Computerworld - When a discussion turns to disaster recovery and business continuity planning (BCP), the talk of IT staff quickly turns to ensuring that system and service availability is raised "to five nines" -- an allusion to 99.999% annual availability or about 5 minutes of downtime per year.
Ponder, then, the numbering of BS 25999, a revision of the British Standards Institution (BSI)'s Publicly Available Specification 56 (PAS 56:2003) "Guide to business continuity management." No, they couldn't have. Could they? Did they? Oh, my head hurts.
In this context, a disaster recovery plan might do more harm than good. Thinking that disaster recovery is assured by a novice's tape backup rotation plan and off-site storage in a cabinet down the hall could lead to overconfidence, false attestations during audits or contract negotiations, or even encourage risky data, network, and service management. Confusing a data recovery procedure for a full-blown plan, or cognitively inflating a data-focused plan into a management policy and standards is dangerous stuff for the livelihood of a business.
Worse, there's the possibility that minimal action on the part of IT to protect information assets will cause senior management to cool its support for enterprise risk management, disaster recovery and business continuity. Organizations making the transition from small to medium size occasionally check disaster recovery off the list when they have information asset-preservation policies in hand, and neglect to scale up disaster response decisions and processes where they concern human safety. Therein lies real risk to real people.
In a nutshell,
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
