Disaster Recovery Situation Assessment

Client: A Global Materials Manufacturer

Business Challenge


A global materials manufacturer was concerned about whether its data center disaster recovery plan would truly be effective in the event of an actual crisis.  Like many large organizations, the manufacturer had developed a plan several years earlier and tested it repeatedly over the years.  However, it recognized that the scope of its testing was inevitably limited. 

 

True validation of a disaster recovery plan requires full-cycle testing.  Full-cycle testing takes the business from the moment of crisis through damage assessment, recovery mode, the resumption of normal business operations, and then continues through the recovery point objective.  Too often, because of the resources involved in a full-cycle test, organizations only test up to recovery mode.  The analogy is a 24-hour test that stops at 3 am.  Useful information to plan improvements may come from the first three test-hours, but at that point the test has not validated the plan.  If the test’s scope is not expanded, an organization can fall into a cycle of repeatedly planning its test without ever truly testing its plan.

 

This is a common problem because disaster recovery testing is, in itself, an expensive business interruption.  Full-cycle testing is not merely an IT event—it is a logistical event that involves moving personnel and specialized equipment.  It affects and is affected by what everyone in the organization does day-to-day.  Therefore, full-cycle testing is risky and costly.  However, not validating a disaster recovery plan is also risky, and can potentially impose greater cost than a business can afford.

 

The manufacturer’s CIO determined that experienced, objective, outside help was needed to analyze and validate the plan for its disaster recovery infrastructure, operations, and processes.

 

Solution


Forsythe’s approach was not only to analyze the manufacturer’s disaster recovery plan, but also to identify its vulnerabilities.  This is an extremely important step.  A disaster recovery plan identifies how an organization needs to respond once business has been interrupted.  By reducing vulnerabilities, it is possible to mitigate the effects of various threats, and in many cases prevent them from triggering a full-blown crisis.  In other words, this step may facilitate disaster avoidance.

 

Forsythe identified the gaps between the manufacturer’s business expectations and its actual recovery capabilities.  Forsythe also provided a realistic, qualitative assessment of the organization’s real recovery time frames and data restoration capability.  It was discovered that the corporate expectation was for full recovery and normal business resumption within 48 hours, whereas the manufacturing plants’ disaster recovery plans aimed for recovery and resumption within 72 hours.  And, in fact, Forsythe determined that the company would require at least one full week (168 hours) to resume business and reach its recovery objectives.


Results


The manufacturer now has a prioritized list of actions for reducing vulnerabilities and improving its disaster recovery plan effectiveness.  The company now knows in which areas to focus in order to assure its ability to meet its disaster recovery objectives and service level agreements, both with regard to recovery time frame and data restoration point.