Disaster planning, emergency preparedness, or business continuity (and experts note that there are differences) -  the goals are ultimately the same:  to get an organization back up and running in the event of an interruption.  The problem causing the interruption could be one computer crashing or an entire network crashing.  Or it could be an electrical outage or the result of a terrorist activity.  The goal is to have some contingency plans in the event of a problem.  A disaster recovery plan exists to preserve the organization so that it can continue to offer its services. 

A disaster recovery plan is a users' guide - the documentation - for how to preserve an organization.  In order for a plan to be useful, it must be created before an interruption occurs.  Business continuity is disaster recovery.  Lost revenue is a driving force in business continuity.  The reason to do a recovery plan is essentially to keep the funding coming in and the services going, and the clients being served.

• Emergency planning are those procedures and steps done immediately after an interruption to business.
• Disaster recovery are the steps taken to restore some functions so that some level of services can be offered.
• Business continuity is restoration planning, completing the full circle to get your organization back to where it was before an interruption.

In order to write your plan, you have to do some planning. This planning is the process that will get you to the step where you then commit your plan to paper - you canÂ’t write a plan until you do the preparation.  The most difficult thing is getting started; the second most difficult task is keeping the plan current.

Disaster Recovery Planning (DRP) is the process by which you resume business after a disruptive event.  This typically means that you can get the enterprise computers, networks, and data base operational. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.

Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. However Janco has found that over one third of all enterprises have had to activate their Disaster Plans in the last few years.

Business Continuity Planning (BCP) suggests a more comprehensive approach to making sure you can keep the enterprise going and meet it business objectives. This goes beyond the enterprise computers, networks and data bases.  However, the two terms are married under the acronym DR/BC or DRP/BCP. At any rate, Disaster Recovery Planning and/or Business Continuity Planning facilitate how a company will keep functioning after a disruptive event until its normal facilities are restored. 

Recognizing the scope of the requirements, Janco suggests that you purchase the Disaster Recovery Business Continuity Template  and the do the following:

• Conduct a business impact assessment. This involved a crossfunctional team to evaluate the business requirements and tier data based on the importance to our business operations.
• Protect data and applications. It was important to back up data frequently to ensure records are kept, so we needed to upgrade
  our backup equipment to a faster version to reduce the time it took to complete a backup cycle.
• Review power and connectivity options. We needed to add uninterrupted power supplies (UPS) and connectivity for critical servers, network connections and selected personal computers to keep the most essential applications running in case of a power outage.
• Document, test and update the disaster preparedness plan. Part of the Janco Disaster Recovery and Business Continuity Template plan needs you to include updated configuration diagrams of the hardware, software and network components to be used in the recovery. The plan also needed to include logistical details, such as travel to backup sites and spending authorization for emergency needs.
• Consider telecommunications alternatives. Often taken for granted, telecommunications backup involving redundancy and alternatives needed to be in place - and in the case of spot outages, redundancy may be enough. For larger outages, alternative communications vehicles, including wireless phones, wireless data cards and satellite phones, had to be considered.

Importance of testing is critical to the disaster recovery and business continuity planning.

All good disaster recovery and contingency plans start with having a good solid backup of data. Although systems and applications can be reinstalled and reconfigured, data cannot be rebuilt out of thin air. The key to having a good backup is to make sure the data is correct and can be successfully restored. This is not always as easy as it seems. One company had such an issue. Their backup administrator did not correctly follow procedures and when he thought he was doing a backup, he actually was not writing anything. When they tried to restore a database, they found out all the tapes were blank.

The World Health Organization has raised the pandemic alert over the spread of swine flu to phase 5.

WHO says that based on assessment of all available information and following several expert consultations raised the current level of influenza pandemic alert from phase 4 to 5.

While making the annoucement, WHO stated that all countries should immediately activate their pandemic preparedness plans. At this stage, effective and essential measures include heightened surveillance, early detection and treatment of cases, and infection control in all health facilities.

In disaster planning when a pandemic occurs the data center exists but people are in separate locations. The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities in addition before the pandemic occurs the following planning needs to take place:

• Define necessary staff levels for critical business processes
• Identify who can work remotely and who has to be in the office
• Validation of vaccinations for key staff members
• Identify the lights out processing issues for computer operations staff
• Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
• Train and test of users and IT staffs in how to operate from remote locations Require key employees to work from remote site at least once a month
• Validate broadband capacity to remote sites (home users)
• Have copies of disaster plan available in remote site
• Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
• Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
• Define change management and version control processes to be used and how they will be controlled during the pandemic.

Getting started with a disaster recovery / business continuity plan may seem daunting, but is not. The process starts by addressing the needs of the business - not the IT department.

• Access the enterprise's operating environment - Identify critical business functions and then determine which systems, applications and data must be available to keep each function running smoothly.
• Conduct an IT business impact analysis - Develop a hierarchy of business functions and processes based on their importance to operations. You will most likely find that, although some systems need to be up and running as soon as possible after a disaster, other systems can wait.
• Establish a team with enterprise wide management experience and responsibility -  Gather representatives from across the business, from IT to human resources and facilities management. Each member should contribute to both the development of the disaster recovery plan and its execution. Be sure to define their responsibilities and the reporting hierarchy in the event of a disaster and to equip them with mobile technology, so they can make decisions spontaneously.
• Develop budgets and funding sources - A disaster recovery plan is only as effective as the resources that are committed to it. Once you have determined what it will require to support your business recovery objectives, you need to identify the tools and procedures needed to meet them. Be specific about the cost of these mechanisms, as well as the financial risk of disaster, so you can build a realistic business case.
• Define specific responsibilities and tasks - Spell out tasks, responsibilities and roles - not only to revive systems, but also to provide access to users and enable operations to continue even under compromised circumstances.
• Re-evaluate what has been created and keep it up to date - Test it, reexamine it and update it regularly - once a year, twice a year or even quarterly. Also, remember that there are continuing advancements in disaster recovery technology. Keep revisiting your options to take advantage of faster, more-cost-effective solutions.

Most companies buy servers from the likes of Dell, Hewlett-Packard, IBM, or Sun Microsystems. But Google, which has hundreds of thousands of servers and considers running them part of its core expertise, designs and builds its own. Google has designed its own servers and each server has its own 12-volt battery to supply power if there's a problem with the main source of electricity. Since 2005 Google's data centers have been composed of standard shipping containers--each with 1,160 servers and a power consumption that can reach 250 kilowatts.

A disaster or business interruption occurs, what do you do?  A quick roadmap to follow is:

• Do not panic and remain calm! When a disaster or business interruption occurs the first priority number is to ensure the safety of the employees.
• Evaluate the disaster!  Determine the impact on your personnel and enterprise operations, this evaluation the event is critical in making the decision to activate the disaster recovery business continuity procedures.
• Communicate with everyone that can be impacted! Communicate with your team, managers, affiliates, and vendors frequently. Even if there is no status to report, do not leave anyone guessing or letting them draw their own conclusions.
• Know the disaster recovery business continuity plan! Testing the Business Continuity Plan regularly helps everyone in becoming familiar with what will happen and how it will be done.
• Be decisive! Once you have determined the level of disaster and everyone is safe to operate, it is time to make the decision if you need to implement the business continuity procedures or if the downtime for recovery acceptable.
• Start the process! Start with recovering the most business critical systems first to restore business operations to a functional level. There should not be any question, which order which applications need to be restored first.
• Lock down all backups and critical documentation! The first step to the recovery is having a set of data to recover from. This could be anything from archived tape, local disk copy, and a co-location or disaster recovery data center.
• Use multiple solution paths! Assume that nothing will work and have alternatives in place  
• Reactivate normal operations! Once the systems are operational, the disaster is over and systems are repaired it is time to move the workloads back to where they were originally.

How do you create a unified Disaster Recovery Business Continuity Plan when you IT services are outsourced to multiple vendors and some of their facilities are in the same geographical area?  Some vendors are now starting to offer services that are designed to help enterprises get a converged view with which to manage and monitor their entire IT infrastructures, regardless of whether services are delivered by in-house resources or by third-party service providers.

These service providers recognize that enterprises are moving services to specialty vendors such as security providers, network providers or computing services providers, rather than to a single services provider.

Popular social networking site Facebook.com admitted on a blog post today that over the weekend, a hard drive failure led to the temporary loss of 10% to 15% of its users stored photographs.

According to the company, several drives failed at once during a routine upgrade Friday night.

"You may have noticed in the past day that some photos aren't appearing or are displaying a 'question mark' graphic when you go to view them. We're trying to fully understand what happened, since simultaneous hardware failures like this are rare,"  a Facebook engineer, stated in his blog.

Facebook said its users' photos are safe because it stores multiple copies of the data for disaster recovery and business continuity purposes, and it is working to make the photos affected by the system failure available again as soon as possible.

A hard disk drive duplicator has been released. The second generation device is a compact and portable cloning solution with blazing cloning speeds approaching 6GB/min! A full color touch screen provides an easy to use interface, and support for SATA/IDE/USB/Firewire 1394B makes the device an extremely versatile duplicator.

The hand-held unit provides the convenience of on-site as well as "on the bench" cloning. Novice users will appreciate the "wizard" function that steps them through key cloning operations. Advanced software including Clever Copy, Selective Partitions and Master Manager is included with the device. The compact, feature-rich cloning device also features support for verification of the cloned drive using an MD5 signature of target drive. The SuperSonix device is Windows Vista compatible and supports e-SATA and microSATA drives (with optional cables) as well as solid state drives.

 IT managers must make disaster planning a top priority if they are to prevent data loss and maintain business continuity in times of crisis. Unfortunately, day-to-day operations too often steal the time that IT professionals should otherwise devote to critical disaster planning and business continuity efforts. Enterprises cannot prepare for yesterday's disaster today. That is why you need Janco's Disaster Recovery and Business Continuity Template.

This comprehensive disaster and business continuity preparedness template includes: 

• Plan Introduction
• Business Impact Analysis - including a sample impact matrix
• DRP Organization Responsibilities pre and post disaster - drp checklist
• Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
• Recovery Strategy including approach, escalation plan process and decision points
• Disaster Recovery Procedures in a check list format
• Plan Administration Process
• Technical Appendix including definition of necessary phone numbers and contact points
• Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available.
• Work Plan to modify and implement the template.  Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)

Most disasters that affect enterprises are not as great as the terrorist attack of 911 or Katrina.  However, enterprises need to plan for event of that magnitude.  Plans has have to take in account the loss of expertise and skills of workers killed in the disaster, businesses lost physical assets, data and the information technology to continue operating.

Preparing for disaster is nothing new.  Smaller companies may not have the money to safeguard all their crucial systems.  The risks they face are that 80% of companies that do have a disaster recovery / business continuity plan in place never either open their doors after the disaster or go out of business within 18 months.

Lessons that enterprises that have gone through a disaster and survived are:

• There never is enough testing
• The disaster and business continuity plan is not quite up to date
• Not all of the backups that were taken worked
• Key data was lost because the right backup was not made
• Too few people know what the disaster and business continuity processes are

During the execution of your Disaster Recovery / Busniess Continuity plan is your company's information protected by the security policy and solutions you have in place now? Are you in full compliance with SOX, GLBA and HIPAA regulations, while also complying with your state's information security laws? Federal and state rules enforcing the electronic security of personal information are becoming stricter and more complicated. As a result, companies are reexamining the way they deal with sensitive information to avoid the lawsuits, fines and loss of business reputation associated with a security breach.

Still, despite business's efforts to step up their security protocols, in 2007:

• More than 79 million personal electronic records containing data such as Social Security numbers and credit-card numbers were compromised in the U.S.
• This was nearly four times the number reported in 2006. (Source: New State Laws Enforcing Encryption, MessageLabs Whitepaper, Nov. 2008)

According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.

Next to personnel, data is your most irreplaceable asset.  Networks, application hosting platforms, and end user computing environments can be replaced quickly.  However, without your customer lists, product catalogs, inventory, financial records, and other operations data your business cannot recover.

In today's rapidly changing business environment, Information Technology outages can be devastating. In the new Democratic administration, the email system failed for a 36 hour period. This resulted in the implementation of their primary backup system being implemented - they went back to paper.

Regardless of the cause - hurricane, fire, accident, hacker attack, or even terrorist attack - production downtime is not only costly, but in some cases causes enterprise to fail and go out of business. With a mobile workforce, global customers wanting to do business around the clock, and continually greater dependence on technology, companies need to not only protect data, but continue business operations virtually uninterrupted. The cost of downtime, depending on your industry, can be from thousands to millions of dollars per hour - due not only to disaster recovery expenses, but also to lost sales, customer defection, and lack of productivity. Add to that a damaged reputation in the marketplace and diminished shareholder confidence, and the cost of downtime can be staggering.

However, organizations that can continue business operations through any outage, large or small, can gain competitive advantage - and sometimes even take market share from competitors.

Information is one of a company's strategic resources. The company owns valuable proprietary processes, sensitive customer information, private vendor lists, and strategic goals that have great value - and may be attractive targets for competitors or thieves. In addition when a a disaster recovery and business continuity plan is activated, data can be inadvertently exposed and or lost.

In many instances, companies have a legal obligation to protect that data. Data also has to be protected from accidental (or intentional) corruption, and IT professionals must ensure that company data is accessible or deliverable when necessary.

As a result, companies spend a significant portion of their IT budget on managing and protecting information. Sometimes business interests collide. More security sometimes means less productivity, more cost and less return on business investment. A company's data can be lost or stolen if network users do not follow basic security procedures. Lost data can mean:

• Lost time
• Lost money
• Lost opportunities
• A lost competitive edge
• A crippling legal liability and a serious public relations problem, if the company loses customer or client data  

Disaster recovery and business continuity planning could be favorably impacted by the economic stimulus package.  There are calls  to invest between to $30 billion to $100 billion to expand broadband coverage within the United States.

• Educause, an advocacy group focused on IT use in higher education, called for a $100 billion broadband program in a policy paper (download PDF).
• The Obama transition team members are pushing for a broadband funding package that is about $30 billion.

With this additional capacity the cost structure for various disaster recovery and business continuity solutions will be significantly altered.

There are two major categories of data replication: 1) Continuous Replication, in which data changes are sent continuously between locations, and 2) Periodic Replication, in which changes are send periodically in batches. While these solutions vary in several performance and operational parameters, the key differences are in what kind of recovery they offer.

• Continuous replication offers a single recovery point. Write operations are continuously copied to the remote location, the copy is identical to the current production data. In a physical disaster you lose very little data because the remote copy is current. However, with a virus, corruption, accidental deletion, or malfunction, the corruption is propagated to the remote location immediately. No previous restore point is available, leaving you to recover from backup tapes. This can take days or even weeks, and may result in significant amounts of data loss.
• Periodic replication is built on the premise that point-in-time copies, or snapshots, are created and sent regularly - but not continuously - to the remote location. Production performance is not impacted, and distance between sites is unlimited. This method offers multiple recovery points and a catalog from which to choose them. Because there is distance between the production and replication sites, you have protected data on disk that is quickly accessible in case of physical disaster. In addition, should a virus, corruption, accidental deletion, or malfunction occur, you can restore "known good" data from a point in time prior to the disaster. Application recovery is fast, because snapshots provide application data in a clean state.

Backup and recovery policy is required a first step in and Information Technology disaster  plan.  In addition the disaster recovery policy must be reviewed at least annually to assure its relevance. Just as in the development of such a policy, a planning team that consists of upper management, and personnel from information security, information technology, human resources, or other operations should be assembled to review the disaster policy. Roles and responsibilities of the planning team should be as follows:

• Perform an initial risk assessment to determine current information systems vulnerabilities.
• Perform an initial business impact analysis to document and understand the interdependencies among business processes and determine how the business would be affected by an information systems outage.
• Take an inventory of information systems assets such as computer hardware, software, applications, and data.
• Identify single points of failure within the information systems infrastructure.
• Identify critical applications, systems, and data.
• Prioritize key business functions.

When remote offices are operational then Disaster Planning and Contingency Planning need to take them into consideration.   The Janco Disaster Recovery / Business Continuity Plan Template has specific section dedicated to this.  It includes everything needed:

• Work Plan - The first step is to select the group of people who will form your disaster recovery / contingency planning committee. Include high-level managers, consider representatives from all the departments within your business, and, if possible, include a human resources representative as well.
• Current contact list with multiple methods of contact - Not only should you keep a list of the names of all employees, but that contact list should include alternate ways that people can communicate with each other. Include home phone numbers, pager numbers, non-work e-mail addresses, and cell phone numbers.  Create a formal phone tree that can be activated should you need to get in touch with your employees quickly.
• Organizational Succession Plan - What if several members of your management team were in an accident and couldn' t perform their regular responsibilities? What if key members of your company simply couldn' t be contacted for a period of time when you need to make some critical decisions? To prepare for this kind of circumstance, you need to consider a clear chain of command and authority. If key personnel are missing, who' s in charge? Who makes decisions?
• DRP/BCP Organizational Chart - Have a single decision-maker. That person needs to know the steps to take in a crisis, and how to reach all employees and other essential contacts (clients, customers, etc). And employees need to know who to take direction from in the chaos that frequently follows a disaster.
• Physical work space alternatives - If something happened to your offices, what would you do? Can employees work out of their homes? Is there another company that would share their facilities with you temporarily until you can rent or buy space at a new location?
• Risks and vulnerabilities - Make a checklist. Do you live in tornado alley? Put tornado damage on that list. Do you work in an office with no alarm system? Put building security on the list. Might layoffs occur sometime in the future? Add workplace violence. What if the phones get disconnected? What if your key supplier can' t get shipments to you?
• Backup your data - Most people have thought about backing up their computer data. Where are your important papers and files - both print and electronic? If your office computers or servers are destroyed, you' d better have your data recently backed up off site.

Here is a set of common disaster recovery techniques for backup and data recovery:

• Bulk copy with CIFS, NFS and FTP - For many scenarios, backup and recovery is no more complicated than scripted file copies. However, these protocols are notorious under-performers when it comes to WANs – even on Quality of Service (QoS) guaranteed MPLS links. If they are even copied at all; the combination of byte caching and object caching means that only the changed parts of files need cross the wire. For most bulk transfers a 10x increase in performance is common.
• Differential Backup applications - These applications keep track of file changes and only pass changes between locations. However, they, too, can be dramatically compressed using byte caching technology and are subject to the same bandwidth contention issues of any other application if a traffic control solution like MACH5 is not in place. Although some use proprietary protocols for transmission, those that use the underlying operating system benefit from protocol optimization. For most backup applications, a 3x performance increase is common.
• Database Replication using native SQL replication - Oracle replication and Microsoft DTS use complex SQL statements to automate data transfer. Byte caching and compression removes the inherent redundancy of this data, while user-aware bandwidth management can separate database use from database backup and allocate bandwidth accordingly. For most SQL automated transfers, a 3x performance increase is common.
• Database Replication using log shipping - Once the database files are dropped to flat files, they are usually transported as part of a bulk copy. These files are highly redundant, and byte caching and compression can improve their transfer dramatically. Further enhancements from optimizing the underlying transport protocols help as well. For log shipping, a 10x performance increase is common.
• Data Replication using web services as part of a Service Oriented Architecture - As SOA gains popularity, transporting data from different parts of the organization as XML over HTTP and HTTPS will become more common. Use internal and external SSL encrypted Web services.