evaluate the safety of critical documents and vital records. Traditionally, fire has posed the greatest threat to an organization. Intentional human destruction, however, should also be considered. The plan should provide for the “worst-case” situation: the destruction of the main building.”
From this point of view, it should be stated that it is extremely important to evaluate the effects and consequences which are resulted from the loss of data, and the inability to provide services. The costs for minimizing the potential exposures should also be taken into account while estimating the losses.
As for the matters of data processing in the process of DRP implementation, Carlson and Parker (2001) stated: “Historically, the data processing function alone has been assigned the responsibility for providing contingency planning. Frequently, this has led to the development of recovery plans to restore computer resources in a manner that is not fully responsive to the needs of the business supported by those resources. Contingency planning is a business issue rather than a data processing issue. In today’s environment, the effects of long-term operations outage may have a catastrophic impact.”
Anyway, the development of the recovery plan should be performed not only by the chief management of the organization, its employees or performers but also by the customers and clients of the organization, who have an excellent opportunity to improve the services, provided by an organization.
Originally, the methodology, used for the developing of recovery plans entails the following points and aspects:
- Providing the management team with a clear realization of the total efforts, aims and requirements for the elaboration and implementation of the recovery plan;
- Obliging of corresponding management team and employees of the corresponding department to support and participate in the effort;
- Evaluating the recovery necessities from the perspective of the business purposes;
- Fixing and overcoming the loss in the functioning and operations;
- Concentrating on the matters of appropriate disaster prevention in the future, and the minimization of its impact in the case if the disaster occurred, and prevention measures appeared to be ineffective.
- Appointing the project implementation team that will be able to ensure the proper balance required for plan development;
- Providing the effective contingency plan that is comprehensible, easy to implement and easy to maintain;
- Estimating how contingency planning deliberations will be implemented into the business processes and strategic planning system, as well as the development processes in order for the plan to remain viable over time.
According to Williamson (2003) Prior to the creation of the plan itself, it is essential to consider the potential impacts of disaster and to understand the underlying risks: these are the foundations upon which a sound business continuity plan or disaster recovery plan should be built. Following these activities, the plan itself must be constructed – no small task. This itself must then be maintained, tested and audited to ensure that it remains appropriate to the needs of the organization.
Conclusion
Finally, it is necessary to mention that the Disaster Recovery plan is the set of actions, rules and principles aimed at restoring successful business functioning. Originally, the recovery plan requires essential resources, nevertheless, the key resource is the awareness and strong motivation for the recovery.
References
Carlson, S. J., & Parker, D. (2001). Disaster Recovery Planning and Accounting Information Systems. Review of Business, 19(2), 10.
Comfort, L. K. (Ed.). (2004). Managing Disaster: Strategies and Policy Perspectives. Durham, NC: Duke University Press.
Jasanoff, S. (Ed.). (2004). Learning from Disaster: Risk Management after Bhopal. Philadelphia: University of Pennsylvania Press.
Williamson, S. (2003). Gresford: The Anatomy of a Disaster. Liverpool, England: Liverpool University Press.