disaster planning and recovery

Most businesses, government offices, or other organizations are heavily dependent on having continuous access to their data and the hardware, network, and software necessary to work with it. Activities such as procurement (see supply chain management), inventory, order fulfillment, and cus-tomer lists are vital to day-to-day operations. Any disaster that might disrupt these activities, whether natural (such as an earthquake or severe weather) or human-made (see com-puter virus and cyberterrorism), must be planned for. Such planning is often called “business continuity planning.”

The most basic way to protect against data loss is to maintain regular backups (see backup and archive sys-tems). On-site backups can protect against hardware failure, and can consist of separate storage devices (see networked storage) or the use of redundant storage within the main system itself (see raid). However, for protection against fire or other larger-scale disaster, it is also necessary to have regular off-site backups, whether using a dedicated facility or an online backup service.

To protect against power failure or interruption, one or more uninterruptible power supplies (UPS) can be used, and possibly a backup generator to deal with longer-term outages. All equipment should also have surge protection to avoid damage from power fluctuations.

Of course anything that can minimize the chance of disaster happening or the extent of its effects should also be part of disaster planning. This can include structural rein-forcement, physical security, firewalls and antivirus soft-ware, and fire alarms and suppression systems.

Disaster Planning

Despite the best precautions, disasters will continue to hap-pen. Organizations whose continued existence depends on their data and systems need to plan systematically how they are going to respond to foreseeable risks, and how they are going to recover and resume operations. Planning for disas-ters involves the following general steps:

•  specify the potential costs and other impacts of loss of data or access

•  use that data to prioritize business functions or units

•  assess how well facilities are currently being protected

•  determine what additional hardware or services (such as additional file servers, attached storage, or remote backup) should be installed

•  develop a comprehensive recovery plan that specifies procedures for dealing with various types of disas-ters or extent of damage, and including immediate response, recovery or restoration of data, and resump-tion of normal services

•  develop plans for communicating with customers, authorities, and the general public in the event of a disaster

•  specify the responsibilities of key personnel and pro-vide training in all procedures

•  arrange ahead of time for sources of supplies, addi-tional support staff, and so on

•  establish regular tests or drills to verify the effective-ness of the plan and to maintain the necessary skills

Recent natural disasters as well as the 9/11 terror-ist attacks have spurred many organizations to begin or enhance their disaster planning and recovery procedures.