Disaster Recovery Planadmin / January 26, 2019
Nowadays people understand that preventing disasters is much more effective than trying to cope with the outcome of this or that catastrophe. For instance, Emerson states that “dollars spent in prevention are worth more than dollars spent in recovery” (Kunene, 2002).
There are a lot of examples proving such saying. Thus, National Archives and Records Administration (NARA) reports that “only 43% of businesses that suffer an incapacitating disaster ever resume operations” (Hiatt, 2000, p. 9). Moreover, 29% of those 43% remain in business.
According to University of Minnesota survey 93% of companies which could not assess their data facilities (centers) for about 10 or more days became bankrupts during a year (Hiatt, 2000). Reputedly, average business loses about three percent of its “gross sales within eight days of a sustained computer outage” (Hiatt, 2000, p.10).
By all means, companies get more and more interested in development disaster recovery plans to avoid any possible problems (Business Continuity Institute, 2005). Being a fast growing company, AtHand should also pay much attention to preventing any interruptions in its business processes.
The successful examples of disaster plan implementation prove the importance of such planning. For instance, banks which are extremely dependant on the use of technology (computers, databases, etc.) are more vulnerable to various hardships which can be still prevented.
Lebanon Citizens National Bank president and CEO, Steve Wilson stresses the effectiveness of disaster recovery planning recollecting that after passing “Y2K with flying colors and, after September 11, the banking system remained operational” (Bielski, 2002, p.46). Wilson adds: “I think how the industry handled those two situations indicates that it’s serious about disaster recovery” (Bielski, 2002, p.46).
As far as catastrophic outcomes of September 11 are concerned another company reveals successful story of disaster recovery planning effectiveness. Merill Lynch’s CFO unit only finished working on their DRP, they did not even test the system, when terrorists attack on the World Trade Center towers took place (Duchac and Castellino, 2006). This catastrophe became their system testing. In spite of some difficulties the plan was quite successful.
Of course, it was quite impossible to think over all possible options since they were not expecting such damages in several parts of the city. However, in a week CFO unit was completely operational, and in 2-3 weeks most employees were working. There is no need to state that the losses of the company were minimal due to the effective planning and appropriate disaster recovery plan implementation.
In this perspective, according to Business Continuity Institute (2005) about 70% of companies have their business continuity plans and disaster recovery plans, and this rate increases up to 80% in the sphere of financing and retailing. As far as the use of such plans is concerned according to Business Continuity Institute (2005) 10% of companies resorted to their projects which is quite a big rate.
Of course Y2K was one of the major stimuli to work out such plans and September 11 enhanced the importance of DRP. However, Dzubeck (2001) reports that many businesses (especially small companies) have a disaster recovery plan with no off-site backup which can be too risky.
Being a fast developing IT company AtHand also needs to secure its business processes. The most effective way is to work out an effective disaster recovery plan. Of course, first of all it is necessary to outline the overall strategy, i.e. the way the plan is worked out.
Thus, effective DRP is worked out in four major steps (Kunene, 2002). On the first stage it is necessary to analyze possible risks. This stage requires cooperation with the entire company, since the company’s managers can report about crucial points and about other major processes which require specific attention.
After risk analysis it is possible to pass on to the next stage, i.e. establishing the budget. In the majority of cases the budget will count about 2 to 8 percent of overall budget which is not much in comparison to possible revenues (Kunene, 2002). The third step is developing the plan itself. Finally, the fourth stage is testing. Some companies do not pay attention to the last step which is, in fact, crucial.
Only testing can reveal possible downsides of the plan. Besides, many issues emerge in the process of testing, it is worth mentioning that many of them can be quite unpredictable as in case with Merill Lynch. Basically, these are the four major steps which effective planning require. If AtHand uses such comprehensive strategy it will obtain the most complete DRP and, thus, it will be able to function without interruptions and delays.
Off-site backup and coordinating group.
At this moment it is possible to suggest two scenarios for the company. Of course, it is necessary to point out that these scenarios will be revised in accordance with specific information of AtHand employees. However, before depicting definite patterns it is important to stress the necessity to have an offsite backup.
So, the company should have some property or rent some facilities to preserve copies of the most important data. For instance, Duchac and Castellino (2006) portray the effective use of several sites, and report about cases when several sites were not available.
To launch such off-site backup it is necessary to define which materials (software and hardware) are the most important. Of course, such information can be obtained in cooperation with all the company’s managers. It goes without saying that in case the major resources stop functioning, the backup system can switch on automatically. This will enable AtHand not to interrupt automatic processes.
So, the customers (and to great extent the company since the scope of the essential information can be still assessed) will not suffer too much. AtHand will have enough time to detect the problem and solve it without any haste since the backup system will secure its uninterrupted functioning. Thus, it is essential to have at least one backup site.
Apart from this AtHand should have a group which will take the process under control and in case of some damages can coordinate the actions of the rest. Such group can be called Crisis Management Team (Penson, 2009).
It goes without saying that AtHand will benefit from having such a coordinating center (control team) since, on the one hand, the team will have the entire picture and can choose the most appropriate solution, and on the other hand, the members of the team will have several scenarios and will easily cope with any problem. Moreover, any employee of AtHand should know the major points of the completed disaster recovery plan. Thus, when some problems take place employees know exactly what they should do, they do not panic and just act accordingly.
Possible scenario 1.
Reportedly, earthquakes are quite common damagers so AtHand should have a corresponding plan. First of all, the disaster recovery plan should contain information about certain immediate actions which concern employees’ safety (Penson, 2009). To successfully implement this part of the plan the Crisis Management Team should have updated data about the working places of disabled people and/or pregnant women, so that these categories can be evacuated as the rest of personnel.
Of course, the plan should cover the process of evacuation and the place where people can wait until the danger is gone since first of all AtHand should take care of its personnel. After this crisis management team should be immediately mobilized. In fact, this group coordinates the actions of the process. After people evacuation and when there is no risk for people’s life, the Crisis Management Team should assess the damages.
Everything should be taken into account: the damage of building, facilities, etc. After evaluating the damage it is possible to consider possibilities of obtaining the necessary facilities. Thus, AtHand will be able not to waste money but acquire the most necessary facilities. Meanwhile, people can work in some particular site or they can work from other places (using some network). Of course, all security measures should be undertaken.
Moreover, it is important to follow the security measures on every stage of the recovery plan. For instance, it is advisable to use particular ways of communication so that no confidential information was revealed. In fact, the correct communication is very important since AtHand may have losses if some information becomes known to partners, clients or mass media. This is the brief outline of disaster recovery scenario which AtHand can use in case of earthquake.
Possible scenario 2.
There is one more threat which is even more common than natural disasters, i.e. power outage (Kunene, 2002). So, in the case of power outage off-site backup is also essential. In fact, it can totally prevent from any negative outcomes since all data will be saved and some automatic processes will be still operational.
Of course, it is necessary to make sure that the possibility of power outage in the principle site and in backup site is very low. Again existence of several backup sites should be considered. In this case all the main issues which AtHand can face will be easily solved since backup sites secure the uninterrupted business processes. Besides, AtHand should consider possibility to start an emergency power supply. So, people will be able to do their work without any interruptions.
However, if such emergency supply is not possible there is a way out. It is possible to ask the employees to fill in certain questionnaire where they state what they can do with no power supply at their working places. Thus, people will know what operations are possible so they can complete definite tasks instead of going home and losing their money. AtHand also benefits from this approach since employees do certain tasks instead of doing nothing and having talks about what has happened.
Of course, some difficulties may occur while operating disaster department. Thus, before AtHand starts launching the changes it is necessary to take into account the following factors. First, the employees can lack the necessary experience so it is crucial to choose carefully people involved in the process.
Secondly, the company should consider whether it can spend the necessary budget, or it is wiser to wait a little. Finally, many companies do not pay much attention to testing or do not take into account it, i.e. do not implement the necessary changes since it can lead to extra costs. Of course, this is an erroneous approach which can cause considerable losses.
In summary, it is necessary to point out that nowadays most businesses understand the necessity to have an effective disaster recovery plan. The overall strategy of such planning presupposes the following stages: analyzing risks, establishing budget, developing DRP, and, finally, testing the complete disaster recovery plan. It is important to note that the disaster recovery plan should be worked out in cooperation with managers and directors of the company. As far as AtHand DRP is concerned it is possible to portray two possible scenarios.
However, both scenarios presuppose existence of off-site backup which ensures business continuity and maintaining the most important data. Of course, these are only draft plans since more thorough planning presupposes more detailed information. Thus, the first scenario deals with the natural disaster, earthquake. In this case, crisis management team will coordinate such actions as immediate reaction (evacuation), damage assessment and recovery actions. The second scenario dwells upon more common disaster, i.e. power outage.
In this case minor changes are necessary. However, before accepting any plan AtHand should still consider possible difficulties of implementing the plan. Besides, the company should consider carefully its financial ability to adopt any plans. Nevertheless, before making the final decision AtHand should consider possible negative impacts of interrupted business processes which the company can easily avoid using effective disaster recovery plan.
Bielski, L. (2002). Thinking the Unthinkable: Often Dismissed as Mere “Insurance,” Disaster Recovery Ought to Be Considered Part of the Lifeblood of Any Business. ABA Banking Journal, 94(1), 44-47.
Business Continuity Institute. (2005). Business Continuity Research [Data file]. Retrieved from
Penson. (2009). Disaster Recovery Plan [Data file]. Retrieved from
Duchac, J., & Castellino, C. (2006). Disaster Recovery Following the Events of September 11, 2001. Journal of the International Academy for Case Studies, 12(3), 63-69.
Dzubeck, F. (2001). Corporate America’s Wake-Up Call. Network World, 18(42), 47.
Hiatt, C.J. (2000). A Primer for Disaster Recovery Planning in an IT Environment. Hershey, PA: Idea Group Inc.
Kunene, G. (2002, January 15). How to Create a Disaster Recovery Plan. Retrieved from