[Abstract]
The purpose of this document is to provide a basic knowledge of how having a business backup plan can maintain business continuity. Also included within this document are guidelines to maintain business continuity and an explanation of some consequences for not following the business continuity guidelines.
[Content]
When the September 11th attacks on the New York world trade center towers happened, it was a major wakeup call, not only for national security, but also for the amount of business data that was lost when the two buildings collapsed. As tragic as the attacks were, many businesses found out how effective or ineffective their computer network backups worked. In many cases companies’ lost large amounts of data. If companies had better business continuity procedures established, then there would be minimal data lost.
Maintaining a backup of all network systems and its respective data will maintain business continuity in the event of a catastrophic event. Previously the main concerns with maintaining backups of all computer systems and their data was in the event of a natural disaster like an earthquake, hurricane, fire, tidal wave, flooding, landslides, etc. In recent years there has been another reason identified and that is due to terrorist or militaristic attacks. The September 11th attacks on the world trade centers tested many companies with maintaining business continuity and many of those companies failed to maintain off-site backups so their businesses were greatly affected (Shore, 2002). There are different strategies when considering a backup and disaster recovery plan. One strategy consists of four parts that those parts are to detect, notify, isolate, and repair (Mitchell). The detect portion of the strategy is to quickly determine the source of the failure. The notify portion of the strategy is to notify all parties that are involved with recovering from the failure, as well as, the parties that are affected from the failure. The next step is to isolate the affected systems and minimize the failure from affecting any additional systems. The last step is to repair any affected systems or recover from the failure. There are also different backup strategies when considering a disaster recovery plan. One backup strategy is to backup all critical data and then either electronically transfer or physically ship the backups to an offsite location. This method is typically cheaper, however in many cases it is much slower to recover and restore systems to their previous state. Another backup strategy is to have a coop site, which all necessary data is completely backed up to another location. The coop site strategy comes at a much higher cost, however it has the ability to recover much quicker and provides a much more efficient recovery process in the event of a disaster. There are difference disaster recovery and backup strategy plans that are designed to maximize business continuity in the event of a disaster or catastrophic failure.
When applying disaster recovery guidelines to a business continuity strategy it is important to know about the recommended guidelines and the consequences if the guidelines are not followed. One of the first and foremost guidelines to recommend to any organization is to have a policy that states which disaster recovery strategy the company is going to use. Without having this policy in place, every different office within the organization may choose to follow their own guidelines and do what they think is best. The next policy that should be implemented should identify which backup strategy the company chooses to employ. This backup strategy should be chosen based upon company goals, cost, importance of data, and the desired minimal downtime the company determines as acceptable. Without the company identifying the backup strategy, there is a possibility different offices within the organization could waste time, money, and effort employing their own desired methods. The 3rd guideline for a company should be to implement a policy that states when backups are to be completed, where they will be stored, how often they are to be tested, and which offices or organizations are responsible for maintaining documentation of the procedures for backing up, storing, and testing. When a company chooses to not have a policy that identifies the company’s proper backup and testing procedures the results are drastic due to loss of data, loss of money, loss of resources, and many wasted man-hours. When a company chooses to put policies in place that identify business goals for minimizing loss of data, time, and money during a time of disaster, all offices or organizations within that company must comply with the policies or be held accountable.
In conclusion, there are information assurance lessons that have been learned from previous disasters, which should pave the way for future business continuity strategies. In order for companies to employ a successful business continuity strategy there needs to be policies put in place to identify which disaster recover and backup plans best suite the company. It is critical to ensure all offices and organizations within the company follow the company’s policies otherwise be held accountable in the event there is a loss.
References
1. Shore, Dave (2002, May 17th). Sept. 11 reaches real lessons in disaster recovery and business continuity planning. Retrieved February 8, 2009, from Tech Republic Web site: http://articles.techrepublic.com.com/5100-10878_11-1048799.html
2. Mitchell, Bradley Network Disaster Recovery . Retrieved February 8, 2009, from Network Disaster Recovery – Overview Web site: http://compnetworking.about.com/od/itinformationtechnology/l/aa083102a.htm