Creating an effective disaster recovery plan doesn’t have to cost a bundle, as TechRepublic member Steven Morgan recently discovered.
Morgan, the IT director at Collard & Partners Limited, a London-based reseller of Lloyds of London marine insurance products, devised a creative solution with a 75-cent contractual fee and a monthly server maintenance cost of about $100. You can download his plan and use it as a template for your own disaster management and recovery plan.
Networking proved valuable
To create his plan, Morgan had to look no further than his network of business contacts. He identified a trusted client that had a similar business model and used the same core enterprise software and operating system as Morgan’s firm. The former client, which Morgan declined to name, also happened to need a disaster recovery plan, so the two company leaders began discussing the best approach to developing a plan.
The dialogue eventually led to a reciprocal contract in which each company agreed to supply disaster management services for the other. The resulting plan met the needs of both companies and addressed the legal requirement set out by the United Kingdom's Data Protection Act.
Before both companies inked the deal, however, they needed to examine logistical considerations and address concerns about data, security, and liability.
First was the geographic location of each business. After all, it makes little sense to plan for disaster backup if the recovery site is just down the road. A regional disaster, for example, could knock down both sites.
To protect against anything other than a major disaster, Morgan made certain that the partner he selected had offices outside of the London metropolitan area.
The two companies then compared compatibility in terms of operating systems and enterprise packages to make sure their systems could be aligned with a minimum of expense and fuss.
Both companies used the same insurance brokering package and ran their data on UNIX machines, which proved a good match. They also shared compatible DAT backup tape systems, which simplified the task of moving data from location to location.
Addressing security concerns
Corporate leaders were excited at the prospect of saving large sums of money that would be otherwise spent on disaster recovery services from companies like SunGard Availability Services, yet they remained concerned about data security, contractual out clauses, and liability.
To address the data security concern, the companies agreed to completely wipe out any data collected on PCs at the host site. All other data—such as data backed up off-site each night—would be self-contained on a separate server at each host site.
The contract also includes nonliability clauses in the event that data isn't available or somehow becomes garbled. The final legally binding document also delimited the following:
- A seven-day window for installing new releases of specified mission-critical enterprise software and operating systems at each
- The need for workspace at the host site to accommodate six key staffers—in this case, insurance technicians and senior brokers—for a period no longer than two weeks
- The requirement for that workspace to include PCs with specific software; office furniture; meeting space; and access to telephones, fax machines, printers, restored data, and enterprise systems
Test it, and be prepared to tweak things
The plan, which the companies implemented earlier this year, will undergo its second operational test this November. Already, Morgan is anticipating the need to modify the contract to enable six mission-critical workers to send and receive e-mail from the disaster recovery site.
The present contract doesn't allow for that due to the difficulty in changing the DNS details that route e-mails. Complicating matters is the fact that both companies use different ISPs. It's a kink in the arrangement that Morgan plans to iron out through experimentation. He’s unwilling to build it into the contract until he has a clear path to a solution, he explained.
Despite that obstacle, Morgan says he’s pleased with the plan's outcome and the money saved by not contracting with a third-party disaster recovery vendor. He's also an advocate for corporate cooperation when it comes to dealing with similar needs and resources.
"I see no reason why companies cannot provide solutions that mutually benefit each other without compromising data or security," said Morgan.