Even prior to the terrorist attacks of September 11, 2001, companies across industries grappled with how to rethink disaster recovery. Now that the unimaginable has occurred, IT departments are working in overdrive to ensure failsafe protection for their companies, their products and services, and their customers.
What was clear prior to September 11, is still clear today: Disaster recovery / business continuity is not the sole responsibility of IT, or any one group under the IT umbrella. That's because IT pervades all enterprise business and seeps across business units, departments and locations. What was traditionally known as disaster recovery in the 1980s, when it emerged as a formal discipline, has evolved into something broader and more complex: Disaster recovery in and of itself is not an exclusive strategy. It has evolved to be more broadly defined as business continuity and contingency planning, or the recovery of business processes.
Here's a case study of how one company has evolved in its thinking about disaster recovery over the years.
Phillips Petroleum Co., Bartlesville, Okla., is a $15.2 billion worldwide company with about 15,900 employees. Just five years ago, the organization viewed disaster recovery as a bricks and mortar and hardware issue. The company also viewed disaster recovery as a commodity service and saw it not only as a cost but at the ability for its internal IT to recover its systems. This view has changed dramatically.
Today, Phillips views disaster recovery as a full provider solution to recover all critical systems--and not as a commodity service. "Disaster recovery is not an IT issue, it's a business issue," says Marshall McGraw, manager business services for IT, noting that any loss is a loss to the business.
What drove the change was a change in view of the business and the reliance of the business on IT as a critical and competitive component by company executives and board level members.
As far as how the company looks at the cost for disaster recovery / business continuity, McGraw noted that every organization has to do a risk analysis relative to the business and look at potential revenue loss, loss of customers and the financial impact of loss, in the case of disaster, to stockholders. Then, decision makers must settle on a cost figure that they're comfortable with depending upon the risk at hand.
As part of its recovery plan, Phillips ships it data to a facility in N.J. where it IBM Corp. gets data tapes and restores the data, operating systems and applications. Back-up telecommunication services are also tested to ensure that they're alive and well. Phillips does the applications testing.
When devising its disaster recovery/business continuity strategy, the company looks at:
- How it will recover the network and access to facilities no matter where they are located
- What systems need to recover; what data, systems and talent the organization must have available
- Who is going to recover it
- How to keep the data current and make sure that there's communication and collaboration between the company and its disaster recovery/business continuity services partner to ensure that disaster recovery is up to data with the business
- Making sure that disaster recovery/business continuity is part of daily operations