This document outlines best practices for managing business resumption issues. It recommends that disaster recovery plans include user involvement in planning and testing, annual reviews and testing of plans, and aggressive negotiation strategies with vendors. Successful plans communicate recovery costs to users, test applications annually with user participation, and ensure contracted support meets changing needs through vendor negotiations or changing vendors.
Managing data to improve disaster recovery preparedness » data center knowledge
Best practices in managing business resumption issues
1. Print Document http://my.gartner.com/portal/server.pt/gateway/PTARGS_0_24...
This research note is restricted to the personal use of Aristotle Castro (accastro@gwu.edu).
Best Practices in Managing Business
Resumption Issues
27 August 1998 | ID:BP-05-6289
Kathie Cleary
"Business resumption" is the more accurate view of disaster recovery. User involvement,
annual review and testing of plans, and vendor involvement are the key elements for
success.
Analysis
Situation: While the majority of typical data centers have some sort of backup plan in
place, we believe that there is plenty of room for improvement. As the scope of recovery
encompasses not only the mainframe area but also includes centralized servers and
midrange platforms, there needs to be an increased focus on the processes surrounding
this critical activity.
Observation: Until recently, full responsibility for disaster recovery was the IS
organization's, if a plan existed at all. Now, whether due to the unfortunate frequency of
natural disasters, increased reliance on systems to support the day-to-day business
functions, greater emphasis on "data" being valued as a corporate asset, or some
combination of these ideas and more, "disaster recovery" has become "business
resumption" - and has suddenly become everyone's job. We offer three "best practices" for
managing business resumption strategies.
Best Practices: 1. Include the customer in the resumption planning process. This helps
the IS organization determine both the effort involved in supporting those needs and
whether other solutions exist that can achieve a similar level of recovery, but at a lower
cost to the organization.
Communicate the cost of recovery to the users. Unfortunately, for many users, it is
easier to label everything "critical" than to make the effort to evaluate applications.
Users that understand the cost impact on the department/corporate bottom line
tend to put more emphasis on determining true criticality and establishing more
realistic priorities for the particular applications. The ratio of contracted capacity vs.
the installed base for MIPS and DASD is a good place to start looking for potential
inconsistencies or inefficiencies in the plan.
The recovery commitment is even more important in industries where "time is
money," as reflected in Figure 1. Requirements that include high capacity and
minimal time-to-recovery tend to carry a higher price tag.
2. Complete an annual review of contingency capacity requirements and implement
rigorous testing processes. As the environment grows and changes, appropriate
adjustments must be made to the plan to support that growth. In conjunction with that
growth, adequate testing must be performed in order to validate plan objectives and
guidelines.
Testing should include not just bringing up the systems but the customer
1 of 4 9/23/12 4:09 PM
2. Print Document http://my.gartner.com/portal/server.pt/gateway/PTARGS_0_24...
applications as well. A minimum of two tests a year is advisable - many
organizations go through three or four recovery exercises annually.
User involvement in applications testing is key to the success of the plan. This will
also help provide open communication and awareness between IT and users in
terms of recovery issues.
3. Use aggressive negotiation strategies with vendors when acquiring contracted support.
Many organizations, when renewing their contracts, have been able to sign agreements
that either include increased capacity at the same cost or the same capacity at a lower
cost.
Contract lengths should be limited to one to three years or, if longer, should include
clearly stated "out" clauses.
Vendor competition may result in lower costs, but keep in mind the criticality of the
service being purchased. It is not necessarily in the best interest of the company to
change vendors strictly to achieve cost savings if the current provider has
successfully met the needs of the organization.
Negotiate lower costs consistent with declining hardware prices. As shown in Figure
2, the GartnerMeasurement database reflects the decreasing annual costs of both
MIPS and DASD. It is important to make sure that the vendor is passing on these
savings in the contract.
Bottom Line: To be successful, the business resumption plan, whether supported
internally or with vendor participation, should include user/client communication, annual
reviews of critical requirements with an emphasis on testing and, if applicable, aggressive
vendor negotiation strategies. A failure to apply the appropriate attention to any one of
these areas could have a serious impact on not just the IT area, but the company as a
whole.
Core Topics
IT Measures and Metrics: Aligning IT Investments With the Business; IT Process
Management; Strategies for Improved Performance
Figure 1. Disaster Recovery Cost per MIPS
Source: GartnerMeasurement
Figure 2. Unit Cost Improvement - Mainframe and DASD
2 of 4 9/23/12 4:09 PM