Natural disasters, terrorism threats, energy blackouts, even simple hardware failures – these and many other events may result in a significant interruption of business or a devastating loss of information. Preparing your firm to properly handle these types of events needs to be a top priority for every CIO. Even if a disaster cannot be avoided, with careful planning the effects can be minimized.
Disaster recovery and business continuation procedures are becoming hot topics as firms become increasingly dependent on data. Security and the availability of information and systems has too great of an influence on the business to be overlooked. Think about. What would happen if your main data center gets wiped out by a hurricane or is flooded by a tsunami tomorrow? Would your firm be able to continue billing? How long would it take to get back to established business processes? Would the firm be able to continue doing business with no significant data loss? For firms without a solid plan in place, the impact of these events would be devastating.
The false security of virtualization
With virtualization being a prominent practice across the legal IT industry, some firms rely on the replication of virtual machines as their disaster recovery / business continuity (DR/BC) plan. It’s very easy to think you’re safe. However, does the replication cycle meet your firm’s recovery time and recovery point objectives? Are the disaster recovery procedures designed to optimally handle the most critical applications for the firm? Does your firm have a prioritized plan for recovering data and applications in the event of disaster? Do all members of every team know where to go and what to do and in what order – if such an event occurs? If you’re uncertain about any of these points, then chances are you need a plan that goes beyond replication.
One size does not fit all
As you prepare to fortify your DR/BC procedures, be forewarned: cookie-cutter solutions don’t always work well. Take the time to fully assess your firm’s needs. For example, how long will it take to recover from such loss using said solution? Is your firm prepared to lose a full day’s work in 3E if need be? These are questions that must be asked as you review your firm’s disaster recovery procedures.
However, as important and meaningful as it is to set up the procedures in the first place, it is also absolutely imperative to test the setup and configuration on a regular basis.
Four reasons to test regularly
While it’s considered a good practice to run disaster recovery tests annually in the financial industry, within legal IT, the necessity of regular testing is often overlooked. A full test of your firm’s disaster recovery procedures must occur regularly. Here are four reasons why:
- There are always differences in how various software products handle switchover. You need to make sure that every aspect and area of the enterprise would be functional in case of disaster.
- With today’s IT architectures, every firm will have hundreds if not thousands of interdependencies that need to be taken into consideration when restoring systems. Some are not obvious without explicit testing of the sequence of required steps.
- Your IT organization has undoubtedly made conversions and installed new products during the past year. Are all new pieces of software ready for disaster recovery? Have the procedures been designed properly?
- How long would it take the team to recover all applications? Would the recovery time objectives and recovery point objectives be met? Would your users be happy with the turnaround factored into the plan?
This list of questions could go on. But the main argument remains the same: your firm’s disaster recovery procedures are not valid until they are tested – thoroughly and regularly.
Wilson Allen has an experienced team of legal IT professionals who can help you tackle the most complicated disaster recovery and business continuity scenarios. Contact us to help you plan disaster recovery procedures, as well as audit and test existing ones.