Disaster Recovery and Prevention in IT

Measures that Can be Taken to Eliminate or Avert Risk

Mar 3, 2009

Completely avoiding disaster is impossible. However, an IT department can prepare by anticipating common types of disasters and designing networks to address them.

Based on a (2005) case study by Ross, Tyran, Auer, Junell and Williams, the most common types of disasters could be classified either as a “natural event” or an “IT failure” or both. Therefore, it would be logical to take steps to first eliminate or reduce risk in these areas.

The first measure that can be taken to address such risks would be to ensure that proper budget and insurance has been allocated. The article notes that “small and medium-sized organizations tend to be less prepared, often due to limited IT budgets.” Making disaster prevention and recovery a budget item (and, as a result, obtaining the proper insurance) is a key step. Once a budget has been acquired, specific areas should be addressed

Anticipating and Planning for the Most Common Types of Disasters

Theoretically, according to Ross, Tyran, Auer, Junell and Williams, if certain steps are followed, at least with the most common types of disasters in mind, an organization should be adequately prepared. The following are some step-by-step measures that can be applied to reduce or eliminate risk to the assets of an organization:

More Practical Steps Toward Disaster Preparedness

Obtain a source of funding. The recovery of facilities and hardware may cost millions. An organization may not recover if not for an electronic data processing insurance policy and a state aid package. Such safeguards are fundamental and, while they may seem like an unnecessary expense at first, they pay for themselves eventually.

Allocate a space for temporary quarters. One of the recovery measures necessary for avoiding a lethal interruption in operations is to immediately relocate offices and other facilities. In medium-to-large organizations, there are usually some vacant spaces that can serve this purpose. An organization may have several open areas at any given time that could be either staging grounds or cubicle farms as needed.

Find IT hardware for immediate emergency use and establish redundancy to facilitate file recovery. A minimum number of new computers should be waiting offsite. Moreover, an organization should maintain physical IT storage away from labs and offices. This way, a disaster will not wipe out all hardware. Maintaining an offsite software backup follows the same logic as keeping hardware reserves in an offsite storage facility. Redundancy increases the likelihood of recovering data.

Risk Prevention Should be Efficient and Ongoing

Make sure backup procedures are in place and avoid serendipitous IT architectures in favor of thoughtful planning. Using an N-tiered design minimizes risk because it isolates functions from each other. If one part of the IT architecture is taken out, the others remain. Moreover, the development staff can orient their resources to bringing the damaged/lost components back online as soon as possible. As new threats, new measures will be appropriate.

Ross, S., Tyran, C., Auer, D., Junell, J., Williams, T. “Up In Smoke: Rebuilding After an IT Disaster.” Journal of Cases on Information Technology (2005): 31-49.

The copyright of the article Disaster Recovery and Prevention in IT in Office/Facilities Management is owned by Michael Davis. Permission to republish Disaster Recovery and Prevention in IT in print or online must be granted by the author in writing.