IT Employment

General discussion


How do I "sell" disaster recovery to the exec's?

By TomSal ·
Here's my problem...we have ZERO disaster recovery. Should an act of God happen tomorrow we face the liklihood of being done as a business.

+There are no co-location plans

+We backup, but tapes are stored locally

+Only SmartUps for our UPS -- a whopping 4 - 7 1/2 minutes of backup juice depending which server you are talking about

+Personnel wise there does not exist a contingency plan for who does what task should someone in a critical position be killed or get hurt in such a way it prohibits them to work

+Its so pathetic we had a prospective client (representing a HUGE Pharmacy chain -- if I said the name you'd know them right away) come in and ask our CEO , "So what kind of disaster recovery do you have here?"...our CEO said "Well we are fully insured."

Despite all this I just can't get these guys to invest some dollars into DR. I have typed up basic documentation on the why its needed and the "what-if" scenarios...but I guess either my explainations suck or they are just stubborn. The top execs have this fatal case of "If it doesn't make us money we don't want to invest into it!".

I have told them we need a professional disaster recovery consultant to come in this place and assess everything and then write a report. They'd go for this if the guy was free. maybe.

Its so frustrating. This is a battle I've been fighting over and over for 3 years now. They won't listen.

Recently in our area there was major rainstorms, which did considerable flood damage to surrounding areas -- this made me think on the topic again (our server room is ground level).

Any help or direction would be greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Acts of God I've seen.....

by JamesRL In reply to How do I "sell" disaster ...

Burst water pipe at municipal feed - flooded basement datacentre - came within an inch of destroying phone system.

Province wide power outage - twice -one was last years, and prior to that ice storm in late 90s. If no UPS, then servers go down hard and good potential for data loss.

Electrical fire, forcing staff to flee the building before able to shut down systems - same problem as above.

If you want to sell it, find out what the cost to the business would be if they lost one days' data - how about two days? Depending on the circumstance, what would it cost to be unable to do business for a week. Cause if the server room went up in flames or was flooded, it would take you a week to find a place to restore to if you were very lucky.

If tapes are stored locally - you have the potential to loose all of your data at one fell swoop. An electrical fire during the wee hours of the morning could take the active servers and the backups out. What kind of fire supression do you use - if its water, then count on all of your servers dying, and many of your tapes being damaged.

At a minimum, keep one set of tapes a month in an off site storage facility - could be the same place you put paper documents into archive.


Collapse -

What does a days business cost?

by prtaylor In reply to Acts of God I've seen.... ...

One also needs to think in terms of lost business. If the entire network/phone system is down, then no orders are taken, no sales are made, no current orders are filled. Customers start looking for other sources.

With no distaster recovery, data may be lost permanently and the entire network/phone system may need to be built from the ground up. This may take days, weeks or more. Does the company have suffiently deep pockets to wait for the systems to be purchased, installed, and tested?

If the answer is no, then no disaster plan appears to be a death sentence when one should ever strike. I suppose that is why insurance is purchased. But without the infrastructure of disaster recovery, there may be nothing left to recover.

Does a car need a spare tire? No it will run just fine without one. When a flat tire occurs, the car does not travel well and the flat tire is necessary. Does a Car need a gas guage? No, but it becomes hard to tell when you really need gas. Spare tires and gas guages are built-in forms of disaster recovery/prevention in automobiles. They do not make an auto manufacturer additional profits but the consumer demands these items. If the consumer of your companies products knew there was no form of disaster recovery, would they continue to buy from you or would they look for a potentially more reliable source.

This year alone, Florida was hit by an unprecedented number of hurricanes (four) and Japan was hit by ten. In the recent past, areas of the midwest were flooded that had never seen floods or none of that magnitude.

Collapse -

Examples from ****

by Snow rabbit In reply to What does a days business ...

I agree. There are two things you need to make clear: examples of disasters that *did* happen to other companies and the business!! cost of going down.
I can give you the following examples FIRST hand:

- Building activities next door led to a disk crash. The fact that it was a RAID-5 system did not help; 3 disks crashed! Bye bye production, about one hundred people had to stop working for a couple of days.

- A virus was able to enter the company's systems. Result: even the firedoors were out of control and 500 people could not work for 4 hours, that makes a total production loss of 2,000 hours excluding indirect costs.

- Warnings regarding important system updates were ignored by local management. Result: a core system went offline, sending 80 people home for two weeks and it required recovery activities from the IT staff for over 1,000 hours.

Greetings from **** ;-)

Collapse -

Rework the "Sell"

by pjm In reply to Examples from Hell

Selling is the same - no matte what the product is. You must discover what the maximum pain point is for the decision makers and then show them how you can craft a solution. Without seeing your presentation, I'll assume that you presented a factual case as your argument, and not to back-up your argument. People buy "benefits" and not features. Benefits work on peoples emotions - fear, lust, envy, greed etc. Facts only get in the way of making this purchasing decision. Instead the facts are used to justify the decision once it is made.

It sounds like you have a real "sales" driven organization so one way to approach it would be to position the DR program not as a cost, but as an asset - a key feature - for selling your companies services.

Another approach might be to take the CEO's personal passion and show how a unplanned disaster could affect him or her. Something like, "How would you like to have put your sailboat into dry storage? Well, I;m here to tell you that if we get hit with a disasterous event today, you'll spend the next two years working overtime to just to get us back to square one!"

What ever you do, make it truthful and say it LOUD.


Collapse -

Storing backups

by madcow9597 In reply to Acts of God I've seen.... ...

I once worked for a MIS Director who had the same problem convining the higher ups. What he did is stored the backups locally as well as at his own home. When disaster did happen the higher ups were scrambling to figure out how to retrieve data. He was not panicing. The were dumb founded and asked him why he was not panicing. He simply told them since they did not take his previous advice he decided to take the backups home with him. Needless to say they were extremely grateful, promoted him. Lets just say he's doing pretty good for himself. Storing them at home wasn't exactly a great idea but it worked out in the end.

Collapse -

Business model

by TheChas In reply to How do I "sell" disaster ...

I've worked for the same kind of company.

Unless there is a defined payback, a customer pays for it, or a major client requires it, it just doesn't happen.

Just keep your plan up to date.

At some point, it will become a hot (get it done yesterday) project.

What needs to happen, is for the company to loose a major new contract specifically because of the lack of a disaster plan.

Or, for a close associate of the company leaders to have problems from a disaster, or at least tell them how great it was to have a good disaster recovery plan in place.


Collapse -

Executive buy in for DR/BC

by RichAbel In reply to Business model

The BC = Business Continuity

The one thing you did not say was if you are a publicly traded company r not. If you are then Sarbanes-Oxley has plenty to say about Disaster Recovery and the responsiblilties of the company to the clients.

Once a company goes public, it falls within the domain of the U.S. Securities and Exchange Commission (SEC), which aims to protect investors and maintain the integrity of the securities markets. Therefore, the SEC issued several key provisions for SOX compliance, including the following:

1. Restore Confidence in the Accounting Profession?Such measure address accounting oversight boards, rules to improve the independence of outside auditors and forbid improper influence on outside auditors, etc.
2. Improve Corporate Conduct ? these provisions require CEOs and CFOs to certify financial and other information in corporate quarterly and annual reports, they prohibit trading during pension blackout periods, they prohibit corporate loans to insiders, and more.
3. Additional provisions call for improved disclosure and financial reporting, improved gatekeeper performance, and enhanced enforcement tools.

Many organizations are still floundering to understand how SOX affects them and their shareholders. That?s because SOX goes beyond finance to encompass governance, risk, ethics, compliance and more. And while many organizations may seek to solve the compliance conundrum with IT solutions, such an approach would be shortsighted and inadequate.

Organizations must embrace a more holistic approach to compliance that includes better communication, training, and a strong risk management framework. If they already have a good business continuity program in place, organizations are?in theory?better equipped to monitor and manage many of the problems SOX seeks to curtail including market exposures and countless financial functions.

Collapse -

Focus on Risk Management

by john.gaudry In reply to Business model

Execs have a primary role of managing risk within an organisation, a BC/DR strategy needs to be focused on what is called a Business Impact Assessment of major systems and how they will impact (close) the business if any events occur. You need to be able to demonstrate that some investment on DR to address critical systems is a necessary strategy based on the risk likelihood and impact of certain events occuring. There are plenty of good examples of events, some good examples of BIA's through the Business Continuity forums.

Happy to discuss some more.

Regards John

Collapse -


by Black Panther In reply to How do I "sell" disaster ...

This is typical of how management thinks - wait until the horse has bolted then work out the remedy. I have over 20 years experience in IT and have had 2 instances where the system failed with no DR ( different companies ) - it's amazing how an incident itself makes them aware ( even though it shouldn't ).

I suggest if you have tried explaining on deaf ears then make sure you cover yourself ie in your plan detail without DR how long the system will be down for and allow for extra time. ie if you had a 4 hour hardware contract for a machine with no DR it would be most likely 2 days before you got a replacment up ie 4 hours for an initial response, order in new part, maybe reload operating system and application.

Also try for different DR Options ie the lower the option cost the more time to recover.

Ask them how much it will cost the Business for 2 days down-time and how would you operate manually?

Collapse -

Tell tham what can happen

by herbertg In reply to How do I "sell" disaster ...

Tell tham what can happen, all such events, not just terrorism, but floods, fire, earth quake etc (get that from the local insurance company, they'll have all statistical data). Then work out the costs of not being prepared against the costs of being prepared. Also (as an Australian) many organisations must have DRP, such as financial organisations (banks, insurance telcos etc) and their are specific rules as to distance from main sites to DRP sites.
Hope this helps

Related Discussions

Related Forums