Disaster Recovery – What is a disaster?
An information technology disaster can be defined as any event or series of events which halt the production capability of any information system. An organization deletes an Excel spreadsheet being used to keep track of sales or inventory is a disaster. Another organization has a fire in the data center and due to fire suppression techniques the server hardware is damaged is a disaster. Regardless of the physical magnitude, it a system’s production capability is lost the organization has suffered a disaster.
Every organization needs to define information technology disasters within each information technology system in use. Evaluations can take the form of hiring a Systems Analyst or even brainstorming. Identify the systems that if lost, will result in halting production capabilities within the organization. Refrain from passing judgment at this time since the emphasis is on identification and not change.
An organization has a web based rolodex of all the customers contact information. The web based rolodex is updated by each sales person on a daily basis. The organization needs to identify where the information is stored. After discussion it was discovered an associate maintains a small Microsoft Access database on a personal computer running Windows XP. The information technology system has been identified.
The same organization could have a payroll system that generates and prints checks each week to pay vendors and employees. The checks are formatted from a Microsoft Excel spreadsheet with the data being manually entered from another Microsoft Excel spreadsheet being used as a general ledger. The spreadsheets are located on a Windows 2000 server running in the controller’s office. The information technology system has been identified.
Create diagrams to understand the systems identified. The diagrams can be flow charts or descriptions of where the system resides. The rolodex system can look like this: In web browser go to http://localhost/customers – Access database is located on a Windows XP personal computer in John’s office called Customers. Diagrams are meant for identification within the organization, so high level flowcharting and schematics should be reserved for organizations with and information technology department.
Once all information technology systems have been identified severity levels are assigned. A method for assigning severity levels is the time-frame required to restore the system before the lose impacts production capabilities. Looking at the two examples above customer contact information might be assigned a 1 day while the payroll system might be a 2 day ranking. Large organizations might have a HRIS (Human Resource Information System) which requires careful consideration to determine the modules working within the systems. Rational behind this ranking would be if sales personnel cannot generate sales that impact an organization quicker than not being able to print checks.
Information technology disasters adversely affect the organization’s ability to provide goods and services to customers. Identify all information technology systems is the first part of defining a disaster. Rank the systems based upon the immediate impact to generating revenue. Once all systems have been identified the organization can take steps to provide continual service to customers through disaster recovery.
