Disaster Recovery

Disaster Recovery (DR) is the portion of the Business Continuity (BC) Program, including, policies and procedures related to preparing for recovery or continuation of technology critical to an organization after an incident causes an interruption of any type either natural or man-made. While business continuity involves planning for keeping all aspects of an organization functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions.

Disaster recovery as a concept developed in the mid to late 1970s as computer center managers began to recognize the dependence of their entire organizations on their computer systems. At that time most systems were batch-oriented mainframes which in many cases could be down for a number of days before significant damage would be done to the organization. This led to a need for faster more efficient recovery procedures, so grew the field of Disaster Recovery.

As IT systems have become increasingly critical to the operation of an organization, the importance of ensuring the continued operation of those systems, or the rapid recovery of the systems, has increased.

It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term. As a result, preparation for continuation or recovery of systems needs to be taken very seriously. This involves a significant investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event.

Disasters are normally classified in two broad categories, natural disasters such as floods, hurricanes, tornadoes or earthquakes. While preventing a natural disaster is very difficult, measures such as good planning which includes mitigation measures can help reduce or avoid losses. The second category is man-made disasters. These include hazardous material spills, infrastructure failure, or bio-terrorism. In these instances surveillance and mitigation planning are invaluable towards avoiding or lessening losses from these events.

As mentioned disaster recovery planning is a subset of a business continuity program and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. Some controls that can be used to help prevent disasterous events from occuring are;

  1. Preventive measures aimed at preventing an event from occurring.
  2. Detective measures aimed at detecting or discovering unwanted events.
  3. Corrective measures aimed at correcting or restoring systems after an event occurs.

When any of these controls are implemented they should be always documented and tested regularly. With out testing your plans they are just paper on a shelve. Once tested you can generally rely on them in time of disaster. Testing is tantamount to an effective BC or DR program.

To understand better how UIS approaches Disaster Recovery see the document UIS DR Mission Statement and DR Program Overview

Each UIS department has written plans to guide them through disruptive events. To ensure that these plans are maintained in an accurate state wach department has assigned a BC/DR Coordinator, to see who your coordinator is, click here to view Georgetown Departmental BC/DR Coordinators. You will need to sign in using your NetID to view this document.