Tuesday, 3 January 2017 Blog ehdf

7 Tips for an Effective Disaster Recovery Plan

The sinking of the RMS Titanic after hitting an iceberg on her maiden voyage, from Southampton to New York City, is one of the most famous disasters of recent centuries. In April 1912, when she set sail on her voyage, the Titanic was the largest ship ever built and was considered to be unsinkable. However, a series of events – that included unexpected weather phenomenon and human error – resulted in a tragedy that claimed the lives of over 1,500 people. Recent investigations and scientific tests carried out on the sunken vessel have isolated the low grade of iron used to make the more than 3 million rivets that held the Titanic together as a significant contributing factor to the disaster. Ultimately, despite being a colossal vessel of remarkable size and an engineering marvel of its time, the Titanic was undone by one of the smallest and seemingly most inconsequential of its components.

Disruptions and disasters occur because all possible scenarios can never be completely anticipated and prepared for – perhaps this is why the term “unthinkable” is so widely used in the context of disasters. The fundamentally inexplicable nature of certain disasters is the reason why even the best designed systems and operations need an effective disaster recovery plan, should the “unthinkable” occur.

The familiar and well known tragedy of the Titanic, serves to remind us that a good disaster recovery plan in Dubai – and the UAE in general – ought to go beyond anticipation of the likely sources of disruption. It should, in fact, presume a possible system failure and devise ways to limit damage and loss. Some of the ways in which an enterprise can prepare itself, for failure, in order to limit damage and its duration, are listed below.

1. Planning for least possible disruption of communication: An effective disaster recovery plan must begin from a well devised methodology that allows the enterprise to maintain basic communication – between departments, between management and staff, as well as between the enterprise and its clients and collaborators. In order to best prepare for an extreme event, an enterprise must have pre-identified alternatives to standard methods of communication and coordination, which can operate outside the realm of business as usual scenarios.

2. Clearly identified performance parameters: As with every enterprise regardless of geographical location, a good disaster recovery plan in the UAE must take into account the everyday functional realities specific to the industry and the region. Specific variations in work culture and hierarchy must be taken into account in order that the enterprise can operate well enough to recover – who is to perform what function, in the event of disruption; which individuals and departments are most critical to the containment of an event, and which functions are the priority areas to address.

3. Clearly identified roles for individuals and departments: An effective disaster recovery plan should not only restrict itself to planning for an alternative process and technologies, but it also needs to have well-rehearsed and clearly defined alternative roles – for individuals and departments – in the event of disruption. While not all contingencies can be identified, it is always possible to have alternative functions in place in order to best utilize the resources of the enterprise during an emergency.

4. Established practices and service agreements: While the affected organization itself is likely to act in its best interests, several outside entities – from clients to collaborators – are affected by a disaster. A good disaster recovery plan should include a well devised plan to limit the damage to such entities, as well as a clearly defined process that these entities are aware of. While a disaster often brings out the best in people, one that has originated in an outside entity can easily be perceived as a deal breaker, should it be mismanaged and should the interests of external entities be compromised beyond the inevitable.

5. Protecting sensitive information central to the business: Every enterprise has operational information that can harm the organization, should it fall into the wrong hands or compromise privacy or security – whether within or outside the organization. Disasters can often introduce stress that undermine such issues. An effective disaster recovery plan should identify worst case scenarios, likely sources and points that could cause such repercussions and the most optimal ways to minimize such damage.

6. Regular testing of emergency procedures for effectiveness: Even the best devised disaster recovery plan can prove to be ineffective, if the elements that need to come together to minimize damage are not sufficiently prepared for, and familiar with, the contingency plan. Regular testing and re-familiarization with the disaster recovery plan is a must so that the disaster can be negotiated with minimal damage. Likewise, any change in parameters and variables needs to be accounted for and incorporated within the disaster recovery plan – as well as the resultant changes communicated to relevant entities.

7. Robust redundancy of procedures, process, entities and infrastructure: An effective disaster recovery plan does not only involve the attempt to make the most of the elements that have survived the disruption, but there needs to be redundancy built into every aspect of the system itself. Redundancy not only limits the range and scale of the disruption, it also reduces the chance for a disruptive disaster. While isolating functions and departments is counter intuitive and not desirable, redundancy allows for separation of these elements so that the disaster can be minimized and contained.