DEVsource Technicians

Disaster Recovery - Step Two

Print

Establish the Budget

Once we’ve figured out your risks, we will ask 'what can we do to suppress them, and how much will it cost?' Can we detect a threat before it hits? How do we reduce the potential of it occurring? How do we minimize its impact to the business? For example, our small California Internet company could employ an emergency power supply to mitigate its power outage threat and have all its data backed up daily on RAID tapes, which are stored at a remote site in case of an earthquake. The more preventative measures you establish upfront the better. Mike Hopkins CEO DEVsource says, "dollars spent in prevention are worth more than dollars spent in recovery."

The results of Step 1 should be a comprehensive list of possible threats, each with its corresponding solution and cost. We know It is imperative that we presents all of these threats to the business operations managers, so they can make an informed decision regarding the size of the disaster recovery budget (i.e., which risks the company can afford to tolerate and which it must pay to mitigate). Mike Hopkins believes that often IT "falls down" in its failure to communicate the real risks for system downtime to the business the decision makers of their companies. He says, "It's okay for operations to say no; it's not okay for us or current IT staff not to let them know the risks."

A good place to begin is by estimating the cost of downtime for your business. How long can your business afford to be without its computer systems should one of your threats occur?

Ultimately, the business key decision maker decides which threats the business can tolerate. According to Hopkins when developing a DRP, Most IT departments are "shooting in the dark without those business indications." Both IT (internal or outsourced) and the business managers must agree on which data and applications are most critical to the business and need to be recovered most quickly in a disaster. The management of a small Internet company, for example, may decide they can supply the budget only for the emergency generators and the company will have to assume the risk of an earthquake.

Disaster recovery budgets vary from company to company but they typically run between 2 and 8 percent of the overall IT budget. Companies for which system availability is crucial usually are on the higher end of the scale, while companies that can function without it are on the lower end. However, these percentages may be too small. For a large IT dependency business 15 percent is a best practice rule of thumb according to Hopkins.