General discussion


Why IT can't go it alone when it comes to DR

By debate ·
Which departments are responsible for business continuity planning in your organization? Do you agree with Mike Talon that the IT department shouldn't be solely responsible? What other departments do you think should be involved? Share your comments about involving other departments besides IT in continuity planning, as discussed in the Feb. 15 Disaster Recovery newsletter.

If you haven't subscribed to our free Disaster Recovery newsletter, sign up today! Click this link to subscribe automatically:

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

HR and Accounting

by TomSal In reply to Why IT can't go it alone ...

I think that the most relevant departments to be involved in business continuity planning are IT, HR and Accounting.

In very simple terms...

IT - the technology / data

Accounting - financial records

HR - Personnel

Unfortunately many places (mostly smaller shops) seem to squarely put DR planning solely as an IT responsibility.

Collapse -

In a wholly IT environment you are correct

by Tony Hopkinson In reply to HR and Accounting

If your are a manufacturing shop, warehousing despatch, in fact any business where the IT collects data from physical events, such as Tony visits the bank, business will continue without IT. They'll type up despatch documents to enter later, then you find out that because there was no validation it was despatched to the wrong place and the correct company invoiced for something else they didn't get which you can no longer find.

Collapse -


by Tony Hopkinson In reply to Why IT can't go it alone ...

IT has it's place obviously. but if the IT systems are going to be out for any length of time the business will attempt to continue manually, so recovering that and any lost transactions can be harder that just simply replacing the kit and restoring the last backup. If you don't already have some way in place to cope with no IT, you'll be recovering for a long time.

Collapse -

Spot on!

by leslietmcse In reply to Everybody

I agree with Tony in that any organization must get all departments involved as all department heads will have some idea to contribute around Business Resumption/Continunity planning. Just placing the weight on the IT department is plain incorrect.

Collapse -


by stuart In reply to Why IT can't go it alone ...

As a Disaster Recovery/Business Continuity Planning consultant, I can tell you that the first thing to do is understand the difference between DR and BC. DR is the act of recovering the IT infrastructure to a point at which time the business can use it. Business Continuity refers to the actual continuity of operations of the business. Both are symbiotic. There is no point recovering the IT systems if there are no users, and conversely there is no point recovering the business if there is no IT to support it.

In my experience, the most critical components for any business are the tools and processes required to conduct the core of the business. That means manufacturing product, delivering, sales, etc. Most people will include HR, however I would argue that HR has little to do with actual production. If the concern is payroll, part of the continuity plan can state that payroll will be a duplicate of the last known good check. Changes can be caught up later once the business has resumed.

As for responsibility, it is neither the IT department or any other department that should be held responsible for either DR or BC. This is something that is best accomplished by the organization as a whole, with all of the pieces gaining an understanding of where each fits into the overall BC strategy.

Collapse -

Spot on

by purbeck-it In reply to DR & BC

Exactly right - DR and BC are two entirely different concepts, and I would argue that DR is simply a component of a BC plan. In an effective BC plan, the IT Department will have a single responsibility - to recover the services they provide an a timely manner.

That doesn't necessarily mean the actual physical systems, by the way - the important thing is the services. I have worked with several IT Departments who expended huge time/money/resources on complex plans to recover the complete infrastructure, but lost sight of the overriding need to recover the services. One company could recover the whole IT infrastructure in two days - very good guys, but they didn't realise that parts of the business needed service restored inside two hours, and the IT plan couldn't cope with that. Which made it useless.

Businesses will never be able to develop efficient BC capability whilst the outdated "BC = DR : DR = IT : Therefore BC = IT" fallacy continues to be peddled. To be honest, my experience with BC leads me to conclude that the IT Department is probably the worst place to put overall BC responsibility.

Collapse -

Slight deviation here ...

by leslietmcse In reply to Why IT can't go it alone ...

I totally and whole-hearted agree that IT can't go it alone (see previous post) but the fact of the matter is that senior management looks at BCP as an unnecessary insurance policy. I've attempted, in two previous organizations, to have senior management take BCP seriously but usually got some "make this irritation go away" funding and not much else!
My $0.02

Collapse -

Continuity planning

by Info-Safety, LLC In reply to Slight deviation here ...

BCP, disaster recovery planning, or any other name in vogue, is really about the entire enterprise. When a tornado destroys the office building, for example, the enterprise needs a lot more than a backup tape and a few new computers. Proactive organizations, at the very least, need to consider various disasterous scenarios, and all phases of the enterprise need to be involved in the brainstorming and planning.

Craig Herberg

Collapse -

Several departments

by house In reply to Why IT can't go it alone ...

1) Maintenance
2) Housekeeping
3) Security
4) IT

the list goes on, but these are the most important ones - imo

Every department should at least be aware of the BCP, and meetings should be held to outline the current state, future plans, and recent changes.

Every department should be responsible enough to understand that their equipment and data should be safe. It is important that everybody subscribes to the standards within the organization, and if they have any concerns, they should be addressed immediately.

The IT department cannot be responsible for everything. If someone is running a rogue PC that is not on the domain (example) - who's fault is it when the drive craps out?

I was part of a rollout procedure where we found an old machine sitting there, not on the network, and running NT4 workstation... with about 6000 text files, each with a client's confidential and vital history/info - some secretary working for a doctor. No mapped home drive, nothing... all local. I couldn't beleive it. We swapped out the PC, gave her an h drive, and reinstalled her 15 year old DOS appointment organizer - with a note to persuade her into exchanging the old beast.

Collapse -

It should be primarily determined by the BIA

by Mikalos In reply to Why IT can't go it alone ...

I totally agree with Mike Talon that IT shouldn't be solely responsible for business continuity planning. The BIA should point out the key departments that should be involved with the business continuity plan. Another contributing document would be the Emergency Preparedness and/or Crisis Management document.

Related Discussions

Related Forums