4.5 Choosing a Recovery Strategy

At the commencement of a BC planning exercise there are many possible recovery strategies from which to choose (see also Section 4 - Contingency planning tasks).

Two or more recovery strategies may be combined, to produce the most appropriate strategy for a particular situation. The choice of strategy will be determined relative to two main factors. 1) The speed with which vital business processes must be re-started following a disaster. 2) The cost of providing the resources required for implementation of the chosen recovery strategy.

How 'remote' should the 'recovery' site be?

The distance between the main and recovery locations can be anywhere from less than one kilometre to several tens, hundreds or even thousands of kilometres (see also Section 3.1 - Identification of Threats to Business Operations).

Each of these distances produces its own set of advantages and disadvantages.

In the case of the shorter distances, if the disaster is caused by failure of the local electricity or water supplies, a major telecommunications fault or a serious public safety alert, it is possible that both the main and recovery sites could be affected by the same incident. However, a shorter distance between the main and recovery sites makes the recovery site very accessible for maintenance, and for its use as a production test site and for the convenient, secure storage of back up media and contingency resources.

It is worth spending time to consider the three elements of a recovery strategy in some detail and to ensure that any risks associated with the final choices are known (see also Section 3.1 - Identification of Threats to Business Operations).

Some organisations use Application Service Providers to provide and maintain their major computer applications and data. The computer system(s) might be located at the ASP company's site or at the user organisation's own offices. Whichever of the following strategies is chosen, communications links will be required between ASP hosted applications and the recovery site(s). It is essential that the ASP company is involved in implementation of the recovery links and operational service level required by the organisation following a 'disaster'.

The three main choices for a recovery site are:

4.5.1 Reciprocation

A reciprocal arrangement is made between two or more business groups that use nearly identical resources in their normal operations. The locations of the groups must be several kilometres apart and they should not be connected to the same supply nodes for communications, water, electricity, sewerage or gas services. Redundant capacity is required at the host site, at the time of a disaster at one of the other partners in the arrangement. The availability of the affected partner's vital 'recovery' resources, at the 'host' site, is pre-planned and contingency plans are drawn up to enable the affected partner to resume business operations at the host site.

Reciprocation works best when the partner sites have identical business operations and belong to the same organisation (for example, when both are retail branches of the same company).

Reciprocation also works if the 'host' site can take over the business operations of the affected site without the need for staff to travel between the sites. This ensures that 'host' site staff do not have to give up their desks for the visiting staff from the affected site - or, alternatively, that redundant desks and resources do not have to be maintained at the 'host' site.

In practice, reciprocation never works well. Redundant space does not remain available for very long before a use is found for it at the 'host' site. I.T. systems and applications can not stay wholly compatible between two live business operations.

Reciprocation is therefore usually not recommended by MBA.

4.5.2 Duplication

A remote 'off site' data centre is built and equipped with desks, I.T. and communications equipment and secure storage for data tapes and other vital resources, which would be required to resume business operations, in the event of a disaster. Arrangements must be made for regular update and maintenance of the vital data stored at the off site data centre.

Duplication is a good strategy for ensuring that current data and adequate resources are available for business recovery at the off site data centre, following a disaster. The strategy is, however, very expensive.

The business contingency portion of the total cost, for building and maintaining an off site data centre, may be reduced in two ways:

Firstly, the off site data centre should be used as a production back up site. The site may also be used for secure storage of daily back up tapes. This allows the data centre costs to be shared between business contingency and 'production support' (see also: Section 3.3 - Calculation of Budget).

Secondly, back up tapes should be used for the daily storage of vital data, at the data centre. This is an inexpensive option. Data mirroring from the main production site to operational servers at the data centre should be used only when resumption of a related business process is time critical and can not be interrupted for the period required to read back up tapes onto one or more servers. Or, when a recovery point earlier than the latest transaction is unacceptable. Data mirroring is very expensive. It requires the provision of duplicate servers at the off site data centre and a software utility to copy data between the sites.

4.5.3 Third-Party Site

Space is rented from the vendor of a commercially available disaster recovery site. The annual rental charge is calculated on the basis of the number of desks that would be required for use by recovery staff, at the time of a disaster and the amount of 'private' space needed for the company's own equipment at the recovery site.

The desks and PC network, at the third party site, are sold to several other users (usually between 4 and 10 companies). Each user company is allowed to specify other companies to which the vendor should not offer the service. An exclusion zone is also permitted, to be drawn around the offices of each user company, within which no other company should be offered the service by the vendor.

If the company can be given 24x7 access to a wholly owned, secured access equipment room at the third party recovery site, the equipment room can be used for production back up. This is always a cheaper option than building and maintaining a dedicated off site data centre.