IT Employment

General discussion


How do I "sell" disaster recovery to the exec's?

By TomSal ·
Here's my problem...we have ZERO disaster recovery. Should an act of God happen tomorrow we face the liklihood of being done as a business.

+There are no co-location plans

+We backup, but tapes are stored locally

+Only SmartUps for our UPS -- a whopping 4 - 7 1/2 minutes of backup juice depending which server you are talking about

+Personnel wise there does not exist a contingency plan for who does what task should someone in a critical position be killed or get hurt in such a way it prohibits them to work

+Its so pathetic we had a prospective client (representing a HUGE Pharmacy chain -- if I said the name you'd know them right away) come in and ask our CEO , "So what kind of disaster recovery do you have here?"...our CEO said "Well we are fully insured."

Despite all this I just can't get these guys to invest some dollars into DR. I have typed up basic documentation on the why its needed and the "what-if" scenarios...but I guess either my explainations suck or they are just stubborn. The top execs have this fatal case of "If it doesn't make us money we don't want to invest into it!".

I have told them we need a professional disaster recovery consultant to come in this place and assess everything and then write a report. They'd go for this if the guy was free. maybe.

Its so frustrating. This is a battle I've been fighting over and over for 3 years now. They won't listen.

Recently in our area there was major rainstorms, which did considerable flood damage to surrounding areas -- this made me think on the topic again (our server room is ground level).

Any help or direction would be greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Was the guy who asked about DR a potential client?

by robertmi In reply to Risk

If so he might be prepared to say why he didn't do business with your firm. Otherwise, you can only lead the horse to water. To cover yourself and your professional reputation since you will be blamed when it all turns to custard, you should seek official signoff on the decision to go without a disaster recovery plan. At the same time, try to build in a little system redundancy and get that off site backup storage. To sane people, the "what will it cost to be out of business for x days" argument is usually enough to convince them that DR is an insurance premium worth paying. You could personalise matters by asking the decision maker what he plans do do post disaster, as his business will no longer be viable. You have doubtless already supplied case studies showing how fast even a flourishing business can go down the gurgler. Does the company use an external auditor? Such a person might feel competent to point out the unwarranted risk involved in system failure of insofar as risk of clients suing for non performance etc is concerned.

Collapse -

Ask Board of Directors

by RMorin In reply to Was the guy who asked abo ...

Does this company have a Board of Directors and do they hold regular meetings? You may want to ask to be put on the agenda to address the issue to the Board. Perhaps if Board members knew about it, there would be more action on it. However, doing an end run on your bosses by going to the Board, could end your career with the company. Just depends on how passionate you are about the subject. If you have presented all you can to the powers that be and they won't listen, and you don't want to go to the Board, then document, document, document. Keep copies of your documents off site. You are in a tough situation. Good Luck.

Collapse -

The answer is simple...

by Gt89 In reply to How do I "sell" disaster ...

Good Morning.

Your question has a very easy answer : If your boss is advised about a potential disaster for example with THE SERVERS, and he/they don't want to invest in it because "it's too expensive", all you have to do is wait. I know it's difficult, but a disaster CAN really happen, and if it will, then all you have to do is "I TOLD YOU SO", and they will certainly give you reason. There's not much you canb do about it, the are the bosses, and if their decision is NO there's noting you can about it besides waiting for something to happen. But you have to have proves (emails, letters) that you warn them of that potential disaster and they systematically did nothing.

I know this doesn't work, but this is the hard way to learn to make backups and data protections.

Good Luck.

Collapse -

Doesn't help if company goes out of business

by Bill_Brower In reply to The answer is simple...

CYA is always a good idea, but it is of little comfort when the company goes out of business by not having a DRP (especially in this IT job market).

You should do some research into companies that succeeded or failed due to a disaster (9/11, fires, floods, etc). Present a report to the executives that estimates how much a DRP would cost to implement and then include the failures and successes of other companies (highlighting the failures, of course). When management sees the risk of not having the DRP (which should translate into the risk to their own jobs), they should take a different approach. As mentioned in previous posts, if your company is public, then show them the Sarbanes-Oxley requirements and the risks of not following the law (they will be personally responsible for any losses by shareholders).

Collapse -

Why does that matter?

by Boomslang In reply to Doesn't help if company g ...

If you have no money invested in the company and they don't want to do anything about it, you are merely out a job. Document that you had the discussion and be prepared in case of disaster to have a lot of work / find a new job. It's their responsibility, not yours. Sounds like you are working in a private company, in that case, often insurance is and will be the only disaster recovery plan. There isn't always a lot of free capital running around to do more than the day-to-day business and incurring the extra expense of interest payments is something the owner doesn't want.

Collapse -

Yeah, but......

by danag42 In reply to The answer is simple...

That's all very well and good if all you are concerned about is personal liability. You can CYA until the cows come home, but if the company goes south, what do you do for money?

At least if you document your attemts at communicating, you won't be held liable!

Collapse -

Get it in writing as well...

by soundy In reply to The answer is simple...

"If your boss is advised about a potential disaster for example with THE SERVERS, and he/they don't want to invest in it because "it's too expensive", all you have to do is wait. I know it's difficult, but a disaster CAN really happen, and if it will, then all you have to do is "I TOLD YOU SO", and they will certainly give you reason."

Cover your *** on this, too: write a report (or use one of your existing ones) on why DR is needed, etc. etc. outlining the needs, potential consequences, loss of business, and so forth... even use a specific example ("Here's what would happen if a madman with an Uzi attacked the servers...") -- and GET THE BOSSES TO SIGN OFF ON IT. Get their signatures to prove that they've read it. Even add a line to the bottom, "We the undersigned have read this document and decided to ignore it. <names here>".

That way, they can't come back afterward and claim you never told them, didn't make the dangers clear, blah blah blah. You have the proof that you informed them of the dangers and they chose to do nothing about it.

Collapse -

Why wait

by mr.jones In reply to The answer is simple...

Why not cause a 'controlled disaster'.

Pick a small service/server and, after checking backups exist AND work etc.. take the server down, tell management that the power supply has blown and that it would take a day to get the part fixed or the server/service back up and running.

Then point out that this could have been avoided if a proper DR system was in place. A spare power supply could have been installed and the server would have been up and running in 10 minutes. A full days work would not have been lost if there was a $100 part in your cupboard.

Collapse -

Define "sell"

by Bucky Kaufman (MCSD) In reply to How do I "sell" disaster ...

To "sell" management on anything, all you have to do is present the case. It's then up to them to choose.

You probably meant "get them to accept" DR. That's a little harder - because the chain of command goes the other way.

Once you've made your pitch(or several pitches), and they've turned it down - you're at the end of your road. You just gotta accept that they're not gonna do it.

Just make sure that when iGod smites them, that you have your own personal DR plan.

Collapse -

Travel Agents

by GlitchA1 In reply to Define "sell"

I have a travel agent client who was told by the last consultant "don't need DR".

They lost 14 months data, and where I'm from, they have to be audited once a year by an external government agency. They missed their audit and were fined. Not to mention 3 weeks down time (at about $70000 a week turnover).

Now they have UPS, full system backups, secure offsite data storage, online data backup AND a fully redundant server.

All for less than they lost in one week!

To answer your problem, they need to be given the facts about it, don't try to sell a dangerous environment, tell them gently that they need to consider what would happen if all of the computers were not useable for a week. Try "I've been researching what we could do in the event of an IT disaster, and I have some ideas. I need your opinion on what would we could implement here. Some of the case studies I've read a pretty nasty. When do you have time for a discussion on it?"

Apart from that, you just have to maintain *your* interest in DR until they too are interested.

Just keep bringing the subject up, and they will eventually ask you about it like it was their idea.

Related Discussions

Related Forums