Just a few months into the year and with several high-profile IT outages – RBS, NatWest and HSBC – hitting the headlines, we thought it timely to share our top tips for a successful recovery. Although ten steps may sound easy, following them involves a great deal of complexity and requires considerable resources if the desired Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) are to be achieved.
It may be tempting to skip a stage but, in our experience, organisations that fail to address each one of these ten steps find their availability expectations aren't met at the executive level or, worse, the recovery process doesn't work at all.
1. Identify business availability requirements- It may appear to be stating the obvious but it is vital to ensure the specified availability requirements meet the actual needs of the business and stakeholders, or executive sponsorship may not be forthcoming. Typically, customers tell us they either over- or under-engineer their recovery solutions, investing too little or too much and not delivering the optimal recovery performance stakeholders across the business want.
2. Understand business/IT risks- Assess the business and IT risks your business is exposed to, by location and by process. Engagements with customers often reveal an optimistic view of risks, or risks that simply haven't been considered, such as: Who is recovering the production IT while your team is carrying out recovery? Who recovers the business if your IT team has been affected by the same disruption?
3. Map your dependencies- From an IT perspective, you cannot accurately scope a recovery project if you don't know what IT and applications you need to protect and recover. Shadow IT implemented by other departments – a reality in more than eight out of ten organisations – exposes the business to significant DR failure risks. And, you need to know which bit of IT is dependent on the other.
4. Tier your application criticality- To arrive at the optimal solution in terms of cost and performance, and to align that to business expectations, applications need to be tiered according to their value and criticality to the business.
5. Apply the right recovery technologies- Only then can the right recovery technologies be applied based on cost/performance and suitability for your applications, processes and budget.
6. Document and automate recovery processes/SLAs- Rather than simply hoping all goes well on a given day, recovery processes need to be fully documented. Recovery instructions should be kept up-to-date, along with recovery tools and processes. If you simply do not have the resources to document recovery you must ask the question: Who will do it instead?
7. Protect your data – export it out of the business- To successfully recover, your all-important data needs to be safely and securely exported out of the business and stored for recovery and archive purposes. The way in which this is done will affect data retrieval times and, ultimately, your recovery performance.
8. Connect your recovery data to the recovery server/environments- Currently, no single recovery technology can recover a complex business. So, it is essential to create the right recovery environments that are compatible and in sync with your production IT to meet your recovery objectives.
9. Execute clear roles and responsibilities at time of test/disaster- Time is of the essence in the event of a business interruption, so it's important to plan ahead to determine who does what and when at the time of disaster. Which people with the right knowledge and tools will perform the recovery – assuming they are available at time of test or disaster and aren't abroad, sick or on vacation?
10. Manage the lifecycle of changes- Recovery planning and delivery is not a one-off event. You will need to implement a rolling program to ensure the ongoing lifecycle management of recovery is maintained and fit-for-purpose as your business and IT changes daily. Even the smallest of changes can impact your recovery performance.
A Collaborative, Outcome-focused Partner
If all this sounds too daunting, Sungard AS can help. As a customer, you already know we are on your side as a trusted partner. We will work collaboratively with you to help overcome the challenges of recovery complexity, scale and lifecycle management, which might otherwise frustrate the recovery of your complex IT environment.
Our value proposition to you is the Guaranteed Recovery of Complex IT. Quite simply, we make the unrecoverable, recoverable, the slow to recover, faster to recover. With a 35-year heritage in disaster recovery, Sungard AS' managed recovery service is proven to deliver outstanding recovery performance and value, compared to the rest of the market.
In fact, for a 12-month period ending in October 2016, our customers enjoyed a recovery success above 90%.
To put this performance in context, outside of Sungard AS, only 35% of organisations recover successfully and only 6% of organisations meet their own RTO recovery targets without a hitch, according to Gartner.