Managing and protecting all enterprise data


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Disaster Recovery Extra: New tools for building business-continuity plans

A DR plan can give you a false sense of security if it doesn't consider factors such as employees, revenue, supply chain and facility access. New tools to help ensure business continuity can help.

The trend of moving away from disaster recovery toward disaster resiliency is gaining momentum, buoyed by a new breed of business-continuance management software tools.

A typical disaster recovery (DR) plan focuses on recovering an organization's technology infrastructure from corrupt data, lost files or catastrophic data center loss. However, many DR plans that are based solely on data recoverability may create a false sense of security if they don't take into account other important factors such as employees, revenue, supply chain and facility access.

Most DR plans become outdated the day they're completed because the organization lacks an established change/control process (see "10 hidden perils of DR planning"). Disaster recovery plans must be updated regularly to respond to changing risks such as health threats, natural and man-made disasters, mergers and acquisitions, new regulatory mandates, employee turnover, and systems and applications changes.

Today, senior officers bear the brunt of responsibility for complying with government regulations such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA). As a result, senior business stakeholders are the new influencers on an organization's ability to demonstrate "disaster resilience," and it's no surprise that operational continuity is at the top of their agenda. CFOs and risk managers have been increasingly involved in funding and developing business-continuance management (BCM) initiatives that establish recovery priorities based on enterprise-wide assessments of business and IT recovery needs. Because of senior management involvement, BCM has evolved into a lifecycle process that requires collaboration from business units, the storage department, and key storage suppliers and vendors.


A sampling of BCM programs
Click here for a sampling of BCM programs (PDF).


BCM tools
BCM software tools are instrumental for reducing the time and effort required to develop a uniform method for creating business-continuance plans and establishing a repeatable process for maintaining the effectiveness of emergency response plans (see "A sampling of BCM programs," this page and "How to pick a BCM tool"). During the past 18 months, a number of new BCM software tools have emerged that will help organizations plan and react to business and operational threats. These tools help organizations:

  • Automate the workflow of contingency plan development with business and information technology stakeholders
  • Assess and quantify the impact of any business interruption
  • Manage and distribute business-continuity and recovery plans across all business units and departments
  • Automate the BCM plan's change management process
  • Respond more quickly to "trigger events"



How to pick a BCM tool
Disaster recovery and business-continuance planning has evolved into a lifecycle process that will impact every part of your organization. Business-continuance management (BCM) software tools can help you address the difficult task of preparing for and responding to operational risks. The following tips will help you select and implement a BCM tool:
    1. A BCM tool should have the ability to define business relationships and their associated people, facility and technology dependencies.

    1. Look for a tool that can perform a business impact analysis.

    1. Find out how many simultaneous users are allowed access to the software at any given time. During an emergency, you don't want to discover that first responders can't access emergency plans and notify recovery teams because the BCM software limits the number of simultaneous users. Many BCM vendors license their offerings according to the number of simultaneous administrators and/or users of the tool.

    1. The BCM tool should manage, identify and correct issues resulting from regular business-continuance testing.

    1. Ask the vendor about remote hosting. This feature is valuable for providing access to emergency response plans in the event of a complete loss of infrastructure.

  1. Not all BCM methodologies are created equal. Be sure to ask the vendor how much customization the tool allows.


Uniform disaster response
Once a disaster strikes, the BCM tool serves as an "emergency control panel" that allows response teams to access completed action plans, monitor the communication process and track the progress of recovery efforts. This functionality gives business and IT recovery teams a uniform methodology to collaborate on, for example, impact assessment, data restoration, validation of the recovered data and response team notification (most BCM tools link to standard emergency notification software packages that automatically contact key team members when issues arise).

When choosing a BCM tool, look for these fundamental features:

  • The ability to automate the information technology risk-assessment process by identifying "gaps" in the business stakeholders recovery point objectives (RPOs) and recovery time objectives (RTOs) requirements, and noting where systems don't match up with requirements.
  • Automatic updates to the business-continuance/disaster recovery plan. An embedded threat database should be included that allows an organization to identify region-specific disruptions such as electric utilities failures, weather, and environmental and man-made threats. This feature typically includes data collected from information sources such as the Federal Emergency Management Agency (FEMA) and the National Oceanic and Atmospheric Administration (NOAA).
  • The ability to audit personnel changes and cross-reference them with assigned business recovery tasks and teams. This feature ensures that no task is at risk because an assigned emergency response member is no longer employed by the organization.
  • The inclusion of a database of pre-defined recovery tasks based on industry best practices. This helps an organization accelerate the process of creating and documenting its recovery teams and plans.
  • The software can reside on your local server and at a remote site. This ensures access to the tool at a time when it's most needed—during an emergency. Many BCM tool vendors offer fee-based hosting services.

The responsibility of business-continuity planning no longer resides solely within the IT domain. New BCM software tools help organizations to more effectively plan, manage and test for enterprise resiliency. Standardized templates guide business-continuance plan developers through the process of collecting business and IT data such as personnel, facility and technical asset information. In addition, a BCM tool will automate data collection surveys, perform an analysis of the company's RPOs and RTOs, and recommend ways to mitigate business and technology risks.

By automating the process of business and IT contingency planning—as well as disaster response—BCM tools are accelerating the efforts of many organizations to develop into disaster-resilient enterprises.

Article 2 of 22

Dig Deeper on Disaster recovery storage

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Storage

Access to all of our back issues View All