Andre Gold discusses the most common problems and pitfalls organizations can be expected to face in their business continuity and disaster recovery planning efforts and how to avoid these problems. The text transcript of Gold's comments is included below.
So with that last thought, let's have a little fun here and talk about some "gotchas" of business continuity planning (BCP) and disaster recovery (DR). One of the first "gotchas" in my opinion is that there is no "I" in BCP or DR. And what I mean by this is a lot of times, when people first get started in their BCP and DR efforts, they actually go to that business analyst or that techie within the firm and ask, "Can you tell me what systems are most important?" and then what happens is that analyst is sitting there or that techie is sitting there and they are starting to think about the systems and they say that systems A, B and C are all important. And why are they important? Because those are the systems that techie or analyst operates on a day-to-day basis. So they start developing this relationship between the importance of a system and their value to the firm. In today's economy, nobody wants to be out there looking for a job, but the fact is that you should have a process that helps you understand how to keep business processes and it's not latent with having application and systems and peripheral dependency as part of a disaster recovery portfolio just because people want to feel they have net worth or add value to the firm. The second thing is, it's not about technology. People seem to think if their technology is available, their business will be available. The fact is that technology is just a means by which we "operationalize" or we deliver the products and services that our firm supports, but it's not the end-all.
Moving on, one of the other "gotchas" we have to realize is that technology is actually our friend in disaster recovery and business continuity planning. We talked about it earlier -- those standards, the confidentially, the integrity, the availability, as well as the change management. Well, there are operational standards as well, or technical standards, that are bi-products of those policies. When we start looking at technology with the advent of virtualization; with the addition of SANs and storage-area networks and things like that, we can actually leverage technology to not only "operationalize" those business processes, but also hedge against risk as well. Load-balancing technology has been out there for quite some time and I have been a big fan and big proponent of actually using it in hot site type of locations, where I can have transactions being processed out of the firms multiple locations, so in the event that there is a disaster, the environment can keep running based upon our leverage and our utilization of technology.
Bussiness Continuity and Disaster Recovery Video Series table of contents:
Disaster recovery and business continuity planning basics
Availability, business continuity and disaster recovery
Defining internal risk management policies
Elements of disaster recovery and business continuity planning
Disaster recovery and business continuity planning
Preventing business continuity, disaster recovery problems