Editor's Note: Preparing for the Worst

Computerworld - Are you overspending on disaster recovery? I know it seems like a ridiculous question. How could you be? Newspaper headlines throw more risks -- and regulators throw more requirements -- in your face almost every day. Besides, this is a special report on disaster recovery, so of course it's full of suggestions of Things You Ought to Do, which usually require spending more money, not less. Even if your disaster recovery situation is pretty good, you still have to worry about your suppliers and outsourcing contractors.

But it is possible to overspend on disaster recovery, especially if you listen to every vendor saying you must do x, y and z to comply with the Sarbanes-Oxley Act. (None of those sales weasels have actually read the law or its regulations, you can bet on that.)

Tim DeLisle, managing principal at Corigelan LLC, a disaster recovery consultancy in Chicago, says the way to avoid overspending is to establish three tiers of disaster recovery based on business requirements. It begins with the CIO asking business managers which few applications are truly critical and require recovery within 24 hours to keep the business afloat. You don't have to mirror everything! The second tier of applications, which require recovery in 48 to 72 hours, may need only inexpensive tape backup, while the third tier may need nothing at all, DeLisle says.

All that the business executives and regulators really require is that you take prudent steps for business continuity. You don't have to bankrupt the company.

See the full special report.

Mitch Betts is Computerworld's Features editor. Contact him at mitch_betts@computerworld.com.