Comments on: What is a Disaster Recovery Plan? http://ttm.pti.net/?p=235 Talking IT for a Data-Driven World Tue, 31 Jul 2012 15:35:49 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: jtimmons http://ttm.pti.net/?p=235#comment-5 jtimmons Tue, 31 Jul 2012 15:35:49 +0000 http://techtalkmadness.com/?p=235#comment-5 Determining the proper level of protection for the computer systems will be determined by the information that has been gathered. First the systems must be assigned a recovery time. This is the time the application or system can be off line with minimal impact to the company. As you have interviewed the different groups in the company, you will find that one group, administration for example can be without email for 4 hours and not really have a negative impact. But then another group, let’s use sales, will say that if their email is down for more than 15 minutes it is going to negatively affect their ability to sell your products. This means that every application is going to have to be evaluated based on the groups that use the application, the financial impact of the outage of that application, and the damage to the company’s reputation from the outage. Once this is completed you will have a list of applications and the acceptable downtime for the application and how much if any data loss is recoverable. Application, Downtime, Data loss Internet website, 0 minutes, Data is fairly static. It will have to be re-added. E-mail, 30 minutes, Email will queue Phone system, 30 minutes, Dropped calls will have to be returned, new calls will fail Manufacturing, 1 hour, Data in workstations will be lost. It will have to be recollected. CRM, 2 hours, Customer information cannot be verified, information will be difficult to re-collect process is paperless. Inventory, 4 hours, Data in workstations will be lost. It will have to be re-added using shipping / receiving slips. Payroll, 1 day, Data in workstations will be lost. It will have to be re-added. Accounts receivable, 1 day, Data in workstations will be lost. It will have to be re-added. Accounts payable, 1 day, Data in workstations will be lost. It will have to be re-added. Intranet website, 2 days, Data is fairly static. It will have to be re-added. From the list above, there are a couple of areas of concern. First, data from the CRM system is entered live by the customers on the website, or direct from the sales person while talking to the customer. The trigger word is paperless. This information cannot be recreated easily. Second, there as several systems with a recovery time of less than 1 hour, we must implement systems that can recover in the needed timeframe. Next, we will discuss our options. Determining the proper level of protection for the computer systems will be determined by the information that has been gathered. First the systems must be assigned a recovery time. This is the time the application or system can be off line with minimal impact to the company. As you have interviewed the different groups in the company, you will find that one group, administration for example can be without email for 4 hours and not really have a negative impact. But then another group, let’s use sales, will say that if their email is down for more than 15 minutes it is going to negatively affect their ability to sell your products. This means that every application is going to have to be evaluated based on the groups that use the application, the financial impact of the outage of that application, and the damage to the company’s reputation from the outage.

Once this is completed you will have a list of applications and the acceptable downtime for the application and how much if any data loss is recoverable.

Application, Downtime, Data loss
Internet website, 0 minutes, Data is fairly static. It will have to be re-added.
E-mail, 30 minutes, Email will queue
Phone system, 30 minutes, Dropped calls will have to be returned, new calls will fail
Manufacturing, 1 hour, Data in workstations will be lost. It will have to be recollected.
CRM, 2 hours, Customer information cannot be verified, information will be difficult to re-collect process is paperless.
Inventory, 4 hours, Data in workstations will be lost. It will have to be re-added using shipping / receiving slips.
Payroll, 1 day, Data in workstations will be lost. It will have to be re-added.
Accounts receivable, 1 day, Data in workstations will be lost. It will have to be re-added.
Accounts payable, 1 day, Data in workstations will be lost. It will have to be re-added.
Intranet website, 2 days, Data is fairly static. It will have to be re-added.

From the list above, there are a couple of areas of concern. First, data from the CRM system is entered live by the customers on the website, or direct from the sales person while talking to the customer. The trigger word is paperless. This information cannot be recreated easily. Second, there as several systems with a recovery time of less than 1 hour, we must implement systems that can recover in the needed timeframe.

Next, we will discuss our options.

]]> By: jtimmons http://ttm.pti.net/?p=235#comment-2 jtimmons Sat, 30 Jun 2012 18:58:34 +0000 http://techtalkmadness.com/?p=235#comment-2 Once all the organizational units are interviewed, it is time to compile the information and identify the systems that are used the most, and which organizational units are using them. This usage can vary greatly depending on the company’s business type. Only good research can clearly identify the critical systems for the employees. Now that we have identified which applications are most important to the employee’s daily tasks. It is necessary to identify which applications are critical to the company. These applications are going to be evaluated using a different list of criteria. This list of criteria will be like the one below. - Is the application customer facing - Does the application affect new customers - Does the application affect existing customers - Are customers with issues to be resolved affected - Is the company able to receive payments - Is the company able to pay bills - Will the company be able to process payroll - Is the company’s production facility impacted The company may decide that the finance area, account receivable, accounts payable, and payroll are the most important. On occasion, the company may feel the perception of the company to new possible clients is most important and they may therefore decide to make the customer facing interfaces, such as the website, the most redundant. Armed with these two lists, we can now begin to match these needs with the appropriate computer system. Once we have matched up the two lists, the proper level of protection can be selected. We should now be able to identify which systems need to be continuously and which ones can be unavailable for short periods of time. Next we will look at how to begin designing the desired redundant systems. Once all the organizational units are interviewed, it is time to compile the information and identify the systems that are used the most, and which organizational units are using them. This usage can vary greatly depending on the company’s business type. Only good research can clearly identify the critical systems for the employees.

Now that we have identified which applications are most important to the employee’s daily tasks. It is necessary to identify which applications are critical to the company. These applications are going to be evaluated using a different list of criteria. This list of criteria will be like the one below.

- Is the application customer facing
- Does the application affect new customers
- Does the application affect existing customers
- Are customers with issues to be resolved affected
- Is the company able to receive payments
- Is the company able to pay bills
- Will the company be able to process payroll
- Is the company’s production facility impacted

The company may decide that the finance area, account receivable, accounts payable, and payroll are the most important. On occasion, the company may feel the perception of the company to new possible clients is most important and they may therefore decide to make the customer facing interfaces, such as the website, the most redundant.

Armed with these two lists, we can now begin to match these needs with the appropriate computer system. Once we have matched up the two lists, the proper level of protection can be selected. We should now be able to identify which systems need to be continuously and which ones can be unavailable for short periods of time.
Next we will look at how to begin designing the desired redundant systems.

]]>