Data Recovery Planning: The First Step

The following is excerpted from the book, Disaster Recovery Planning: Preparing for the Unthinkable, 3rd edition, by Jon William Toigo. It is posted with permission from publisher Prentice Hall PTR, copyright 2003, all rights reserved.

For a data recovery plan to be meaningful, it must ensure the "right" data -- data that is required by critical business processes and necessary for recovery -- is identified, safeguarded against loss, and made available in an acceptable recovery timeframe. This is a deceptively simple premise. Consider these facts:

  • Depending on the analyst one reads, data is growing at a rate of between 70 to 100% per year in most corporations. Replicated data, "enhanced" data (e.g., document files with graphics, sound clips and other data objects embedded), and large program files account for some of this growth -- perhaps as much as 50%, according to some analysts. However, the balance is new data, including e-mail and transaction entries in databases, that is constantly being created and stored by end-users and automated systems.
  • A significant percentage (some argue as much as 80%) of the data stored on hard disk drives is never referenced again. This applies to databases as well as files, fostering significant discussion of the possibility of shortening data recovery timeframes by "prestaging" static or nonchanging data at the recovery center.
  • Databases measured in terabytes are becoming commonplace within Fortune 1000 firms. Even in medium-sized firms, it is not uncommon to find databases sized in the 400 to 700 GB range.
  • In most companies, policies and standards do not exist for the classification of data by its importance to the organization. According to the 1998 Information Week/PricewaterhouseCoopers Global Information Security Survey, 43% of the 1600 companies surveyed worldwide indicated that they never classify data and 14% classify their records only on an annual basis. [2] Says George Symons, vice president of product management and development with Legato Systems, Inc., "Today CIOs are being forced to determine the relative importance of different applications. They cannot afford to invest in tools and people to protect all applications at the 24 x 7 level. Decisions need to be made as to which applications must be available 24 x 7, which are 19 x 5 and which are 12 x 5." [3]

Against this backdrop, clearly the DR coordinator may confront a major challenge at the outset of data recovery planning: learning where the data is stored in the organization. This task, according to vendors, can be facilitated through the use of software products that automatically "discover" volumes, databases, and files recorded on data storage devices throughout the IT infrastructure. Storage management software is being pressed into service to aid in ferreting out data, determining its usage characteristics, and using this information to plan capacity requirements for recovery in the wake of a disaster.

Discovering the locations and usage characteristics of electronic files stored on PCs, server-captive storage arrays, stand-alone arrays, network attached storage (NAS) devices, and storage area networks (SANs) does not, however, define the criticality of the data or its suitability to a backup strategy. According to Legato's Symons, companies are not going to cull through data sets to assess their importance and set policies for backup, policies will be set based on the application producing the data, and the priority given to that application.

To perform backups of distributed data effectively requires policy-driven management. Policy-driven backup and recovery [using an enterprise-wide data backup product like Legato NetWorker], helps reduce the staff requirements necessary to manager these complex environments. Policy-based systems automate key functions in order to provide consistent management of repetitive tasks.[4]

In addition to electronic or machine-readable data, data recovery planning must also concern itself with identifying business critical information stored on paper and with the interdependencies that may exist among paper or other documentation, electronic data, source documents, and worker knowledge that make all data usable. This, too, can be a laborious and time-consuming task. To the list of information storage repositories that must be examined by the DR coordinator an assortment of safes, file cabinets, microfiche and microfilm storage racks, and old-fashioned desk drawers must be added.

Paper and microform continues to proliferate in most companies, to the dismay of naturalists and efficiency experts alike. One vendor of electronic document management systems summarizes the problems associated with these popular information storage media:

Upwards of 90% of all corporate knowledge is stored on paper -- but paper itself is never a profit center. Filing, storing, and retrieving paper documents is an enormous drain on a company's resources....[Moreover,] paper documents and the data contained on them must be analyzed on a document by document basis. Sorting or searching for data is, practically speaking, impossible...3% of a company's documentation is misfiled -- and 3% is lost...32% of a company's documentation is in use by a single user at any time-and is unavailable to any other users. The cost of locating a missing document is $6 to $120. [5]

These drawbacks of static storage media and the advantages of maintaining machine-readable copies is behind explosive growth in the knowledge management industry, which includes electronic document management systems, workflow management systems and related technologies. According to a joint survey of 500 IT managers by Information Week Research and Cap Ventures, total document management solutions spending jumped 38% in 1998 to $3.5 billion, up from $2.5 billion in 1997. [6]

If an organization has embraced electronic document management, the DR coordinator can leverage this effort to identify key documents for removal to offsite storage, of course. If not, disaster recovery may provide yet another justification to senior management for such an endeavor.

In the absence of an electronic document management capability, the DR coordinator may still be able to enlist the services of a corporate records manager, or clerical personnel at a departmental level to identify paper and microform-based information for inclusion in the data recovery strategy.

It is worth noting that, according to numerous studies, records managers are the forgotten asset in disaster recovery and security planning. These knowledgeable persons were members of recovery plans in fewer than 20% of plans reviewed in one 1997 survey. In another survey conducted in the same year, it was determined 70% of company executives excluded records managers from the process of assessing and mitigating risk to records -- this despite the fact that 90% of businesses that lose their vital records are out of business within 1 year. [7]

Excerpted from the book, Disaster Recovery Planning: Preparing for the Unthinkable, 3rd edition, by Jon William Toigo. It is posted with permission from publisher Prentice Hall PTR, copyright 2003, all rights reserved.


2 Gregory Dalton, "Acceptable Risks," Information Week, 8/31/98.

3 Interview with George Symons, vice president of product management and development, Legato Systems, Palo Alto, Calif., 3/02.

4 Ibid.

5 From the Web page of Network One, Eugene, OR,

6 Laurie Hilsgen, "Document Management Still a Struggle," InfoTech Weekly, 2/8/99.

7 "DISASTER RECOVERY Information Assets -- The Missing Link," a paper published on the Web site for FIRELOCK, Kutztown, Penn.,

Special Report

Preparing For The Worst

Stories in this report:

Copyright © 2004 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon