No matter how diligently you and your organizational colleagues work to ensure the security and stability of systems, all employees and systems are inevitably vulnerable to some kind of natural or human-made disaster that threatens security as well as the very functioning of the business. Some disasters are quite common, such as power outages, and we can assess the probability of some disasters occurring, such as a hurricane or an earthquake. However many disasters are unexpected in their timing or their severity, perhaps even causing loss of life, creating chaos for people and the organization itself.
The fields of disaster preparedness and disaster recovery are interdependent, and they build on each other. Disaster preparedness includes what a company should do if it encounters a crisis. The field of disaster recovery is focused on how a business can continue in the aftermath of a disaster and how it can restore essential systems in the IT infrastructure. This section focuses on disaster recovery as it relates to information systems. The traditional disaster recovery process consists of planning, a walkthrough, practice drills, and recovery from the disaster.
When hit with a disaster, a company stands to lose people, money, reputation, and their own assets, as well as those of their clients. It is important to do the right things to minimize potential losses. Analysts should determine what the organization’s level of disaster planning is and how well articulated the role of information systems is in their disaster response and recovery plans. The key questions that analysts must ask early on are (1) whether employees know where to go, and (2) what to do in the face of a disaster. The answer to these questions will guide your further planning. Conventional wisdom provides seven elements to consider during and after a disaster.
As you will see, many of them involve information systems and relate specifically to the planning required of you as a systems analyst.
- Identify the teams responsible for managing a crisis.
- Eliminate single points of failure.
- Determine data replication technologies that match the organization’s timetable for getting systems up and running.
- Create detailed relocation and transportation plans.
- Establish multiple communication channels among employees and consultants who are onsite, such as analyst teams.
- Provide recovery solutions that include an off-site location.
- Ensure the physical and psychological well-being of employees and others who may be physically present at the work site when a disaster hits.
The disaster preparedness plan should identify who, in the event of a disaster, is responsible for making several pivotal decisions. These include decisions about whether business operations will continue; how to support communications (both computer and voice); where people will be sent if the business is uninhabitable; where personnel will go in an emergency; seeing to the personal and psychological needs of the people present in the business and those who might be working virtually; and restoring the main computing and work environments.
Redundancy of data provides the key for eliminating single points of failure for servers running Web applications. As an analyst you can be especially helpful in setting up this type of backup and redundancy.
Some businesses are moving to storage area networks (SANs) to get away from some of the unreliability associated with physical tape backups and storage. Synchronous remote replication, also called data mirroring, for nearly real-time backup is also gaining favor. However, if companies are farther than 100 miles away from the site, the data mirroring process can be affected. Asynchronous remote replication sends data to the secondary storage location at designated time intervals. Online options are available for small businesses, too.
The organization should develop and distribute a one-page memo that contains evacuation routes and employee assembly points. This should be distributed to everyone in the organization. The three common choices are either to send employees home, to have them remain onsite, or to relocate them to a recovery facility that is set up to continue operations. The entire gamut of transportation options should be considered when developing this memo.
Organizational and analyst team members must be able to communicate in the event that their typical email is disrupted. If email is unavailable for broadcasting an emergency message, an emergency information Web page or emergency hotline can serve as viable alternatives.
Recently, some software companies have started offering a suite of software tools that permits ad hoc communication by emergency response agencies that allows them to rapidly set up secure VoIP, Web connectivity, and Wi-Fi hot spot capabilities. Wider availability and lower prices will undoubtedly bring these important communication capabilities to other types of organizations in the future.
To better protect the organization’s backup systems and to ensure the continued, uninterrupted flow of banking transactions in the event of a disaster, new regulations in the United States stipulate that bank off-site locations must be at least 100 miles away from the original site. Since paper files and backups also present a monumental problem and are highly vulnerable to natural and human-made disasters, organizations are strongly encouraged to create a plan that helps them move toward a digital documentation project that is meant to convert all of their paper documents to electronic formats within three to five years of inception (Stephens, 2003).
Support for humans working at an organization that experiences a disaster is paramount. There must be plentiful and easily available water, especially if employees are unable to leave the site for a number of days due to outside weather conditions or partial building collapses. While food is important, water is more so. Employees should also be issued a safety kit containing water, a dust mask, a flashlight, glow sticks, and a whistle. One way to learn what should comprise a personal workspace disaster supplies kit is to go to The American Red Cross Web site (www.redcross.org), which provides details for supporting humans during disasters and providing for them in the aftermath.
