General discussion

Locked

How do I "sell" disaster recovery to the exec's?

By TomSal ·
Here's my problem...we have ZERO disaster recovery. Should an act of God happen tomorrow we face the liklihood of being done as a business.

+There are no co-location plans

+We backup, but tapes are stored locally

+Only SmartUps for our UPS -- a whopping 4 - 7 1/2 minutes of backup juice depending which server you are talking about

+Personnel wise there does not exist a contingency plan for who does what task should someone in a critical position be killed or get hurt in such a way it prohibits them to work

+Its so pathetic we had a prospective client (representing a HUGE Pharmacy chain -- if I said the name you'd know them right away) come in and ask our CEO , "So what kind of disaster recovery do you have here?"...our CEO said "Well we are fully insured."

Despite all this I just can't get these guys to invest some dollars into DR. I have typed up basic documentation on the why its needed and the "what-if" scenarios...but I guess either my explainations suck or they are just stubborn. The top execs have this fatal case of "If it doesn't make us money we don't want to invest into it!".

I have told them we need a professional disaster recovery consultant to come in this place and assess everything and then write a report. They'd go for this if the guy was free. maybe.

Its so frustrating. This is a battle I've been fighting over and over for 3 years now. They won't listen.

Recently in our area there was major rainstorms, which did considerable flood damage to surrounding areas -- this made me think on the topic again (our server room is ground level).

Any help or direction would be greatly appreciated.

This conversation is currently closed to new comments.

107 total posts (Page 2 of 11)   Prev   01 | 02 | 03 | 04 | 05   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Insurance

by wim.joosten In reply to How do I "sell" disaster ...

Tough problem. My advise: find out if there is any kind of insurance (for furnature or whatever) and find a way to let the insurance company do the talking for you.
Succes

Collapse -

Laws

by john In reply to Insurance

I would have a look at your laws on communication acts. if your business looses all the data, depending on the act, they will be held liable. In SOuth Africa it is law that you need data recovery. Just a thought

Collapse -

Corporate Governance

by leonm In reply to Laws

We have had quite a bit of success from this angle. The Directors and Officers of a company are liable to ensure that everything reasonable is done to ensure that the business remains intact AND that employees are not placed at risk of losing their jobs by not having DR in place.

Collapse -

Mission Critical Software Source Code Escrow

by andrew.stekhoven In reply to Laws

Source Code Escrow is also a significant factor in Business Continuity and good ICT Governance and suffers from the same lack of priority in the eyes of most CIO's and CEO's.

The major reason for depositing software in escrow is to mitigate against operational risk, primarily in the context of business continuity. However, the usefulness of the escrow arrangement may be seriously compromised if the software deposit has not been confirmed as readable and complete (ie capable of serving the purpose), preferably by an independent third party that specialises in this kind of work on an international basis.

In fact, current practice suggests that 9 out of 10 traditional (ie passive) escrow deposits are most likely to be unusable.

Technical verification of the material on deposit is a basic requirement for professional (ie Active) escrow arrangements. At Escrow Europe, we add value by providing verification for every initial escrow deposit, as well as for every software update deposited thereafter. After each verification, a comprehensive verification report is submitted to both the User and the Supplier. Technical verification of software source code is our core business and is performed by dedicated specialists in our Technical Centre in Amsterdam. Our professional escrow service is offered for the benefit of both User and Supplier and is an ongoing process that we refer to as Active Escrow.

The primary questions that CIO and CEO's need to answer are:-

1. How many mission critical applications do we run were we have little or no control over the IP (ie we are licensed users of the software product)

2. How many different escrow agreements do we have

3. How many of the deposits held in escrow are worthless in the event of a release event/condition

We are keen to work closely with other parties who are striving to raise the profile of Business Continuity as a discipline in its own right.

If we achieve this the sales and cost justification will become self evident.

Please also refer www.itweb.co.za/office/escroweurope/ or www.escroweurope.com

Collapse -

It may be required

by racote In reply to Insurance

It's tough to sell DR because there is nor ROI on it unless all
goes to ****. However, government regulations may require
your industry to have a DR plan. Your major
customers or your insurance carrier may also insist on it.

Talk to your accounting and risk management people. They
will want to know what can go wrong and how it can be
prevented.

Unless the plan is to declare bankruptsy when disaster hits
and leave the country...

Collapse -

DR and the law

by Tahiti16 In reply to It may be required

Depending on your industry your executives could be personaly held responsible if they did not address DR. Sarbanes comes to mind. Also as someone else stated Your insurance may not pay or pay mu8ch less if there is not a plan.

Ray O.

Collapse -

Risk

by maxsecdsl.pipex.com In reply to How do I "sell" disaster ...

look at it from a risk point of view...

risk.. (eg fire, flood, hacker, theft, power loss etc)
time to business impact (2 minutes, 2 weeks etc)
time for recover (6 hours etc)
cost to business (including SLA's to customers)

that way you can look at it from business driver point of view, and should it go pear shaped you are covered as you've highlighted the risks to the business.

Collapse -

It's all about money

by expert-in-spe In reply to Risk

I agree with the other comments however I do know how pig-headed top managers can be.
Basically it's all about a complete lack of understanding and probably also the feeling that the techies are making a fuss so that they get new toys.
I really suggest that you get an external consultant in (there are many who do free first appraisals hoping to get the business afterwards) or if that's too difficult take the time to get some good short articles, industry best practices etc and really sell it to them, hammer the message. Make sure that you prove that you are not god and cannot perform miracles. Make sure that they know that you are warning them in advance, get all the help possible from insurance guys, auditors etc etc....If they still don't buy it, you're going to have to either officially distance yourself from all eventualities and problems - that could look really unfavourable - or simply start pounding the lanes for a new position. Rather this than an ulcer, right?

Collapse -

DIYS if you dare.

by rapell In reply to It's all about money

Hello, I think your bosses need a rude awakening. Managers just sit there warming chairs and they say IT is not important, they actually ask why they pay us anyway, but if you can, you should cause your servers to be unavailable for some,say two to three hours by a simple trick and see what they say. Then explain to them how it could hsve been solved real fast if there was a backup!!

Collapse -

DIYS if you dare = Fired on the spot

by AlohaShirt In reply to DIYS if you dare.

Should an employee or consultant try to school the executive by staging a "temp network failure" , I would see grounds for immediate termination. If termination did not occur on the spot, I am fairly certain that a lack of trust will exist to the extent that the executive will remember nothing more than the fact that s/he was made to look like a fool.

I am still reading through all the responses, but think the best options are when an admistrator performs the due diligence by researching the matter of DRP/BCP and presenting it CONCISELY to the superior(s).

It's important that an administrator learns the art of conversation with the superior. Most technical admins don't understand this and end up banging their heads on a wall. In that case, look for a consultant who is well versed in getting the point accross.

Good Luck!

Back to IT Employment Forum
107 total posts (Page 2 of 11)   Prev   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums