Many of us in Hawaii are well aware that June brings the start of hurricane season. While we have more than our fair share of other types of potentially disastrous events such as tsunamis or earthquakes, the fact of the matter is that most adults clearly remember the devastation of past hurricanes. For those of us in IT, this time of the year always makes us worry about our disaster recovery plan.

Many organizations nowadays are examining cloud computing vendors to provide disaster recovery services. While this might seem advantageous, geography and other limitations of our island state temper this decision.

First and foremost, of course, is electricity. Who’s to say that a Hawaii-based cloud vendor is going to be able to power your systems in the event of an islandwide power outage? Some vendors provide contingency plans, such as generators and batteries (really big ones), just for this purpose.

For mainlandbased cloud vendors, power might not be a problem, but distance could be an issue. Even with the advanced connections we know we enjoy, network latency, or delay, is still a problem.

Regardless of whether you are managing your own disaster recovery or farming it out, a good disaster plan is pretty straightforward to put together and relatively inexpensive. Such a plan does more than just tell you what to do after a catastrophe; it prepares you for the event.

A disaster recovery plan includes an inventory of all your computer systems and related components. For each item, what type of support and/or maintenance agreements are in place? What are the backup procedures and policies? If you are using a vendor, make sure you can verify this information, prior to entering into any contract.

The plan must outline any time-critical business processes that are IT-dependent. Defining these processes helps to prioritize the recovery operations. Clearly, systems that support critical processes need more attention than those that do not. It focuses on your ability to conduct business. What’s it going to cost if you’re down for a week? A day? An hour?

Now that we know what our critical systems are and the types of risks we are facing, we can develop a list of recommendations to help reduce the risk of outages, and create an environment in which systems can be recovered should a disaster occur. Like all good technical documents, the disaster recovery plan must be updated on a regular basis, especially as recommendations are implemented.

An important component of the disaster recovery plan defines the procedures to follow in the event disaster strikes. In addition to the tasks that need to be accomplished, the recovery procedures should also clearly outline the expected time frames for each step.

Like any other procedure, you should rehearse the recovery scenarios on a periodic basis. This is the only way to be sure that your recovery strategy is sound. Ideally, this will be done at least twice a year.

———

John Agsalud is an IT expert with more than 20 years of information technology experience in Hawaii and around the world. He can be reached at johnagsalud@yahoo.com.