Tannenbaum Helpern Syracuse & Hirschtritt, LLP
About Us Careers Contact Us Search
Home Practice Areas Industries Case Results Attorneys Publications Events Press Room

Disaster Recovery - Part 2

Fire, earthquake, hurricane, flood, terrorism and sabotage are just a few of the ways that you could lose your entire IT infrastructure almost instantly. Is your business prepared for these possibilities?

When Hurricane Andrew blew through Miami, my house was about one mile from the northern eye wall. I watched its exterior walls oscillate and listened to roof trusses straining and shifting in the wind. I always thought that it felt like being on the wrong side of an artillery strike. At any moment, the house could have come tumbling down or missile like debris come flying through. The protection for my children consisted of mattresses over their heads not Kevlar armor.

When I walked outside after the storm, the level of devastation was beyond anything I'd ever experienced. It looked like pictures of the most catastrophic war I'd ever seen, but worse. No camera could truly capture my experience because I think the focus of any lens is too narrow. Experiencing this scene personally was like nothing a camera had ever conveyed to me.

Once you've experienced nature's power like that, you see the world a bit differently. Disaster is no longer something that can only happen to other people. Nature is no longer something that you can always tame.

Hurricane Andrew taught Burger King, American Bankers Insurance and others that you can lose your entire corporate headquarters almost instantly and with no warning. Your business needs a comprehensive disaster plan. Today my focus will be on your IT disaster plan.

The goal on any disaster plan is to protect the continuity of your business in case of disaster. Consider just a few of the essential corporate functions that rely on your IT infrastructure. Consider how you would do payroll, order entry, inventory, accounts receivable and other functions. Not only might you not be able to do these and other things, but what if all your data including your backups were destroyed. You may just be out of business.

The goal of any disaster plan is to reduce your financial losses. In some industries, you may even have regulatory requirements that mandate a plan. Some companies have contracts with customers that require an effective disaster plan.

Disaster Recovery Alternatives

There are companies in the business of providing disaster recovery services for your business should you suffer a catastrophic loss of your computing ability. A simple Internet search engine query like "disaster recovery" will direct you to several alternatives.

These companies provide a whole array of services. Most importantly, they'll make their IT available to you so that you can be back in business as quickly as possible. Whether it's mainframes or PCs or configurations in-between, they have the hardware and expertise to assist you in times of disaster.

Typically, you pay a yearly subscription fee as a kind of insurance policy. If you suffer a disaster, you "declare" an emergency and the disaster plan kicks in. The level of service you get will depend on what you contracted for when you signed on with them.

In evaluating your alternatives, you should look at several things and don't be shy about it. You're looking at the company that may be giving your business life support at a time when it's in critical condition.

The first item is the facility. Does it use halon fire suppression instead of sprinklers? Is it physically located in an area where there is less risk of flood, earthquake, and crime?

Does the company use the latest technology to serve its clients? Is their hardware inventory up-to-date?

Do they provide you with detailed audit trails? Do they have comprehensive alarm systems including motion, sound, temperature and humidity? Will your data be co-mingled with other data?

Are their vehicles customized for transporting magnetic media? Are their containers constructed well? Are they foam-lined, fire, water and shatter-resistant?

Finally, check their references. Talk to clients who've had disasters and used their recovery services. Ask about their experiences in their time of need.

When you do pick a company, be sure to have a lawyer familiar with disaster recovery services contracts negotiate your agreement. Your lawyer needs to be familiar with IT disaster planning and the issues unique to technology contracting. You're buying very specific services as detailed in your contract. After the disaster is not the time to find out that your contract doesn't give you the services you thought you were getting.

Tips for your Disaster Plan

Start by creating a team that includes leaders from all major segments of your business. Your goals are survival with minimal losses and a prompt recovery to normal operations. You must first analyze your risks, then identify your critical functions, examine your vulnerabilities and then prepare the plan.

You will need to answer questions like how will various disaster scenarios impact your business. Which business operations must you resume immediately after a disaster? How long will it take to get other operations up and running? What resources do you need in place in advance?

Assume the worst while developing your plan. Assume that your facility is a complete loss with nothing salvageable. I know that I saw plenty of this scenario after Hurricane Andrew.

Be sure to review your insurance coverage. Look for valuable papers coverage. This will reimburse you for the cost of recreating valuable documents and re-inputting data.

Make sure that your policy covers software as well as equipment rental.

Next, make sure that your backup procedures include off site and geographically remote storage of data. Earthquakes, flood, and hurricanes are just a few examples of calamities that cut a wide swath. Even backups on opposite sides of a large city can both be destroyed simultaneously in an earthquake.

Finally, the last step is test, test and test again. No disaster plan is complete without testing. Absolutely no test plan works as written the first time. Yours will not be the first to change this rule. The unanticipated always happens. Sometimes it's the stupid stuff like the tape is in the wrong format for the disaster recovery center's systems. Whatever it is, anticipate the unanticipated. Your best insurance is a well-tested and periodically rehearsed disaster plan.

Click here to download mobile version

Like us on FaceBook Follow us on Twitter Get LinkedIn with us Pin It! Email Us Print this Page

Sitemap | Terms of Use | Privacy | Attorney Advertising

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.