General discussion

  • Creator
    Topic
  • #2288875

    How do I “sell” disaster recovery to the exec’s?

    Locked

    by tomsal ·

    Here’s my problem…we have ZERO disaster recovery. Should an act of God happen tomorrow we face the liklihood of being done as a business.

    +There are no co-location plans

    +We backup, but tapes are stored locally

    +Only SmartUps for our UPS — a whopping 4 – 7 1/2 minutes of backup juice depending which server you are talking about

    +Personnel wise there does not exist a contingency plan for who does what task should someone in a critical position be killed or get hurt in such a way it prohibits them to work

    +Its so pathetic we had a prospective client (representing a HUGE Pharmacy chain — if I said the name you’d know them right away) come in and ask our CEO , “So what kind of disaster recovery do you have here?”…our CEO said “Well we are fully insured.”

    Despite all this I just can’t get these guys to invest some dollars into DR. I have typed up basic documentation on the why its needed and the “what-if” scenarios…but I guess either my explainations suck or they are just stubborn. The top execs have this fatal case of “If it doesn’t make us money we don’t want to invest into it!”.

    I have told them we need a professional disaster recovery consultant to come in this place and assess everything and then write a report. They’d go for this if the guy was free. maybe.

    Its so frustrating. This is a battle I’ve been fighting over and over for 3 years now. They won’t listen.

    Recently in our area there was major rainstorms, which did considerable flood damage to surrounding areas — this made me think on the topic again (our server room is ground level).

    Any help or direction would be greatly appreciated.

All Comments

  • Author
    Replies
    • #2714020

      Acts of God I’ve seen…..

      by jamesrl ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Burst water pipe at municipal feed – flooded basement datacentre – came within an inch of destroying phone system.

      Province wide power outage – twice -one was last years, and prior to that ice storm in late 90s. If no UPS, then servers go down hard and good potential for data loss.

      Electrical fire, forcing staff to flee the building before able to shut down systems – same problem as above.

      If you want to sell it, find out what the cost to the business would be if they lost one days’ data – how about two days? Depending on the circumstance, what would it cost to be unable to do business for a week. Cause if the server room went up in flames or was flooded, it would take you a week to find a place to restore to if you were very lucky.

      If tapes are stored locally – you have the potential to loose all of your data at one fell swoop. An electrical fire during the wee hours of the morning could take the active servers and the backups out. What kind of fire supression do you use – if its water, then count on all of your servers dying, and many of your tapes being damaged.

      At a minimum, keep one set of tapes a month in an off site storage facility – could be the same place you put paper documents into archive.

      James

      • #3308760

        What does a days business cost?

        by prtaylor ·

        In reply to Acts of God I’ve seen…..

        One also needs to think in terms of lost business. If the entire network/phone system is down, then no orders are taken, no sales are made, no current orders are filled. Customers start looking for other sources.

        With no distaster recovery, data may be lost permanently and the entire network/phone system may need to be built from the ground up. This may take days, weeks or more. Does the company have suffiently deep pockets to wait for the systems to be purchased, installed, and tested?

        If the answer is no, then no disaster plan appears to be a death sentence when one should ever strike. I suppose that is why insurance is purchased. But without the infrastructure of disaster recovery, there may be nothing left to recover.

        Does a car need a spare tire? No it will run just fine without one. When a flat tire occurs, the car does not travel well and the flat tire is necessary. Does a Car need a gas guage? No, but it becomes hard to tell when you really need gas. Spare tires and gas guages are built-in forms of disaster recovery/prevention in automobiles. They do not make an auto manufacturer additional profits but the consumer demands these items. If the consumer of your companies products knew there was no form of disaster recovery, would they continue to buy from you or would they look for a potentially more reliable source.

        This year alone, Florida was hit by an unprecedented number of hurricanes (four) and Japan was hit by ten. In the recent past, areas of the midwest were flooded that had never seen floods or none of that magnitude.

        • #3308724

          Examples from Hell

          by snow rabbit ·

          In reply to What does a days business cost?

          I agree. There are two things you need to make clear: examples of disasters that *did* happen to other companies and the business!! cost of going down.
          I can give you the following examples FIRST hand:

          – Building activities next door led to a disk crash. The fact that it was a RAID-5 system did not help; 3 disks crashed! Bye bye production, about one hundred people had to stop working for a couple of days.

          – A virus was able to enter the company’s systems. Result: even the firedoors were out of control and 500 people could not work for 4 hours, that makes a total production loss of 2,000 hours excluding indirect costs.

          – Warnings regarding important system updates were ignored by local management. Result: a core system went offline, sending 80 people home for two weeks and it required recovery activities from the IT staff for over 1,000 hours.

          Greetings from Hell 😉

        • #3294551

          Rework the “Sell”

          by pjm ·

          In reply to Examples from Hell

          Selling is the same – no matte what the product is. You must discover what the maximum pain point is for the decision makers and then show them how you can craft a solution. Without seeing your presentation, I’ll assume that you presented a factual case as your argument, and not to back-up your argument. People buy “benefits” and not features. Benefits work on peoples emotions – fear, lust, envy, greed etc. Facts only get in the way of making this purchasing decision. Instead the facts are used to justify the decision once it is made.

          It sounds like you have a real “sales” driven organization so one way to approach it would be to position the DR program not as a cost, but as an asset – a key feature – for selling your companies services.

          Another approach might be to take the CEO’s personal passion and show how a unplanned disaster could affect him or her. Something like, “How would you like to have put your sailboat into dry storage? Well, I;m here to tell you that if we get hit with a disasterous event today, you’ll spend the next two years working overtime to just to get us back to square one!”

          What ever you do, make it truthful and say it LOUD.

          PJM

      • #3294768

        Storing backups

        by madcow9597 ·

        In reply to Acts of God I’ve seen…..

        I once worked for a MIS Director who had the same problem convining the higher ups. What he did is stored the backups locally as well as at his own home. When disaster did happen the higher ups were scrambling to figure out how to retrieve data. He was not panicing. The were dumb founded and asked him why he was not panicing. He simply told them since they did not take his previous advice he decided to take the backups home with him. Needless to say they were extremely grateful, promoted him. Lets just say he’s doing pretty good for himself. Storing them at home wasn’t exactly a great idea but it worked out in the end.

    • #2713946

      Business model

      by thechas ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      I’ve worked for the same kind of company.

      Unless there is a defined payback, a customer pays for it, or a major client requires it, it just doesn’t happen.

      Just keep your plan up to date.

      At some point, it will become a hot (get it done yesterday) project.

      What needs to happen, is for the company to loose a major new contract specifically because of the lack of a disaster plan.

      Or, for a close associate of the company leaders to have problems from a disaster, or at least tell them how great it was to have a good disaster recovery plan in place.

      Chas

      • #2713866

        Executive buy in for DR/BC

        by richabel ·

        In reply to Business model

        The BC = Business Continuity

        The one thing you did not say was if you are a publicly traded company r not. If you are then Sarbanes-Oxley has plenty to say about Disaster Recovery and the responsiblilties of the company to the clients.

        Once a company goes public, it falls within the domain of the U.S. Securities and Exchange Commission (SEC), which aims to protect investors and maintain the integrity of the securities markets. Therefore, the SEC issued several key provisions for SOX compliance, including the following:

        1. Restore Confidence in the Accounting Profession?Such measure address accounting oversight boards, rules to improve the independence of outside auditors and forbid improper influence on outside auditors, etc.
        2. Improve Corporate Conduct ? these provisions require CEOs and CFOs to certify financial and other information in corporate quarterly and annual reports, they prohibit trading during pension blackout periods, they prohibit corporate loans to insiders, and more.
        3. Additional provisions call for improved disclosure and financial reporting, improved gatekeeper performance, and enhanced enforcement tools.

        Many organizations are still floundering to understand how SOX affects them and their shareholders. That?s because SOX goes beyond finance to encompass governance, risk, ethics, compliance and more. And while many organizations may seek to solve the compliance conundrum with IT solutions, such an approach would be shortsighted and inadequate.

        Organizations must embrace a more holistic approach to compliance that includes better communication, training, and a strong risk management framework. If they already have a good business continuity program in place, organizations are?in theory?better equipped to monitor and manage many of the problems SOX seeks to curtail including market exposures and countless financial functions.

      • #3294671

        Focus on Risk Management

        by john.gaudry ·

        In reply to Business model

        Execs have a primary role of managing risk within an organisation, a BC/DR strategy needs to be focused on what is called a Business Impact Assessment of major systems and how they will impact (close) the business if any events occur. You need to be able to demonstrate that some investment on DR to address critical systems is a necessary strategy based on the risk likelihood and impact of certain events occuring. There are plenty of good examples of events, some good examples of BIA’s through the Business Continuity forums.

        Happy to discuss some more.

        Regards John

    • #2713936

      Typical

      by black panther ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      This is typical of how management thinks – wait until the horse has bolted then work out the remedy. I have over 20 years experience in IT and have had 2 instances where the system failed with no DR ( different companies ) – it’s amazing how an incident itself makes them aware ( even though it shouldn’t ).

      I suggest if you have tried explaining on deaf ears then make sure you cover yourself ie in your plan detail without DR how long the system will be down for and allow for extra time. ie if you had a 4 hour hardware contract for a machine with no DR it would be most likely 2 days before you got a replacment up ie 4 hours for an initial response, order in new part, maybe reload operating system and application.

      Also try for different DR Options ie the lower the option cost the more time to recover.

      Ask them how much it will cost the Business for 2 days down-time and how would you operate manually?

    • #2713851

      Tell tham what can happen

      by herbertg ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Tell tham what can happen, all such events, not just terrorism, but floods, fire, earth quake etc (get that from the local insurance company, they’ll have all statistical data). Then work out the costs of not being prepared against the costs of being prepared. Also (as an Australian) many organisations must have DRP, such as financial organisations (banks, insurance telcos etc) and their are specific rules as to distance from main sites to DRP sites.
      Hope this helps

    • #3308860

      Insurance

      by wim.joosten ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Tough problem. My advise: find out if there is any kind of insurance (for furnature or whatever) and find a way to let the insurance company do the talking for you.
      Succes

      • #3308858

        Laws

        by john ·

        In reply to Insurance

        I would have a look at your laws on communication acts. if your business looses all the data, depending on the act, they will be held liable. In SOuth Africa it is law that you need data recovery. Just a thought

        • #3308851

          Corporate Governance

          by leonm ·

          In reply to Laws

          We have had quite a bit of success from this angle. The Directors and Officers of a company are liable to ensure that everything reasonable is done to ensure that the business remains intact AND that employees are not placed at risk of losing their jobs by not having DR in place.

        • #3308802

          Mission Critical Software Source Code Escrow

          by andrew.stekhoven ·

          In reply to Laws

          Source Code Escrow is also a significant factor in Business Continuity and good ICT Governance and suffers from the same lack of priority in the eyes of most CIO’s and CEO’s.

          The major reason for depositing software in escrow is to mitigate against operational risk, primarily in the context of business continuity. However, the usefulness of the escrow arrangement may be seriously compromised if the software deposit has not been confirmed as readable and complete (ie capable of serving the purpose), preferably by an independent third party that specialises in this kind of work on an international basis.

          In fact, current practice suggests that 9 out of 10 traditional (ie passive) escrow deposits are most likely to be unusable.

          Technical verification of the material on deposit is a basic requirement for professional (ie Active) escrow arrangements. At Escrow Europe, we add value by providing verification for every initial escrow deposit, as well as for every software update deposited thereafter. After each verification, a comprehensive verification report is submitted to both the User and the Supplier. Technical verification of software source code is our core business and is performed by dedicated specialists in our Technical Centre in Amsterdam. Our professional escrow service is offered for the benefit of both User and Supplier and is an ongoing process that we refer to as Active Escrow.

          The primary questions that CIO and CEO’s need to answer are:-

          1. How many mission critical applications do we run were we have little or no control over the IP (ie we are licensed users of the software product)

          2. How many different escrow agreements do we have

          3. How many of the deposits held in escrow are worthless in the event of a release event/condition

          We are keen to work closely with other parties who are striving to raise the profile of Business Continuity as a discipline in its own right.

          If we achieve this the sales and cost justification will become self evident.

          Please also refer http://www.itweb.co.za/office/escroweurope/ or http://www.escroweurope.com

      • #3308776

        It may be required

        by racote ·

        In reply to Insurance

        It’s tough to sell DR because there is nor ROI on it unless all
        goes to hell. However, government regulations may require
        your industry to have a DR plan. Your major
        customers or your insurance carrier may also insist on it.

        Talk to your accounting and risk management people. They
        will want to know what can go wrong and how it can be
        prevented.

        Unless the plan is to declare bankruptsy when disaster hits
        and leave the country…

        • #3294654

          DR and the law

          by tahiti16 ·

          In reply to It may be required

          Depending on your industry your executives could be personaly held responsible if they did not address DR. Sarbanes comes to mind. Also as someone else stated Your insurance may not pay or pay mu8ch less if there is not a plan.

          Ray O.

    • #3308859

      Risk

      by maxsecdsl.pipex.com ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      look at it from a risk point of view…

      risk.. (eg fire, flood, hacker, theft, power loss etc)
      time to business impact (2 minutes, 2 weeks etc)
      time for recover (6 hours etc)
      cost to business (including SLA’s to customers)

      that way you can look at it from business driver point of view, and should it go pear shaped you are covered as you’ve highlighted the risks to the business.

      • #3308855

        It’s all about money

        by expert-in-spe ·

        In reply to Risk

        I agree with the other comments however I do know how pig-headed top managers can be.
        Basically it’s all about a complete lack of understanding and probably also the feeling that the techies are making a fuss so that they get new toys.
        I really suggest that you get an external consultant in (there are many who do free first appraisals hoping to get the business afterwards) or if that’s too difficult take the time to get some good short articles, industry best practices etc and really sell it to them, hammer the message. Make sure that you prove that you are not god and cannot perform miracles. Make sure that they know that you are warning them in advance, get all the help possible from insurance guys, auditors etc etc….If they still don’t buy it, you’re going to have to either officially distance yourself from all eventualities and problems – that could look really unfavourable – or simply start pounding the lanes for a new position. Rather this than an ulcer, right?

        • #3308852

          DIYS if you dare.

          by rapell ·

          In reply to It’s all about money

          Hello, I think your bosses need a rude awakening. Managers just sit there warming chairs and they say IT is not important, they actually ask why they pay us anyway, but if you can, you should cause your servers to be unavailable for some,say two to three hours by a simple trick and see what they say. Then explain to them how it could hsve been solved real fast if there was a backup!!

        • #3295939

          DIYS if you dare = Fired on the spot

          by alohashirt ·

          In reply to DIYS if you dare.

          Should an employee or consultant try to school the executive by staging a “temp network failure” , I would see grounds for immediate termination. If termination did not occur on the spot, I am fairly certain that a lack of trust will exist to the extent that the executive will remember nothing more than the fact that s/he was made to look like a fool.

          I am still reading through all the responses, but think the best options are when an admistrator performs the due diligence by researching the matter of DRP/BCP and presenting it CONCISELY to the superior(s).

          It’s important that an administrator learns the art of conversation with the superior. Most technical admins don’t understand this and end up banging their heads on a wall. In that case, look for a consultant who is well versed in getting the point accross.

          Good Luck!

      • #3308853

        Was the guy who asked about DR a potential client?

        by robertmi ·

        In reply to Risk

        If so he might be prepared to say why he didn’t do business with your firm. Otherwise, you can only lead the horse to water. To cover yourself and your professional reputation since you will be blamed when it all turns to custard, you should seek official signoff on the decision to go without a disaster recovery plan. At the same time, try to build in a little system redundancy and get that off site backup storage. To sane people, the “what will it cost to be out of business for x days” argument is usually enough to convince them that DR is an insurance premium worth paying. You could personalise matters by asking the decision maker what he plans do do post disaster, as his business will no longer be viable. You have doubtless already supplied case studies showing how fast even a flourishing business can go down the gurgler. Does the company use an external auditor? Such a person might feel competent to point out the unwarranted risk involved in system failure of insofar as risk of clients suing for non performance etc is concerned.

        • #3294766

          Ask Board of Directors

          by rmorin ·

          In reply to Was the guy who asked about DR a potential client?

          Does this company have a Board of Directors and do they hold regular meetings? You may want to ask to be put on the agenda to address the issue to the Board. Perhaps if Board members knew about it, there would be more action on it. However, doing an end run on your bosses by going to the Board, could end your career with the company. Just depends on how passionate you are about the subject. If you have presented all you can to the powers that be and they won’t listen, and you don’t want to go to the Board, then document, document, document. Keep copies of your documents off site. You are in a tough situation. Good Luck.

    • #3308856

      The answer is simple…

      by gt89 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Good Morning.

      Your question has a very easy answer : If your boss is advised about a potential disaster for example with THE SERVERS, and he/they don’t want to invest in it because “it’s too expensive”, all you have to do is wait. I know it’s difficult, but a disaster CAN really happen, and if it will, then all you have to do is “I TOLD YOU SO”, and they will certainly give you reason. There’s not much you canb do about it, the are the bosses, and if their decision is NO there’s noting you can about it besides waiting for something to happen. But you have to have proves (emails, letters) that you warn them of that potential disaster and they systematically did nothing.

      I know this doesn’t work, but this is the hard way to learn to make backups and data protections.

      Good Luck.

      • #3308815

        Doesn’t help if company goes out of business

        by bill_brower ·

        In reply to The answer is simple…

        CYA is always a good idea, but it is of little comfort when the company goes out of business by not having a DRP (especially in this IT job market).

        You should do some research into companies that succeeded or failed due to a disaster (9/11, fires, floods, etc). Present a report to the executives that estimates how much a DRP would cost to implement and then include the failures and successes of other companies (highlighting the failures, of course). When management sees the risk of not having the DRP (which should translate into the risk to their own jobs), they should take a different approach. As mentioned in previous posts, if your company is public, then show them the Sarbanes-Oxley requirements and the risks of not following the law (they will be personally responsible for any losses by shareholders).

        • #3308744

          Why does that matter?

          by boomslang ·

          In reply to Doesn’t help if company goes out of business

          If you have no money invested in the company and they don’t want to do anything about it, you are merely out a job. Document that you had the discussion and be prepared in case of disaster to have a lot of work / find a new job. It’s their responsibility, not yours. Sounds like you are working in a private company, in that case, often insurance is and will be the only disaster recovery plan. There isn’t always a lot of free capital running around to do more than the day-to-day business and incurring the extra expense of interest payments is something the owner doesn’t want.

      • #3308755

        Yeah, but……

        by danag429 ·

        In reply to The answer is simple…

        That’s all very well and good if all you are concerned about is personal liability. You can CYA until the cows come home, but if the company goes south, what do you do for money?

        At least if you document your attemts at communicating, you won’t be held liable!

      • #3308738

        Get it in writing as well…

        by soundy ·

        In reply to The answer is simple…

        “If your boss is advised about a potential disaster for example with THE SERVERS, and he/they don’t want to invest in it because “it’s too expensive”, all you have to do is wait. I know it’s difficult, but a disaster CAN really happen, and if it will, then all you have to do is “I TOLD YOU SO”, and they will certainly give you reason.”

        Cover your ass on this, too: write a report (or use one of your existing ones) on why DR is needed, etc. etc. outlining the needs, potential consequences, loss of business, and so forth… even use a specific example (“Here’s what would happen if a madman with an Uzi attacked the servers…”) — and GET THE BOSSES TO SIGN OFF ON IT. Get their signatures to prove that they’ve read it. Even add a line to the bottom, “We the undersigned have read this document and decided to ignore it. “.

        That way, they can’t come back afterward and claim you never told them, didn’t make the dangers clear, blah blah blah. You have the proof that you informed them of the dangers and they chose to do nothing about it.

      • #3294650

        Why wait

        by mr.jones ·

        In reply to The answer is simple…

        Why not cause a ‘controlled disaster’.

        Pick a small service/server and, after checking backups exist AND work etc.. take the server down, tell management that the power supply has blown and that it would take a day to get the part fixed or the server/service back up and running.

        Then point out that this could have been avoided if a proper DR system was in place. A spare power supply could have been installed and the server would have been up and running in 10 minutes. A full days work would not have been lost if there was a $100 part in your cupboard.

    • #3308854

      Define “sell”

      by bucky kaufman (mcsd) ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      To “sell” management on anything, all you have to do is present the case. It’s then up to them to choose.

      You probably meant “get them to accept” DR. That’s a little harder – because the chain of command goes the other way.

      Once you’ve made your pitch(or several pitches), and they’ve turned it down – you’re at the end of your road. You just gotta accept that they’re not gonna do it.

      Just make sure that when iGod smites them, that you have your own personal DR plan.

      • #3308850

        Travel Agents

        by glitcha1 ·

        In reply to Define “sell”

        I have a travel agent client who was told by the last consultant “don’t need DR”.

        They lost 14 months data, and where I’m from, they have to be audited once a year by an external government agency. They missed their audit and were fined. Not to mention 3 weeks down time (at about $70000 a week turnover).

        Now they have UPS, full system backups, secure offsite data storage, online data backup AND a fully redundant server.

        All for less than they lost in one week!
        —————–

        To answer your problem, they need to be given the facts about it, don’t try to sell a dangerous environment, tell them gently that they need to consider what would happen if all of the computers were not useable for a week. Try “I’ve been researching what we could do in the event of an IT disaster, and I have some ideas. I need your opinion on what would we could implement here. Some of the case studies I’ve read a pretty nasty. When do you have time for a discussion on it?”

        ————————–
        Apart from that, you just have to maintain *your* interest in DR until they too are interested.

        Just keep bringing the subject up, and they will eventually ask you about it like it was their idea.

        • #3295095

          Not if, but When

          by bucky kaufman (mcsd) ·

          In reply to Travel Agents

          re:
          tell them gently that they need to consider what would happen if all of the computers were not useable for a week.
          —–

          I tend to disagree because this hasn’t worked for me in the past. That’s because they don’t believe it will happen.

          Instead, tell them WHEN it’s gonna happen.

          For example – grab the stat of how many PC’s get infected with virii and thell them, “in the next 12 months, x number of PC’s will become infected.

    • #3308841

      DR planning is inevitable

      by mohit.harbola ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Let them remind of the Business Continuity Planning that companies located in the World Trade Center at Manhattan had done before going out in flames on the now infamous 9/11.
      But for the DR planning,the companies would have shut their shops by now and mind you,many of those companies were Fortune-ranked companies..and they still are.
      Any forward-looking company today has to have a plan for Disaster beacause no place on this earth is under no-disaster warranty.It’s always better to be proactive than react to things that are not in control any more.

      Thanks

      • #3294540

        9/11 WTC Lessons

        by jtnieves ·

        In reply to DR planning is inevitable

        As much as I hate to keep repeating the 9/11 mantra when discussing BC&DR planning, your post dragged me back to it. (Damn it.)

        In your post, you state, “But for the DR planning,the companies would have shut their shops by now and mind you,many of those companies were Fortune-ranked companies..and they still are.”

        And on this point you are absolutely correct. In fact, some of the Fortune 500s were ready to do business the next day if not for the markets being closed for a few days afterwards.

        But there were many businesses and organizations that shut their doors or could not continue operations because of improper BC&DR planning. In fact, when 7 WTC went down hours after the twin towers collapsed, the FBI and Secret Service lost the only evidence they had in some pretty major cases. The result was that the cases against some bad guys were dismissed due to lack of eveidence. It’s an embarrassment and travesty all private, public, and government concerns could learn from. Unfortunately, many still have not.

        My advice to the original post — do a business impact analysis and show managementin broad, beautiful “Powerpoint” colors what the cost (cha-ching) will be their company for NOT having a strong BC&DR program. You would be wise to enlist not only the Accounting group in your company to help develop this analysis, but also enlist the help of your company’s auditors and legal counsel to further highlight the risk of “doing nothing.”

        We all know the consequence of doing nothing with regards to BC&DR planning. 9/11 is proof enough. But now you need to convince management that their NIMBY-ism on this important “operational” facet is very short-sighted.

    • #3308839

      Stage a disaster drill.

      by myron_s ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Try something. Companies have fire drills where all the staff have to evacuate the building, so bo business is done.

      How about demonstrating the problem to the execs (with their co-operation) by downing the servers for a short while and let the execs see that problems are caused and how the company manages. At least in the disaster drill all you need to do is just turn the servers back on.

      There is another more sinister reason. What if the boys up-top think that the insuraqnce can cover the lost profits, or what if they don’t actually care if the company dies. Besides, I suspect they are not “strapped for cash”.

      • #3296140

        Disaster Drill or Disaster

        by sharkoboy ·

        In reply to Stage a disaster drill.

        Defining a disaster drill in real time applications is in fact defining an operational recovery method. Prior to launching a drill a well defined recovery method should be well engineered with a post, primary, secondary, and possibly a trinary recovery system to be incorporated into routine schedules. In fact making recovery an integrated phase of daily operations would be wise preventive maintenence. An ounce of prevention is worth twenty pounds of cure.

    • #3308837

      Selling DR

      by rajwar2000 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      NECESSITY IS THE MOTHER OF INVENTION
      If the company is reluctant to invest $$, the best way is to create a detailed report yourself on not only the what-if scenarios also the business losses in case of Disaster.

      1) What about the reputation of the company?
      2) By investing on DR, will you gain any prospect with you customers as you will stand better with competetors.
      3) If the real objective is to have some basic DR in place, try to work out what is possible within your limits.

      Hope this helps in some way.
      With regards,
      S.raj

      • #3308820

        Try the 911 potion

        by th7711 ·

        In reply to Selling DR

        Lots of good ideas/points from others. And you can try to sell with the best example, 911 (the tragedy of World Trade Center) or NY black out. Then compare with the lost and expense.

    • #3308832

      Is it worth to be DR prepared?

      by danbl5 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Hi,

      I’m a seniour system architect and I have more then 10 years of experience with DR planning and implementation in huge telecomunication companies, all over the world.

      I’m trying to answer your questions not from the legal aspect, neither from the technical one, but from the cost perspective.

      Having a DR solution costs a lot of money. Once you have a DR solution in place, keeping it running is an additional cost, in human and technical resources. In simple words, if your company sells a product of some kind, its price will have to go up if you implement a good DR solution. An exec. has to ask himself what is the potential loss if there is no DRP in place, against the ongoing cost of a DR solution and its impact on the products he/she sells.

      In my oppinion, the only way to sell a DR solution to an exec. is to come up with a business cost analyses of being DR prepared against not being prepared. Risks can be translated to costs, human resources as well, legal aspects are more problematic, but in the end all aspects can be translated to short and long term costs, in some way or another. Even losing one of your big customers because you do not have a DR solution, has a price tag on it.

      Let me give you an imaginary scenario: suppose company “A” was very successful for years, but lately it is in a bad position and has a lot of debts to banks, suppliers, etc.. It is not clear if it will be able to close these debts at all. If a DR happens (especially one that can be defined as “act of God”, like a heavy flood), the company will simply “disapear” and no one will have to pay the debts. I know it is not that simple, but what I’m trying to say is that for many companies a DR might be a better way out than paying ongoing money to be DR prepared.

      And a last piece of advice: I suppose your company uses equipment from known vendors. Every big HW vendor is willing to provides a certain level of DR analyses & advice for free, so there is where I would start.

      • #3308817

        The way DR was “sold” for me

        by doctordisk ·

        In reply to Is it worth to be DR prepared?

        About ten years ago I was called in to fix a minor problem in the data centre of a large well-known international insurance company here in Hong Kong. While I was there a young lady, having finished her backup ejected the tape and placed it in a cardboard box adjacent to the server in the server cupboard. I went and checked and discovered that this was the one and only tape that this company possessed.
        I immediately spoke to the boss and pointed out that a fire in the server cupboard would leave him with no backup and no possibility of continuing in business. He brushed me off with a comment like: “Who’s ever heard of a fire in a high rise office building?” This was on Friday afternoon …
        Early Saturday morning I received a panicked telephone call from that self-same boss: the floor below theirs had been completely gutted by fire during the night and this morning they have no network … please come and help.
        When I arrived there, I noticed a certain amount of smoke damage and some charred skirting boards. The network cables were run through the skirting boards and had been burnt through. The server was okay, the backup tape was okay, but the charred skirting was less than a foot from the server cupboard. Water from the firefighting had soaked the carpet to the very door of the server cupboard.
        Within the hour I had them in business by laying a temporary Ethernet cable straight across the top of the carpet until the “real” job could be done on Monday.
        Within the week they had a complete set of backup tapes stored in the company’s fire-proof safe at the opposite end of the building from the server cupboard, including one tape which had to be taken home by an executive every night.
        There’s nothing like a real scare to wake these guys up!

      • #3294537

        Yes, it is….

        by jtnieves ·

        In reply to Is it worth to be DR prepared?

        I don’t know what part of the world you’re from, but here in the US, an “Act of God” that destroys “Company A’s” business will not excuse them of their debts, particularly if those debts were incurred prior to the Act.

        I’m not a lawyer, but I know enough that if “Company A” owes me money and their operation goes in the crapper because of a disaster, I can pursue legal action against the principles of said company to recover what I’m owed — even if it’s but a fraction of the original debt. In short, the principals of Company A are still liable for the debt and in some cases, “personally” liable if the disaster was the result of negligence.

        To make a long story short, any business owner/manager who rationalizes away BC&DR planning in the manner you describe needs his/her head examined or thrown out on their proverbial asses.

        • #3294509

          Can it be that DR is only a fashion of our time?

          by danbl5 ·

          In reply to Yes, it is….

          Yes, I know that in US the laws are quite strict, and probably better this way. But remember that, on one hand not all companies are public, which makes them harder to sue, and the rest of the world does not have laws strict as in US.
          But this is not the point.

          First, we should distinguish between BC and DR. I would expect every company to have a BC solution, but BC is way cheaper to implement and to maintain then a DR solution.

          Second, I’m not saying a DRP is not necessary. After all, most of my income comes from planning DR solutions. But even thou I make a living out of DR planning I still try to be a “trusted advisor” to my clients and not only take their money, so what I’m saying is this:
          – The IT people tend to see only the technical aspects and risks; they are not always “allowed” to see the bigger picture as the management does. An IT has to accept the fact that there are additional reasons to the way a business is run, not only technical aspects.
          – In the end everything is about money. I always advice my clients to implement a DR solution, but I advise them to make it as simple and as cheap as possible according to their critical business needs.
          – A good insurance is a perfectly good solution, as long as the owner of the business is aware that he might not be able to reopen the business in the future but only pay his debts and damages.
          – And to the fashion aspect: neither my parents nor my grand parents had a life or a house insurance and they lived well without it. So why do I have both? Is our life more at risk these days? No, the longevity today is way longer than 100 years ago, the houses are build much better, so why do we pay for life and house insurance when many generations before us lived well without both? One can ask the same question about DRP.

          Again, I’m not saying the DR is not needed, I’m saying that one must consider all aspects of a business not only the technical ones.

    • #3308819

      Take The Initiative. Become the “Hero”

      by mobileit ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      This will only work if you have some level of control over your own operating budget, and some middle management powers over your own department. But, with careful setting aside of a bit of your operating funds you can start your own DR contingency, even if its at first as simple as mirroring your backups and storing them in a secure offsite facility (even a safety deposit box will do in the short term).

      It does carry some risk as the Execs might question why you are allocating some of your funds to such a venture, however so long as you can demonstrate to them that it carries little or no impact on their profit margin nor your operations they may be inclined to leave you alone. A project started is less likely to be shot down than a proposal.

      Also, in the rare event that something dramatic does happen to your assets, you then have the enviable ability to become the “hero” when you save their butts by presenting your carefully stored backups and spares. You will see that suddenly you have gained some Exec converts..

      • #3308801

        Do it Yourself – what you can

        by unixdude ·

        In reply to Take The Initiative. Become the “Hero”

        I agree with most of the previous comment, but lets go a little further. First get the backups offsite. Take them home with you, arrange to store them at a friends workplace, etc. Second, get some parts or an old unused server and get it functional.. it will never be what your current servers are, but if it works at all, it is the difference between saving your business and losing it. Test it periodically to make sure yiou can get it up from the latest backup. Take it home with you, store it at a friends workplace, or arrange a reciprocal DR storage with another company for free. There will be no glory or heroism coming from management, just your own sense of pride. And you might still have a job.

        • #3294735

          Backup Core data/systems if possible

          by pipe guy ·

          In reply to Do it Yourself – what you can

          Every company has spare computers that come out of service for one reason or another. Build a NAS out of one of these machines with a few harddrives. Its not the way it should be, but if you manage to do regular backups to it with the core data and any software programs that your company needs to survive. Do it. It doesn’t matter if its half baked or if anyone knows about it or not. When the core systems fail…. and they will, they always come back to you to get it up and running again. You will be responsible for rebuilding the system so anything you can do to make your job easier… like a complete backup…. will make your job easier. If you have a backup from yesterday or last week everyone will be happy. Of course if its from 6 months ago your better off not having it! Since part of an IT guy’s job is to play with technology. If anyone asks about the box you have in the corner that you carry home everyonce in a while… just say you are evaluating Linux for a corporate application.
          But to recap… no matter what anyone says… you will be the guy fixing it eventually, so prepare yourself and do what you can. Even if you have a fully budgeted DRP it sometimes isn’t enough.

      • #3308774

        This will only set you up worse…

        by scubaboy ·

        In reply to Take The Initiative. Become the “Hero”

        Having any level of DIY disaster recovery will likely turn around and bite you on the butt. You cannot implement a proper DR mechanism by yourself, and when the execs see that you can do it yourself, you have NO hope of getting a real system into place. It’s all about the money.

        If you do little things like taking the backups offsite, etc, all the execs will see is that they are covered. They will not see the need to pay for a proper DR plan, since you seem to be doing just fine doing it yourself.

        As I said in any earlier post, if I were you, I would get out unless you get the funding you need. For your professional existence, it is a bad idea to implement half-baked solutions. So you take a tape offsite, so what? Are you aware of the failure rates of tape when you try to restore? A very scary percentage.

        At least when the failure happens now, you can point to the fact that there is no DR, and you tried your best to get a DR plan in place. Maybe you keep your job, maybe not.

        But if you do little half-measures that in the grand scheme of things don’t actually provide disaster recovery, you will look twice as incompetent when it all falls apart. Your pathetic attempts to provide a little security will be interpreted by those that don’t know better (e.g., the execs) as blathering incompetence. Once the crash happens, they will talk to other IT experts, and eventually it will come about that you didn’t know what you were doing. Goodbye current job, and have fun dealing with the reference they would give to another potential employer.

        So don’t give these execs ANY false sense of security. Little DIY projects in this area will allow them to justify in their minds that the company is safe, and doesn’t need to invest to do it right. As the adage goes about pregnancy, there no such thing as being half-prepared for Disaster Recovery!

        • #3296056

          So do you let it fail, and say “told you so”?

          by mobileit ·

          In reply to This will only set you up worse…

          I am not sure what course of action you are recommending. Would you advise he do nothing and let the system fail? How would that make him appear any more competent than if he were able to recover, even partially, some of their empirical data?

          I am not suggesting he proceed with a “band-aid” solution within his budget and means, and advertise that fact. That should be for his own piece of mind. He should certainly continue with his “official” proposals to the Executive, along with statistics, case studies and examples of what other ‘successful’ companies have adopted, along with cost estimates. He should also continue to document the responses.

          In my situation for example, a policy of simply letting a system fail with no plan for hardware or data recovery is not only unacceptable, its downright dangerous for the personnel I serve with in operational theatres! Let the politics be sorted out afterwards in the inqueries (where the documentation comes into play).

          At that point, if it turns bad and they try to turf him, he might very well have a “wrongful dismissal” suit on his hands. But I don’t really think it will come to that.

    • #3308813

      Disaster Recovery Options

      by johnhood ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      You may try to get some free advice from several Disaster Recovery companies that will come in and evaluate your systems and propose disaster recovery options.
      Another way is to look into disaster recovery information exchange groups locally that offer free seminars and free advice on disaster recovery.
      Both of these options can be researched on the internet search engines.

      • #3308807

        recovery disaster

        by aequitas1211976 ·

        In reply to Disaster Recovery Options

      • #3308804

        Reply To: How do I “sell” disaster recovery to the exec’s?

        by chinrich ·

        In reply to Disaster Recovery Options

        Sounds like you have quite the entrepreneurs that you work for. This is a really good thing but in this case I can see how it is troublesome.

        Here is a simple tip, a possible new way to approach your problem. This is not a psychology or philosophy but just another way that you may address the problem to get results.

        It sounds like they are very much looking for possibilities and opportunities to improve their business. Typically when people opportunity minded they are sometimes called “moving toward” style. And when they are cautious and looking for ways to stay proteced they are “moving away”.

        I suggest this, approach the problem by connecting the problem to their “moving toward” mind set. Approach the problem like this.

        If a distaster hits and wipes out %X percent of our functionality, we will not be able to sustain the positive growth we have over X amount of months/years without a distaster recovery plan to get our shop up and running again.

        Avoid talking about loses at first until you see them bite on what you are saying and it begins to sink in. Then I think you can freeling talk about all they will lose as you will have a captive audience. But watch their expressions and reactions to be sure.

        Try it, hope it helps or leads you in a better direction.

    • #3308805

      NYSE Rule 446; SOX, BASEL II; BS7799

      by zthr2000 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      BUT PRIMARY RESON IS THE DEFENSE OF COMPANY IMAGE, as that’s first thing to think bout and defend with a good BCP/DRP. Just look at the Coke, what they sell is themselves,their name, image. Everythign else is secondary in comparesment to that. So your CEO and his managers are in general stupi* jerkof*s if they are playin with company image, as without him, there’s no money, no good loans, no invesment, and the bancrupcy is just a question of whan, not the if subject. Rule 446 is all bout image, it demans from any company present on the NYSE to have functional BCP! While DR is a (primitive form) base on technology, Business Continouty is based on (business) processes. There’s also SOX to think bout, and brr Basel II in 2006. >If your company is a client of one from the top 20 US banks, within EU all the banks will become forced to accept Basel II from 2006. In general 446, Sox and Basell II demand BCP/DRP/Operational Risk Managment in the accordance with ISO 17799 (BS 7799) standard.
      To cut the cra*, it’s not up to you to do anything, as you would not be held responsable for anything if shi* happen. Likely company brass will end on the NYSE “black list” (read as no jobs anywhere in the States, likely in the world also) if they are stupid nuff to ignore 446. just say 446 few time, and you’ll get nuff money, time understanding or support, belive me! If not, please get off corporate Titanic before 2006, and Basel II iceberg.

    • #3308803

      Been in your position — Get Out Now!!!

      by scubaboy ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      I have been in your exact position, as the IT MAanger for a very large engineering firm. Upon taking the job, I too realized that there was no disaster recovery whatsoever, and even though there were 30 NT 4 servers, everything went through a 7 year-old Novell server. Sporadic backups, no off-site storage, the whole thing.

      I did everything I could to get the suits to see why this was so frightening. The amount of money needed to fix it was insignificant for a company this size. I did innumerable presentations, stressing everything from ROI to the company’s image with other large firms. Nothing worked.

      So guess what? The sprinkler system in the server room (yes, some Einstein put sprinklers in the server room) went off. Novell server: destroyed. About 1/3 of the other 38 Linux/NT servers also bought it. Horrific damage. FIVE WEEKS of day and night attempts to get back the data they didn’t see the need to protect. In that period alone, this little adventure cost the company over $2 million in lost productivity and business.

      And the final upshot? Who do you think that the executives, the ones who would have nothing to do with DR, blamed? Yep, me and my staff. They blamed the whole thing on us, and fired all of us. They told anyone who would listen that their problems were all due to incompetent IT staff.

      And how did the company do? Even though the venal little men blamed everything on us, the company never recovered from the flooding. Nearly 90% of the staff in the Washington office (over 300 people) ended up getting laid off, and the company’s reputation as a PROFESSIONAL organization was obliterated.

      So get out now, or be prepared to be the goat. As soon as something happens, it will be your fault, and then you’ll have a jolly old time getting that next job when your current employer blames YOU for EVERYTHING.

      In the words of King Arthur in Monty Python and the Holy Grail, when faced with the catapaulted French return of the Trojan Rabbit: “Run Away!! Run Away!!!”

    • #3308799

      Why don`t you…………………….

      by aequitas1211976 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Hi,
      just put a screenshot “like Windoows bluescreen” as backround on an important server.
      Before you do this copy an important file
      to another saved place. They will see a bluescreen
      you have to boot the server….put sreenshot away and told them that this important file is away. Do this 3 or 4 times a day and after they`re back from hospital told them how important a Backup is.

    • #3308797

      Update your CV

      by bc planner ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Exec’s are in the unique position of having an intimate understanding of the corporate financials. They may also percieve that they are successful “risk takers” therfore capable of handling any disaster. You must talk to them of more than the threats; i.e bad weather, terrorist attacks, etc. You must present them with the business impacts of such events over varying periods of time; i.e lost financials after 1 day, 5 days, etc.

      If you are still unsuccessful try to get them to send you to a DRI International training course (www.drii.org), then update your CV and start looking for a new job.

    • #3308796

      Crux of the issue

      by mail23 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Hi Tom,

      A few years ago I did some work for a government client in this area. There are resources out there, free online stuff or inexpensive books that can help you with making an actual plan.

      But the crux of the problem is that one person cannot make and implement a proper DR plan themself – it’s impossible. Just to create a workable plan requires a good deal of interaction with many different people in the company, as DR encompasses not only dealing with recovering your phyical systems, but in having contingency plans for getting the whole staff back to a working state, much of which is not directly under the purvue of IT, but which must be part of a workable plan nonetheless.

      Additionally, the managers of many different departments must have an understanding of any proposed plan and be willing to implement their end of it and sign off on the plan. A proper DR plan not only must exist, but everyone involved in it must be “trained” for it, have copies of it, and know what their responsibilities are.

      You might come at it from this angle with management, and explain that not only can you not recover IT with no support\budget, but that the rest of the businesses operations must tie into a DR plan as well, and none of this can happen without support from the executive level.

    • #3308793

      Ticking Timebomb !!!!!!!!!!!

      by debon ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      TomSal I sense your frustration and I suggest that you take steps to “Cover Your A$$”. To do this you need to prepare a detailed report which serves not only to states your concerns but also as a permanent record. Am not sure where you fall in the corporate structure but you need to send this report to your boss immediately. If your immediate boss is the CEO then its even better for you.

      In this report, list and explain ALL the things that need to be done e.g. offsite storage of backup tapes, Uninterruptible Power Supply issues, disk mirroring etc. Remember, list EVERYTHING that needs to be done to take care of disaster recovery and business continuity. Together with this you should include the cost associated with setting up and maintaining the process. Additionally, from the company’s monthly income calculate a rough daily figure (this represents the daily loss in the case of downtime), am not sure what type of business your Company is in but you said your boss advised a potential customer that insurance will take care of disaster recovery. If s/he intends to make a claim for downtime am sure that your insurance premiums are extremely high. It may also be a good idea to check to see if the insurance policy actually covers downtime and if so research the conditions specifically stated in the policy. Also include the reduction in premium payments as potential savings when the DR procedures go live. Further, mention the potential law suits if your Company is unable to service customers owing to downtime. Sometimes we think of disasters as simply being “Acts of God” but that is not necessarily the case, one of your disks can just die without warning and Murphy’s Law states that it will be the most important disk that dies at the most inconvenient time. In situations like this, a RAID controller with the right level of redundancy would allow continuation without even missing a beat, however without it there can be days of downtime as new disks are bought, formatted, software reloaded then there is the business of lossed data and resultant inconsistencies in the database and the cost and effort required to rapair it and even so, there is no guarantee that all the errors will be fixed on the first attempt etc.

      Generally speaking, ensure that you spell out the cost of setting up and maintaining a reasonable DR plan over say a 3 year period and compare that with the potential costs of not having one (be sure to include potential law suits and the harm that can be done to the good will associated with the Company’s name and reputation). Also if they insist on keeping the server room at ground level at least try to get them to pay for some raised floor panels, say about 2 to 3 feet in height.

      If all this fails my friend, I don’t think you want to be around when the “$hit hits the fan” as am sure some person(s) will be fired for dereliction of duty and you don’t want it to be you.

      I must state that I have honestly never seen such a cavalier approach to disaster recovery before, especially by top executives.

    • #3308792

      Stop fighting it, move on!

      by bryce white ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      DR is only one of countless business concerns that a lot of Senior Management just doesn’t get. My guess is that while your compnay (a a host of others) has a CEO, CFO, COO, maybe even and EIEIO, you don’t have a CIO. If you do he should be fired.

      My advice? Give up! CYA with a great paper trail (sounds like you’ve already done that), and get the hell out!!

      Been There

    • #3308791

      How to “Sell”

      by joekool24601 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Your company is just like every other company- they are simply more honest with you. Such execs are valuable assets to a company. They don’t need to be sold on DR, but rather simply need to see its value and to be educated enough to answer questions like the one posed by your pharmaceutically involved client. Explain that not having the infrastructure in place to bring the company back up quickly is something that a prospective client will see as a risk to their investment (This should trigger something deep within their decision-making process). I wouldn’t try to go as far as a zero-downtime solution, but I would recommend asking your execs to spend a modest amount on off-siting your backups weekly or monthly- as well as prioritizing a cash pool in case you need to replace all of your hardware. I would also choose one of them and spend an hour or so with him to explain what systems are in place so he can either answer clients’ questions, or at least be knowledgable enough to refer them to you.

    • #3308789

      Reply To: How do I “sell” disaster recovery to the exec’s?

      by dohenderson ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      deliberately crash your system yourself, but not before you have done your backup.

      • #3308786

        Follow This Advice and You’ll Go To Prison!!

        by scubaboy ·

        In reply to Reply To: How do I “sell” disaster recovery to the exec’s?

        Very idiotic advice. Intentionally crashing your systems is corporate espionage, and you will GO TO PRISON. Do not even think of taking this inane route.

        As Forrester will tell you, the average cost for corporate network downtime is $85,000 per hour. That’s $1,417 PER MINUTE. So while you are trying to “make a point” with this childish action, it will cost A LOT of money while you are restoring from tape. So even if this stupid plan works from the standpoint of actually successfully restoring from tape, you will cost the company tens or hundreds of thousands of dollars. And even though the company won’t pay for DR, they will possibly pay for someone to figure out why the crash happened — then guess who gets to ride in the back of a nice squad car? And who will get to pay restitution? And probably face a nice, lengthy prison stay? Hmm, I wonder…

        As the others said, update your resume and get the hell out!!!

      • #3294552

        Oops!!!!!!!!!!!!!!!! Bad Bit Of Advice!!!!!!!!!!!!!!!

        by debon ·

        In reply to Reply To: How do I “sell” disaster recovery to the exec’s?

        TomSal am sure he’s just joking so please don’t even consider this. Dohenderson I think you are really a very funny guy.

    • #3308778

      How big is it?

      by ldick ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      What is the size of this company? Unless I missed something, it appears you are talking about a private company.

      It seems to me that these guys feel like they can just take the money and run if the company is leveled–they don’t care.

    • #3308772

      Forget DR – sell BC

      by jglenncrp ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      First, forget Disaster Recovery; sell Business Continuity.

      How to sell Business Continuity?

      (a) Determine what KEY BUSINESS UNITS (KBUs) generate revenues for the organization. IT usually is overhead; it is a critical resource but does NOT generate income.

      (b) Get with the Finance people and ask if they can provide some revenue/cost information – how much revenue is generated daily due to the KBUs? How much is lost if the KBUs can’t function – loss of revenue plus all overhead costs = loss.

      (c) Prepare a sho-n-tell for management showing that if something – ANYTHING – occurs which interrupts “business as usual” there will be a financial price to pay. List /some/ of the things that can go bump in the night: environmental (weather, floods, tornados/quakes, fire, etc.), technology (IT, power [to phones, AC, copiers, etc.], communications, etc.), “human” (work [in]actions, vendor failure, accident, illness, someone “going postal” and more).

      EXPLAIN to management that BUSINESS CONTINUITY is a process which (1) identifies critical business functions, (2) identifies risks to those functions (both internal AND external), (3) rates the risks’ impact vs. probability, (4) finds and recommends to management means to avoid or mitigate the risks, THEN, based on implemented recommendations, (5) creates business continuation (maintain minimum level of service), (Disaster) recovery plans, and personnel awareness & safety training, along with (6) plan maintenance and (7) on-going training exercises.

      BUSINESS CONTINUITY (which has DR as a “sub-set”) is akin to insurance (which the organization should include as part of the plan) – it is a “necessary evil” if the organization hopes to survive a disaster event. If your organization lacks a Business Continuity plan and the competition has a plan, your organization could quickly lose its client base to the competition.

      BUSINESS CONTINUITY IS MORE THAN TAPE BACKUPS.

      For more on Business Continuity, visit http://johnglenncrp.0catch.com/ – it’s all free.

      • #3308756

        Excellent advice

        by mjo42 ·

        In reply to Forget DR – sell BC

        JGlenn is right on the money (partial-pun intended). One of our company’s founding partners said, when asked about DR, “I’d collect the insurance and retire.” We already knew that our company loses 100k/hour when systems are down, and that we could absorb 2 days max. He didn’t care that hundreds of people would be out of work.

        Well, a new CIO came in and ran the numbers, and showed the partner that total disaster insurance would only cover the debt created by going out of business… and that it wouldn’t cover all the breach-of-contract suits and other legal costs. It quickly dispelled the illusion of his “safety net.” His retirement made a great target.

    • #3308768
    • #3308761

      Attitude flakes for breakfast…we don’t need…

      by wdickerson ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      I worked at a Casino implementing the OS and
      Network Admin. No backup, no ups backup, no virus
      protect. I tryed to convince a minimal DR system
      to General Management. They had attitude flakes for breakfast. ” If it does not make money for
      the casino we do not need it.” On my first day of the job, the General Manager’s secretary pc
      crashed’ (Friday the 13th virus electronically
      destroyed her pc unrecoverable.) The General Manager immediatley put my basic DR plan in
      effect. He was very interested in a full DR
      system. It was a shame a part of his staff
      suffered for it. At least he relized what if that
      was the entire casino? I suggest to keep pushing
      it. Document any DR scenarios within your
      environment. Inadvertantly shows up on the CEO’s
      desk. If you can convince one manager “why” it
      can spread like a virus to other managers. “Hey,
      we really need this!” Call/attend staff meeting
      to address the new DR scenarios in other business
      environments similiar to yours. If the worse happens and they point fingers your documented DR concerns say “I told you this can happen!”Good
      luck.

    • #3308759

      Disaster Recovery Journal Stats

      by scubaboy ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Here is a link to a page with some good, frightening DR statistics. Be sure to look at the charts for average recovery time and disaster causes – very, very useful info.. Maybe even your silly bosses would understand some of these numbers…

      http://www.drj.com/new2dr/stats/stats.htm

    • #3308749

      Use the laws!!

      by ian mclaws ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Hi There,

      Depending on where you live, the issue of having a valid, comprehensive DR plan is probably decided by law. In Canada, according to CCRA regulation #IC78-10R3, any company that keeps electronic details, data, or client information MUST have a tested DR plan in place. In the US, the Sarbannes Oxley act states that a DR plan must be in place, tested and verified. I would assume that as soon as your company’s directors realize that they are personally liable for the proper compliance of these laws (and can actually go to jail if they are found non-compliant) they will stop fighting your efforts to be compliant.

      I understand that many other countries are also adopting the stance that a valid DR plan is required by law, as well. If not, it is only a matter of time.

      Here in Canada, the banks and financial institutions are just finding out that their insurers will not pass them in their audit without a valid DR plan. This is causing a big boost to the DR business throughout the country. I would expect the same world-wide.

      Good luck,

      IanM

    • #3308742

      I think its less of telling

      by gentlerf ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      I think its less of telling them and selling them than getting them to answer pointed questions on who is fully insured, how long that “fund” of insurance money is going to last, how long to rebuild the business (if it ever gets rebuilt), and what happens to them if the business cannot be rebuilt.

      I am surmising that the potential pharmacy chain client went elsewhere for whatever services your firm provides to the existing client base. If the execs just shrugged their shoulders and went on doing their other tasks despite the client loss, I would begin thinking of quietly exploring new employment options. The firm you are with is a sinking ship just waiting for the torpedo to hit it. One option might be to set up a competing company with all the DR safegaurds in place and woo those clients who are a bit nervous about dealing with a company which has nothing except “insurance” as its “protection.”

    • #3308741

      Use some reality check

      by gaston nusimovich ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      In my humble opinion, you will go nowhere if the risk issue stays in a “theoretical void” for your beloved execs.

      Some kind of drill might serve as a needed reality check for them. They need to “feel” the pain of disaster in their own turf to fully realize what you mean.

      The drill that could make the trick must be both realistic and cause major damage to the areas that affect their side of the business. This has to be a drill, and not a real event, but it must feel real enough.

      I hope to be of some help with this simple idea.

      Good Luck !

    • #3308739

      Baptism by fire (not literally… maybe!)

      by soundy ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      So cause a disaster. Then rake in the overtime fixing it while the execs sweat. Repeatedly tell them how this all could have been avoided. Make sure their bosses know (everyone has a higher-up somewhere, whether it be the shareholders or the owner’s significant other) too, how it all could have been avoided, if only the execs had listened to you.

    • #3308722

      Keep Your Resume Up to Date

      by shay_in_denver ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      The scenario you’ve described is one of the symptoms of a company whose top executives (and possibly its Board of Directors) are secretly in business for themselves. They’re awarding each other honking big compensation packages or funding their retirements with kickbacks or manipulating stock options plans. Or all of the above. What they aren’t doing is fulfilling their fiduciary responsibilities toward the stockholders by ensuring the company’s long-term health. Companies go on like this for years (see “Enron”) but eventually they implode. Maybe I’m too cynical. Your management may just be a bunch of lunkheads. Either way, crooks or dumbos, CYA by making sure all your concerns and warnings are in writing and keeping copies off site.

    • #3308714

      Get dirty

      by oichie2004 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Play them at their own game, take a not so critical server offline (ie email) and see what happens. i did this at a previous employers and they got the message pretty quickly.

      As for the “If it doesn’t make us money we don’t want to invest into it!” attitude, how much money can they make if they can’t work?? how much is it going to cost them to have all their staff sitting around doing nothing or even going home??

      You could try getting some eval software/hardware and show your bosses some practical demonstrations of how their investment can save them money in the term. Have they heard of TCO??

      • #3294771

        No wonder you did this at a “previous” employer

        by scubaboy ·

        In reply to Get dirty

        Please ignore advice given by people that are, for lack of a better term, IDIOTS.

        Any IT person that would willingly and knowingly take ANY production server offline “to prove a point” gives all of us a bad name and destroys any level of professionalism. It is illegal, it is unethical, and it is just plain wrong. The fact that some mongoloids that post here recommend this illegal action makes my blood boil.

        Get your situation fixed, or get out. Do not do something as asinine as to take a server offline, etc. You will do nothing but destroy your career and your reputation.

        The fact that there are multiple people on this board that are recommending that you do something so unethical is very illustrative of why GOOD computer geeks are so unappreciated. We get lumped in with complete a**holes like oichie2004, who decides he/she is so clever as to take the well-being of the company into their own hands and “prove a point” by doing something so completely idiotic as take a production server offline.

        And to you oichie2004, McDonald’s is hiring. You are obviously completely and utterly unqualified to have a real IT job. I don’t know if you were not raised to know right from wrong, but the fact that you did this to a former employer speaks volumes. How lucky your new employer is to get you!

        You had better sweat for a bit, because the statute of limitations for corporate espionage (knowlingly taking a production server offline for no legitimate reason is an act of corporate espionage) goes for a number of years…. I hope your former employer reads this! If they know that you did this, and they did not prosecute, then you need to go back to that job — they are as mentally and ethically challenged as you are!

        And don’t identify yourself in a dark alley to any REAL computer geeks — idiots like you are the reason the job market has been tight, even for QUALIFIED, PROFESSIONAL, ETHICAL people. Stupid a**holes like yourself call into question the value of IT staff at all.

        Sorry for all the venom, but if you feel the desire to post something so illegal and unethical, please refrain and STFU.

        “Better to remain silent and be thought a fool, than to speak and remove all doubt.”

        You spoke enough already oichie!!

        • #3294649

          Absolutely!!

          by chriswh ·

          In reply to No wonder you did this at a “previous” employer

          … and he probably treats his kids the same way when they misbehave!
          The first barrier we have to overcome with clients/employers when selling concepts like DR, especially new ones, is credibilty – which is continually be challenged by the likes of the oichie2004 type.

    • #3308713

      Activate your network…

      by bruce_erickson ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      …your job search net, that is. Guess who will get the blame when ‘it’ happens? Yes, you. Buff up your resume and start looking. These guys will never understand that DR IS an investment. Sorry to be so dark, but 3 years! Give it up and look for a job without a dead end.

      • #3294758

        Halleluiah! Halleluiah!

        by scubaboy ·

        In reply to Activate your network…

        Get a headhunter, have a non-geek critique your resume (us geeks write the worst resumes – do we really think anyone in HR at any company has any idea what “Frame-Relay” and “TCP/IP” are???)

        Maybe go back to school, learn the newest technology. Get some new interview suits. Study up on the newest business buzzwords (BC certainly comes to mind)..

        Bruce is absolutely dead-on – activate your PEOPLE network. If you don’t have a network of IT colleagues – Get one!! Join user groups, etc.

        You are in a thorny situation… start making contacts to find a job at a company with less-blind management!

        And Bruce ain’t dark, he’s honest!!!!

    • #3308708

      Ignoring DR

      by paul.tiffany ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Our company has served more than four hundred different organizations over three decades, mostly supplying custome software and systems. A majority of our clients have paid little attention, if not completely ignoring, issues of backup and recovery. About fifteen percent of them are no longer in business.

      Here is an interesting example. We had a close relationship with all of the top execs. We repeatedly told them, especially the president and chief stockholder, verbally and in writing that they did not have adequate procedures in place to protect against a variety of potential problems. No response whatsever.

      Sure enough, there was a fire resulting from a short in an old circuit breaker panel.

      The president called and lambasted US for not having instituted backup-recovery procedures. The main database server had not been destroyed, but the metadata (that defines where everything is) was corrupted. We were able to reinstall most of the software and we were able to fix the corrupted metadata. Almost three days of downtime on all the critical systems resulted in a near complete recovery. Incredible luck!

      We warned the president again about developing comprehensive DR plans. He did listen and read some of what we wrote. We know that because we required him to sign a contract written by our lawyers absolving our company from any future disasters at his site, which shouldn’t have been necessary. He also told us that he still believed that WE were responsible, even though we had nothing to do with running his systems. After all of that, he still did nothing to develop DR plans.

      Almost two years later, there was an arson in the next-door warehouse that spread and took out most of their business. This is another business that is no longer in business today.

      Some people buy insurance and some don’t.

    • #3308706

      Good Luck

      by lanwanman1956 ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      We had a situation with one of our remote clients that highlighted our management’s complete lack of comprehension of DR. Client lost 2 drives in a RAID 5 container. Pfft. This is a 15 doctor medical practice running completely via electronic practice management/billing. We were able to effect a recovery of the databases and rebuild the system from scratch but at a very significant cost both in IT/IS staff man hours and real money. The practice did pay for the data recovery to the tune of 20K but the more significant event was the inability of the practice to submit billing for 6 days. This is a practice that bills over 2 million dollars a month. They will not normalize their cash flow until well into the 2nd quarter of 2005.

      Why did this happen? Because the management and sales management at my company do not understand nor are they willing to listen and sell DR to our customers. Why? Money. Doctors buy most often from the vendor with the lowest price. Is it the most appropriate technical solution? Rarely. Bottom line is dollars and the willingness of management to forgo some sales in order to provide a superior solution.

      My co-worker and I have been hammering DR for 3 years to no avail. Even this recent event has not had an impact on management thinking. If you find a solution I’d like to know about it. I’m tired of living with the knowledge of another disaster waiting to happen.

    • #3308696

      Sarbanes Oxley — Thanks Enron

      by gnx ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      If you are a publicly held company, (thanks to Enron etc.) then you need this as part of your Sarbanes Oxley Audit. Basically S/O is congress attacking something with a blunt instrument. We are in the process of doing a Disaster Recovery Plan right now. It costs more than one would expect. You need to determine if you want a hot site or a trailer with computers showing up at your site when your disaster occurs. We run an AS/400 and 5 Servers that will need to be tested 2 times a year to make sure we are up and running if something happens. Sarbanes Oxley is the next Y2K industry to sprout up. I tried to sell a D/R plan when we were a privately held company, but the cost was too much. Now we have to implement one. You may need to run systems concurently and download data to the offsite backup machine on a daily basis or you can showw up with your backup tapes and CDs. Either way it takes a lot of planning, time and documentation. But at least it will keep me busy now that the Red Sox won the World Series.

      The main thing your boss will look at is the price. But can the company afford not to have a D/R plan? Also if something does happen and there is no D/R plan, look in the mirror as to who they will expect to fix it.

      • #3294760

        Are you crazy?

        by fredsmithy ·

        In reply to Sarbanes Oxley — Thanks Enron

        You seem to be complaining that you are ‘forced’ into the situation where you have to plan for the worst.

        You need to see DR planning and testing as part of the IT operation, instead of an optional add-on.

        And forget ‘fixing’ the problem if you are left with no business and/or no customers and/or massive lawsuits.

        If your DR planning and implementation is complex enough to cost money, then the business is large enough to need the DR.

        • #3297238

          Are you a psychiatrist?

          by gnx ·

          In reply to Are you crazy?

          As part of our corporate audit, our division is required to have an alternate location for our computer equipment so the money that is owed us can be collected. Your DR plan may differ or maybe you can just plug a pc in and insert a tape or cd to get you going.

    • #3308695

      Professional DR

      by paul.tiffany ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      We had a client that liked to decide everything “for themselves”. They bought their own hardware. They bought their own GL, even though our company was developing highly custom inventory and billing for them that was not compatible with that system. Of course, we reminded them that they needed to develop a disaster recovery plan by a professional. They said they had it covered and did institute backup for the first time.

      One day our team got a desperate call from this client. The hard drive on the database server crashed. Our client had already called the manufacturer of the computer system and read them the riot act, but the people at AT&T basically laughed at them. So, we who only developed some of their software were contacted next. We had the expertise, they were willing to pay, so we stepped in.

      The daily backups were very interesting. We had tapes for over a year. Guess what was on the tapes? Every single tape was a good backup of the UNIX operating system – no data.

      We spent a week culling data from hundreds of floppies. Even the best were weeks old, while most were months old. We did recover more than 90% of their extensive customer list. But, what is the cost of thousands of lost customers? What was the cost of being down more than a week? Millions of dollars.

      Did they learn their lesson and call in professionals to plan their disaster-recovery? Nah. They, being a legal firm, decided to sue every vendor and service organization that had any connection with their computer systems over the previous five years including us and stopped paying us.

      Big mistake. Our invoices had our contractural and payment terms reprinted on every invoice and it included paying list prices instead of discount if not paid on a timely basis. After months of wrangling and crippled operations resulting from bringing in another consulting firm that screwed up their systems, they finally offered to settle and asked us to come back and fix the mess caused by the other consulting firm. Then, a couple of weeks later, they sent us a check for half the originally agreed settlement amount and subsequent billings.

      We told them we would not accept the settlement. Our lawyer threatened them with potential disbarment for illegal business practives. They finally sent us a check for twice the original amount. We also cashed their first settlement check, knowing that the accounting system they were using and that we had strongly recommended against would not pick up the payment. They ended up paying us two and a half times what we had originally requested. Their business operations were crippled for months and they paid a fortune to the other consulting company that only set them backwards.

      All this because they would not hire professional DR people.

    • #3294763

      You Can lead a horse to water and make it drink

      by pjhagersr_work ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Go to a meeting with the IT crew. Show them a report that looks like the P and L statement with dummy values. Then take out enough Paper Grocery Store bags and have the put the bags over their heads. Change the P and L sheets with the senario that the sales department Order entry Server with its billing snd statement and e-mail capabilities went down from the 24TH of the month to the 10Th of the next month this will trash the sales cash flow and knowone will have any idea what the AR numbers are. How can we recover especially if we miss out on the bigest 2 months of the year. The only thing we have is tape and paper records to restore from. What liability insurance is going to pay for that? Rough out a plan quietly pass it by the techies in your local business user group. Now take the same situation by the Execs in the same way. There skateing on very thin ice. Can the Business Survive or will it be all gone??

    • #3294754

      Will they listen to anyone else?

      by bfloria ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      You indicated that they will not listen to you or your IT staff, but perhaps there is someone who’s advice they actually do listen to. Find out who that is (Board of Directors, trusted advisor, etc.) and convince that person. All of the best security policies are worthless if you do not have the most important one – executive sponsorship. If you cannot find anyone to help you sell the idea of a DR plan, then I strongly suggest you dust off your resume and start looking for a better opportunity.

    • #3294737

      Disaster recovery solutions

      by walburn ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Hey,

      Disaster recovery is a scary situation to be in the first place. So backup all ur stuff everyday, periodically.

      For backing up your data, the best place would be to look for synchronization and backup software, where u can backup all kinds of data in a jiffy, save versions etc.

      My company uses this product from http://www.mobiliti.com called Network/Unplugged, and its excellent both money wise and cost of resources on the system as well ( as in takes less memory and gets the work done quick). U can check its features out on its website.

      enjoy
      Rex Walburn

    • #3294731

      It?s All About the Money?. Isn?t it?

      by glarose ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      In a word ?Yes!? How do you strike a cord with the top executive who has the lack of common business sense to understand the root of a potential clients question. (Money… did I say that out loud?) And why in the wide world of Sports is the company CEO talking to the client ? in a word ?Money?. So now we have established you need to work under the KISS method. You can?t get technical here; it just will not work. Provide a small amount of information and ask a couple thought provoking questions. What is your earned revenue per day and how many days is the CEO willing to lose that money? I mean revenue.

      OK forget money for a second and look to another ?M? word, Marketing. What is the name and reputation of the company?s name worth? Oh forget the SLA?s company?s are now asking for demanding ?. darn there I go again ? Money. When you lose a client how long will it take to get another one back? There I go again? you guessed it.

      An insurance policy is not an assurance policy. Business Continuity Planning and Disaster Recovery starts by planning to maintain mission critical operations. Perhaps you can pull a Kramer and burst into very important business meeting your CEO is having (Money) and scream, ?The whole center is down! What do I do? and see what happens. (Hint ? bring toilet paper)

      I?m going to go out on a limb here and say I would guess the money lost in one day is more than the cost of mission critical data center review.

    • #3294677

      Or Don’t sell it…………..

      by ianmcardle ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Interesting problem. Couple of pointers below and think “Enron” as you read them.

      1. Directors have a LEGAL “Duty of Care” to the shareholders of the business. If they fail in that duty, depending on your country of operation, they can suffer severe penalties, inlcuding incarceration.

      2. Directors have a legal obligation to listen to employees who advise them, in writing, that they are in breach of this legal “Duty of Care”. That’s what they pay you for. Have you put your concerns in writin gto them yet. Start with your line manager and if no response escalate to teh Director responsible for IT and then the Board etc. May take time, but follow protocol and the correct channels otherwise they think troublemaker.

      3. Insurance companies are increasingly asking Directors what they have in place for DR. A simple “We have a plan” is rapidly becoming inadequate and the premiums go up accordingly. Insurance companies started ITIL as a BS standard – they did it for a reason!! Put a decent DR procedure in place, show it to the insurance company and watch your premiums fall – that’s if your Directors have data reinstatement etc. on the policy. Check this out with the Finance Director. Use the “What if I could reduce the insurance premium costs” approach and teh “We are not following Best Practice” statement. (see http://www.itil.co.uk for more and try comleting the self assessment questionnaire. There are also some very good articles and guides here on Technet worth looking at.)

      4. It doesn’t cost a lot to put simple DR in place and that cost could reduce premiums considerably.

      5. Print off EVERY answer you’ve been give on this board and hand it to your Line Manager(s) – in a bound format grouping the mails together by type of answer if possible AND give them a precis of 20 replies said yadayada; 30 said boo boo and 50 said find another job.

      THEN, and ONLY THEN, if they will not listen, write to every Director individually, and the Company Secretary, explaining that you have approached them on numerous occasions etc. and as it appears they do not have the best interests of the business at heart you have decided to start looking for another position. Not yet handing in your resignation but merely advising them to start looking ofr a replacement.
      Then polish up the CV and start looking for another position and explain to prospective employers that your Directors are not responding to requests that they assist you to put a DR plan in place. It proves you are thinking about your responsibilities and have integrity and that you are moving on for that sole reason.
      This is an honourable adn common sense position you are adopting and is NOT the same as admitting defeat.
      You may end up out of work sooner than planned, and some will tell you don’t jump until you have another job, but life is too short for the stress
      that your situation causes.

      This probably contains bits of answers given by others but I hope it helps you to see a way forward.

      Good luck and let the world know how you get on.
      Regards
      Ian

      PS – On the basis of the UPS you mentioned I would set them to run the servers for 20 seconds and then start shut down – don’t bank on getting the full 7 minutes as it reduces as they get older!!

    • #3294663

      Information Security Policy

      by chriswh ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Getting execs to invest in DR is a very difficult task. It?s the problem of ROI and the focus on what will happen rather than what might happen. SAD, but if the company has never had a disaster the perception will be that the systems in place are OK and DR is too low a risk to justify investment.
      To sell the idea needs an approach that can show tangible benefits (other than the threat of doom), preferably described in dollar returns on the investment.
      I?ve found that it?s easier to gain support for implementing an Information Security Policy (eg moving and organisation towards ISO 17799) which can show statistically proven benefits of increased productivity, lower operational costs and competitive advantage (the language execs relate to).
      Also, this route not only covers DR/BC but other important areas that are headaches for the System Administrator… If the decision makers are not worried about DR then chances are they are deaf to the other concerns (privacy, acceptable usage, and all the other information security issues).

    • #3294660

      Keep on going

      by freeozraelised ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Keep on going make sure you cover your a…..
      Keep documentations have everything in writing and confirm, and find a way that all managers know about this. The way to go about it is to ask all managers what they consider as critical and what they think the best way to protect their side of the business.
      By doing so you make the manager aware that there is not DRP, you involved the managers in the process and they probably have more influence on top exc? and you look good because you are doing something about it.
      Make sure you stay professional. You can only raise the issues.
      Make sure to have a document sent to HR and to the bosses explaining the situation, again very professional no crying. The document should explain the problem explain the solution for the problem and you are requesting the bosses to sign to a prove it or to sign if they don?t approve it this is the important part. Have them sign on the document what ever the decision.
      I have been there and understand.

      1- Make sure to ask all the diff? departments what they consider critical
      2- Collect the information (it will take you time). After sending the request go and speak to them and confirm the conversation by email(print those emails and keep a copy)
      3- Once you have most of the information you then start to build the DRP and request some additional resources from your bosses. Remember they have to sign for no or yes.
      4- Once the decision has made and they sign communicate the decision to all department and explain that you are ding your best to build the DRP

    • #3294639

      Been there, convinced them, got a pay increase…

      by jesuss ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      A few months ago, I was in the exact same position you find yourself now. I wrote documentation, brought in a DR consultant (a friend of mine came for free), and explained to them the risks of not having a DR plan ready.

      When I got tired of insisting, I simulated a disaster. I got to work an hour early and completely trashed the servers. Something that would cause chaos but wouldn’t take me more than a few minutes to fix.

      When the execs and working stiffs like ourselves came in and couldn’t even log in to their workstations, the IT department was immediately flooded with calls. Naturally, all I had to do was correct the “disaster”, write a detailed report about it, and hand a copy of it to the IT director, CIO, and CEO. Naturally, I did not tell them it was simulated. I just told them it was a minor thing that might lead to serious complications. Within a month, we had a decent DR plan established and I had gotten a little bump in pay.

      I hope this suggestion works for you. My other suggestion would be to ask your supervisors for written (and signed) proof that you informed them about potentian disasters and they decided not to do anything about it. Good Luck.

      • #3294624

        What part of ethical behavior do you not understand?!?!?!?

        by scubaboy ·

        In reply to Been there, convinced them, got a pay increase…

        It is amazing to me just how many of you unprofessional morons there are out there. Scary. All I can really figure is that you wannabe professionals are a result of the paper certification mills that don’t teach any business acumen or actual skills.

        Should a doctor tell you that you have lung cancer, just to get you to quit smoking?

        Should a lawyer tell prosecutors information about his client, in order to scare him?

        This is as logical as you “simulating” a disaster. I’m sure the “simulation” put people off the network, and cost money. The fact that you got a raise by doing this simply underscores the fact that there are very stupid people at all levels, and your company seems to have cornered the market.

        If you had “simulated” a disaster on my network, and it cost so much as one minute of productivity, I would have fired your a** so fast your head would be spinning. And I’d make sure anyone calling for a reference knew what an ethical, professional person you are — NOT!!

        I need to make sure that none of you intentional-crasher inbreds work for any company with which I do business!!

        All IT PROFESSIONALS should operate by the same basic rules that physicians do:

        “First, Do No Harm”

        • #3294489

          I agree with you…

          by jesuss ·

          In reply to What part of ethical behavior do you not understand?!?!?!?

          Mr. ScubaBoy

          First of all, I agree with what you are saying:
          “All IT professionals SHOULD be ethical”. Please note the emphasis on SHOULD. The fact is that not everyone in IT conforms to your standards. The IT industry is a dog-eat-dog world where greed, money, and politics dictate the actions of everyone. Sometimes you just have to do things “outside the box” in order to get results.

          Regarding my actions: Was it unethical? Absolutely. Did I enjoy doing it? NO. Was it necessary? YES. I read one of your other posts and found out that you got screwed over by your bosses. If I hadn’t made my move, I probably would have suffered a similar fate. No productivity was lost. As I mentioned, this incident took place befor the workday officialy started. All systems were up and running at the time they should have been running.

          I would love to live in your world where ethics, responsibility, and honesty are prevalent. But I don’t. Now, I’ve been reading every post in this discussion and did not come across your advise. All I found were your harsh criticisms on advise given by other members. I would love to know: What would YOU have done?

    • #3294617

      Equait it to extra Insurance

      by thomasmac ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Show $$$$$$’s in cost if your down for more than
      4 hr. a day 2 days a week etc !!! Insurance will
      buy the new equipment but not the DATA to Run
      the show and no data no money to run the company!
      Tell them that they have to follow the money to
      the source Customers thus no customers no money
      no company ! the BEST of luck with your problem
      ps
      You might print out some of these replies
      of the fine pepole here and present it to the
      CEO of the company .
      TAM

    • #3294599

      Watch what happens when….

      by thegreek ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Things go awry.
      First of all, propose some viable (but not too expensive) means of disater recovery. With your proposal, be generous with the facts. Make sure that everyone understands exactly how the recovery would work.
      To make the point stick, if you can do so without causing too much havoc, come in early one day and shut down the network. Believe me, the one thing that gets everyone’s attention is a situation where nothing functions as it should.
      Good Luck.

    • #3297241

      Three Sane Approaches

      by progan01-yahoo ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Forget faking a disaster or doing anything else without their knowledge. They’ll forget disaster planning but remember YOU for what you did. Wrong message.

      Focus on receivables. What do they get paid for? Where do the checks come? If there’s no address left, where would the checks go? Back to the sender? What would the customers do if they couldn’t get to the people in the office? Would they go to their competitors? Would they bother to even look for any of the company’s people?

      Ask the lead question and build from there. Ultimately disaster recovery is about business resumption, getting back to where we started from. The circle breaks for these guys at the point where they don’t get paid. Ask them how they intend to get paid, and watch their eyeballs track to the weakest link. That’s the place you start to sell disaster recovery.

      Keep in mind that if there hasn’t been an outage or a loss within living memory of the decision-makers, there is no ‘good’ bad example to use to drive them. It does no good to resort to scare tactics if they aren’t familiar with what a ‘disaster’ really is. Don’t make the mistake of blaming them for their good luck.

      If your industry is trying to deal with Sarbanes-Oxley or HIPAA, you have another way to deal with raising the subject. Regulations may require backups of critical records, a real headache for a lot of people. You can get two birds with one S-O stone if you can show that adding disaster recovery provisions to the new overhead will get them twice the return for their initial dollars — and more if they actually have a disaster and have to use their backups and the plan. That’s cheap insurance, and tailored to their business needs.

      There’s a third method, if you know your execs and their contacts and their industry well. If somebody else had a disaster, one that cost them business that your firm picked up, or better yet that happened to a friend of one of the execs, you have a personal ‘in’ you should raise. Keep in mind that groupthink may keep the one exec from speaking about the experience, so you may need to do some digging and asking around, and you may need to be discrete. But the personal experience of disaster, even if it happened to someone you know, tends to make a lasting impression. One that can drive DR even in the most unmotivated of environments.

      Selling DR to people who haven’t known disaster is always an uphill battle, but it can be done. Stay away from scare tactics and focus on the returns. They may never use the fire extinguisher in the hall, after all, but it’s better to have it and not need it than need it and not have it.

      Good luck!

    • #3297084

      Th need for disaster recovery

      by mhoeting ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      I faced this same issue: educating the executive team on the REAL need for disaster recovery, and convincing them it was more than just a best practice.

      We are a government agency, so things probably work a little different, but this strategy would work for private industry as well.

      I requested/encouraged our financial auditors to include an IS audit in their financial audit process and report. Having the lack of disaster recovery show up as a finding in the financial audit got me the traction I needed to fund the DR plan.

      Hope this helps.

      Mark

    • #3297058

      2 simple approaches

      by recovery ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      1. If they don’t believe in investing the money this should also apply to insuring the business, therefore they should not be carrying ang insurance (buildings, liabilities, loss of profits, etc.) Some of these of course are legal requirements for businesses – but there is no ROI.
      Do the directors, CEO, Board, or senior staff have personal insurance s on their homes, cars, health etc. – WHY?
      2. The second approach is that if senior management have been warned about the need for DR and fail to take steps to safeguard the business, they can be PERSONALLY sued for not taking due care and diligence. Are they willing to take that risk – Their job, their livelyhood, and all their personal possessions & savings.

      It is also a fact that preparing a proper DR plan can bring savings to companies as it focuses on the business and the critical parts. Many businesses have processes that are run “because they have always been done” and are no longer valid, but no-one has ever queried them. It also produces a chance to review the various requirements within departments and makes them accountable for things such as IT spending.

    • #3296135

      Share of my selling Disaster Recovery tactics to senior management

      by eugenemiu ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Hi Tom,

      I had the same problem like this before. However, I did not put on my business manager hat to think through the solution.

      There are several things which we can try:
      1.Get the business units executives buy in of the DRP. If they can provide a lost of sale figure if anything happened to the core system, then it will be a good selling point.
      2. Sell your plan through these business units executives, let them discuss this matters thru the meeting.
      3. Put in the loss of income figure and return of investment into the proposal, this will get their attention.
      4. finally, you can be the faciliator to do a brain storming session on disaster issues.

      I hope this help.

    • #3295893

      Trial by Fire

      by gary ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      “Loose” some of the exec’s files for a few days, something he really needs, like his outlook .pst file. “Find” it a few days later. Explain how a daily backup could have him up and running in a few hours instead of days.

      If this seems a bit drastic to you, unplug on of the IDE cables on the server’s hard drives before you leave late at night. Just be prepared to come in early the next day. 😉

    • #3295892

      How to sell DR to exec’s.

      by rogerbarker.ics ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      I specify how much money is lost during a disaster and how much can be saved when they invest in DR services. I convinved a bunch of architects that strongly believe that IT is a blackhole with no discernable benefits.

    • #3296865

      Risk Analysis and Management

      by paul grinyer ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      You may think you are wasting your time but try a risk analysis covering everything that could go wrong, how likely it is that it will happen given your location, physical and geographical and the cost of managing those risks down.
      You should also include the risk of essential staff leaving or dying.
      There are physical replacement costs for hardware etc and logical costs associated with business continuity and s/ware and data loss. Each has one or more countermeasures. check out http://www.cramm.com, it has lots of useful info.
      Even if you only get them to buy into some things it’s better than nothing and the first time there is a major disaster you will have a head start on the response you will be asked to provide.

      Cheers and good luck. It’s not easy persuading execs to invest when there is no visible return but if you can persuade them that business is more likely to come to a well prepared and protected company you may get a bite.

      Paul

    • #3296754

      Document Everything

      by junlim ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      Put all your recommendations into writing and make sure that all the execs concerned received it. Because they only understand profit and loss, you should show them what it might cause them if a scenario occur without the proper disaster recovery in place. If they don’t listen and disaster strikes, at least you have written proof that you tried to warn them.

    • #3297568

      Use Business Terms

      by sluce ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      You need to put IT disaster recovery in Business Terms.

      Show what business processes shut down in what time period (e.g. after 4 hours we lose the ability to ship oders, after 12 hours the sales desk shuts down, etc.) and then relate this to the impact on bottom line. Combine the likelihood of the types of disasters occuring and you can help them understand and make a business decision on the risks they are willing to take.

      Your DR issue is only one of the business risks they have to consider. An alternative to DR plans is business insurance to make up for the disruption so you may also want to understand that competiting solution and compare it in your plans.

      Remember, DR plans are a cost and an insurance policy. Help the business people make and informed decision and they may chose to invest.

    • #3297519

      Change you Sales Pitch

      by swade ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      When dealing with your senior executive Tom it is always smart not to be seen as telling them anything. YOu mention that they are concerned with what makes them money. I would suspect they would be equally concerned with something that costs them to lose money.

      This doesn’t take a DR professional or consultant, just asking a few simple questions.
      1. What is the cost of being out of business for (pick a time)
      2. What would the impact be to the companies credability? (i.e. Would you retain customers).
      3. What is the risk of a disaster (of any type) happening in your area?

      If you have a risk management group I would recommend getting them involved.

      Finally, goto a BCP site such as DRJ.Com. You will find some pretty straight forward statistics on the survival of companies that do not have Business COntinuity Plans in place (regardless of how much insurance you carry)

    • #3296508

      Cost of Quality now or later, your choice

      by nathan.fisher ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      I live in York, PA – home of industry and the small-business oriented “cheap” owners. I have a pretty decent gig here, but the horror stories of friends in the area remind me of one of my MBA classes as Villanova.

      You need to sell the quality aspect, and put a dollar amount to the quality of IT you NEED to have to survive.

      For example, a car manufacturer may say “I want to produce a tire at $15 cost”. However, if the quality cutbacks on materials may end up costing the company hundreds of millions in lawsuits in the future, you may be able to sell the cost of production to them at $20 per tire if you produce tests and situations that show the quality curve.

      This is tricky. The first thing I’d do is a business continuity plan, which is very comparable to risk management. Business continuity addresses situations, their probability of happening, the plan to keep the business running, and the dollar amount needed to address that plan.

      For instance, you mentioned water problems. In a chart, write down disaster events on the left column, and the second column would have “probability of occurrence”. Write low, medium, or high. Unless it has happened before, you probably want to rate it at a medium.

      Items like tornadoes and the like may NEVER happen in your area, so you may place them at low.

      In the third column, you write what would happen if water DID get in, and put a price tag associated with loss of all equipment, loss of business for a few days, etc.

      In the fourth column, write an idea that could help the situation, such as a hotsite, and in the fifth column, associate the cost for that alternative.

      Perhaps the flooding problem may have 5 answers. Associate a cost with all alternatives. Perhaps moving your servers upstairs may solve that issue, and be the cheapest cost.

      just like the tires, cost of quality NEEDS to be part of the IT budget each year to ensure your business stays intact.

      Maybe your boss is a gambling man. Maybe he’s just bad with money. Maybe he is losing money on slow sales.

      If you cannot convince him, it may be time to float your resume elsewhere and see what happens to his business by losing his greatest asset of all – people who keep his business in operation daily in the IT field.

      By the way, can you imagine flood waters coming in and your boss telling you to “save the servers” while you’re knee deep in water and thousands of volts on around you. If you fail to plan, you plan to fail.

    • #3315479

      Get an accountant

      by rgrein ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      The ONLY way to rationally sell DR, or business continuance
      planning is with a business geek or better yet an accountant.
      They’ll help show the true cost of downtime including
      opportunity costs (lost sales), and what it takes to survive as a
      business without planning. Generally it’s boatloads of cash and
      no competition.

      YOU, as the technical guy can discuss the various kinds of
      disasters – anything from the latest internet worm to a volcano
      opening up shop next door. Give real estimates of the length of
      time to recovery as well as probabilities of each kind of incident.
      This information can then be taken by your accountant partner
      to show the probability of business continuance without a DR
      plan over 5, 10 and 20 years.

      The pitch:
      In all reality they won’t buy a consultant to develop a plan – the
      only thing more expensive is the real disaster that takes out the
      entire company. So you’ll need to get someone in upper
      management to help. “Hey Fred, I’m really worried about our
      survivability if we have something as simple as a flood,
      especially after finding out that most businesses that are down
      for more than a week fail within 5 years. I think we can develop
      simple contingency plans for problems inhouse if we get
      management support. How can we get the ball rolling?”

      DR planning isn’t rocket science. Nor is it esoteric business
      model stuff (heck, nothing in business is really hard to
      understand) but it is a lot of work. Even with consultant
      guidance you collectively do most of the work. The key is to bite
      off small chunks. Start by documenting YOUR area and
      improving your methods. If they’re not up to snuff you’d better
      get cracking.

      There’s a sea change coming thanks to recent legislation.
      Everyone is familiar with HIPPA, but few realize the far-reaching
      effects. Many, in fact most companies will eventually be touched
      if not impacted. Graham-Leach Bliley (sp?) has a more profound
      effect. Ultimately these (and further legislation) will require IT to
      adhere to best practices for data protection – and that includes
      retention.

    • #3314204

      You’re selling the wrong thing!

      by mattbakeruk ·

      In reply to How do I “sell” disaster recovery to the exec’s?

      forget disaster recovery.

      What you want is Business continuity Management – what is the company going to do when any of the processes or systems fail. Insurance doesn’t help when you can contact customers or a vital shipment can’t be delivered. These are not just IT problems – they will affect the whole company. find allies in otehr departments and work together.

      also if your company is listed on the NYSE or does business with one that does, then get the director to consider their responsibilities under Sarbanes Oxley – if they fail to get it right they could go to jail.

Viewing 61 reply threads