A disaster recovery plan is a users' guide - the documentation - for how to preserve an organization.  In order for a plan to be useful, it must be created before an interruption occurs.  Business continuity is disaster recovery.  Lost revenue is a driving force in business continuity.  The reason to do a recovery plan is essentially to keep the funding coming in and the services going, and the clients being served.

• Emergency planning are those procedures and steps done immediately after an interruption to business.
• Disaster recovery are the steps taken to restore some functions so that some level of services can be offered.
• Business continuity is restoration planning, completing the full circle to get your organization back to where it was before an interruption.

In order to write your plan, you have to do some planning. This planning is the process that will get you to the step where you then commit your plan to paper - you can’t write a plan until you do the preparation.  The most difficult thing is getting started; the second most difficult task is keeping the plan current.

Many parts of Europe forbid some data from being transmitted or stored outside of the country. Canada also has some rules that prohibit some data being stored in the United States due to the U.S. Patriot Act's provisions that let the federal government examine corporate records.

It's important to note that the legal issues are local to where your customer resides. You have to understand the laws and make sure that personally identifiable data and some financial records are kept local if required by the law.

This could be an issue as cloud computing systems become more distributed. Indeed, while the primary facility may be in-country, the failover site, or perhaps the site used when the primary site is under maintenance, could be across the border and, thus, noncompliant.

When this happens, the disaster recovery plan often does more harm than good. Thinking that disaster recovery is assured by a novice's tape backup rotation plan and off-site storage in a cabinet down the hall could lead to overconfidence, false statements during audits or contract negotiations, or even encourage risky data, network, and service management behavior. Mixing up a data, recovery procedure for a full-blown plan or inflated data-focused plan into a management policy and standards is dangerous stuff for the livelihood of a business.

Worse, there is the possibility that minimal action on the part of the CIO and IT to protect information assets will cause senior management to cool its support for enterprise risk management, disaster recovery and business continuity. Organizations making the transition from small to medium size occasionally check disaster recovery off the list when they have information asset-preservation policies, and neglect to scale up disaster response decisions and processes where they concern human safety.

 As businesses rely more heavily on the internet to transact business and link together branch offices, remote workers, customers and business partners, the WAN connection becomes more important than ever. A single pipe may be a company's only link to the outside world. If this pipe goes down, crucial networking functions come to a crashing halt. Although most business lines are reliable, outages are not very common. A software company that has over 25 branch offices, each with a T-1, in several 3^rd world locations has frequent outages.  About once a month, they have a T-1 outage in one of the offices, lasting from 4 to 20 hours. During that time, that remote office is effectively cut-off.  Without the WAN line, you cannot make phone calls, get e-mails or do any kind of electronic transaction. They are unable to communicate with the outside world and effectively dead in the water.

• Do not panic and remain calm! When a disaster or business interruption occurs the first priority number is to ensure the safety of the employees.
• Evaluate the disaster!  Determine the impact on your personnel and enterprise operations, this evaluation the event is critical in making the decision to activate the disaster recovery business continuity procedures.
• Communicate with everyone that can be impacted! Communicate with your team, managers, affiliates, and vendors frequently. Even if there is no status to report, do not leave anyone guessing or letting them draw their own conclusions.
• Know the disaster recovery business continuity plan! Testing the Business Continuity Plan regularly helps everyone in becoming familiar with what will happen and how it will be done.
• Be decisive! Once you have determined the level of disaster and everyone is safe to operate, it is time to make the decision if you need to implement the business continuity procedures or if the downtime for recovery acceptable.
• Start the process! Start with recovering the most business critical systems first to restore business operations to a functional level. There should not be any question, which order which applications need to be restored first.
• Lock down all backups and critical documentation! The first step to the recovery is having a set of data to recover from. This could be anything from archived tape, local disk copy, and a co-location or disaster recovery data center.
• Use multiple solution paths! Assume that nothing will work and have alternatives in place  
• Reactivate normal operations! Once the systems are operational, the disaster is over and systems are repaired it is time to move the workloads back to where they were originally.

Disaster Planning - Janco has found that 80% of all enterprises that do not have a disaster recovery / business continuity plan in place before a disaster occurs never reopen.  However, when disaster strikes, those who have prepared and made recovery plans survive with comparatively minimal loss and/or disruption of productivity.

Disasters can take several different forms. Some primarily impact individuals -- e.g., hard drive meltdowns -- while others have a larger, collective impact. Disasters can occur such as power outages, floods, fires, storms, equipment failure, sabotage, terrorism, or even epidemic illness. Each of these can at the very least cause short-term disruptions in normal business operation. But recovering from the impact of many of the aforementioned disasters can take much longer, especially if organizations have not made preparations in advance.

Most of us recognize that these potential problems as possibilities. Unfortunately the randomness of some of these disasters lulls some organizations into a sense of false security-"that's not likely to happen here." However, if proper preparations have been made, the disaster recovery process does not have to be exceedingly stressful. Instead the process can be streamlined, but this facilitation of recovery will only happen where preparations have been made. Organizations that take the time to implement disaster recovery plans ahead of time often ride out catastrophes with minimal or no loss of data, hardware, or business revenue. This in turn allows them to maintain the faith and confidence of their customers and investors.

Disaster Recovery Planning is the factor that makes the critical difference between the organizations that can successfully manage crises with minimal cost and effort and maximum speed, and those that are left picking up the pieces for untold lengths of time and at whatever cost providers decide to charge; organizations forced to make decision out of desperation.

Microsoft first took down its Volume Licensing Service Center for maintenance in early December, after attempts to merge multiple licensing sites into a single, more secure site backfired for some users.

Those affected include businesses purchasing Microsoft software, or resellers and integrators handling newly-purchased software for business customers. Problems they have reported via Twitter include users losing access to paid-for software licenses; an inability to login to the VLSC site and fix this for one month or more; and six-hour waits on Microsoft telephone support trying to fix their accounts;

One user said that Microsoft, unable to grant him access to his account and license activation keys, was forced to physically mail him replacement software.

The disaster planning template is the way to go.  Over 3,000 enterprises world wide have chosen it as the tool of choice.

Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. However Janco has found that over one third of all enterprises have had to activate their Disaster Plans in the last few years.

Business Continuity Planning (BCP) suggests a more comprehensive approach to making sure you can keep the enterprise going and meet it business objectives. This goes beyond the enterprise computers, networks and data bases.  However, the two terms are married under the acronym DR/BC or DRP/BCP. At any rate, Disaster Recovery Planning and/or Business Continuity Planning facilitate how a company will keep functioning after a disruptive event until its normal facilities are restored. 

With advanced storage options such as virtualization and cloud computing offering corporations storage optimization, human processes are still conrolling factors as individuals must direct the technology as to how to operate. The complexity of these systems require a steep learning curve, and with reported IT spending at a low (down 6.9 percent in 2009 according to some research firms.), human error is increasingly more common.

Typical human caused data disaster are:

• Pulling the wrong drive. While trying to replace a failed disk in a RAID array, a healthy disk is accidently removed.
• Reformatting a disk. During a server migration, the wrong SAN LUN is accidently reformatted.
• Restoring corrupt/old backup data. A server containing a business-critical database is deleted by mistake and is restored with a corrupt or incomplete backup prior to realizing the backup is not sound.
• Rebuilding a bad array. Following a multiple drive failure in a RAID array, an attempt to force the failed drives back online and rebuild the configuration is made, whereby damaging or corrupting the data on the array.
• Deleting data. Files, volumes, virtual machines or a SAN LUN is deleted by accident and there is no backup or the backup is old or corrupt.

Vendors of remote access technologies are reporting an unexpected increase in demand for their products over the past several months as a result of H1N1-related concerns.

"Companies are really looking for is the ability to provide secure, remote access to more of their employees," said Victor Janulaitis, CEO Janco Associates, a provider of Disaster Recovery and Business Continuity Tools. "Most companies have extensive mobile workforces. What they are doing is planning for an ever increaseing scale," he said.

According to data collected by Janco, much of the increased interest has come from larger enterprises. These are the enterprises that seem to be more aware of the need for planning.

Security policies and procedures such as those offered by Janc  provide teleworkers with rules on how to secure access to enterprise applications from any location, using a broad range of devices. They enable IT administrators to enforce security and information usage policies.

You might need to think about giving an infected person's immediate co-workers enhanced sick leave to protect themselves or family members, particularly if they have particular medical vulnerability to the illness, he says. Some employers bring in cleaning crews to disinfect an office where swine flu has been found. Providing hand disinfectant for employees is not a bad idea.

Microsoft officials still have not provided many details about what caused the outage, other than to say it was a core system failure. The failure is unrelated to Microsoft's cloud infrastructure and/or Microsoft's Azure datacenters, as the company has continued to run the Sidekick back-end on the same infrastructure it has been running on before Microsoft acquired the company in 2008.

The Microsoft/Danger team apologized for the amount of time they are taking to restore contacts, photos, e-mail and other Sidekick services to which users lost access at the start of the month. The team said they were taking their time "to make sure we are doing everything possible to maintain the integrity of your data."

The team still is not committing to an exact recovery timetable, but is saying restoration should begin this week. Microsoft said, "We continue to make steady progress, and we hope to be able to begin restoring personal contacts for affected users this week, with the remainder of the content (photographs, notes, to-do-lists, marketplace data, and high scores) shortly thereafter."

After telling users that they likely had lost all of their personal data, the Microsoft/Danger team then said they expected to be able to recover some of their data. Mid-weeklast week, they said they expected to recover "most if not all" of the missing user data.

What is a Disaster Recovery and Business Continuity Plan

Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events - whether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot. The CIO's involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency.

Sidekick failed and lost user data.  On the face of it, there are some obvious lessons to be learned from the Sidekick snafu, even as Microsoft Corp. reported today that most of the data that was missing will be recovered from servers at its Danger Inc. subsidiary.

The lessons learned are:

• Back up your mobile phone's critical data independently - on a laptop, a desktop or a thumb drive.
• Raise questions about cloud computing and related services.
• Find out how your mobile device stores data, and make sure you understand it.
   
  The Sidekick incident should serve as a reminder to users to back up critical data. You cannot rely on cloud services to be 100% available all the time.

Not only is a backup of critical data imperative, users need to have a way to retrieve the backed-up data. CIOs need to think about the value of the data and what happens if the service is not available. There are many Internet-based services that can be a second backup version to the original backup, such as Plaxo. Having the second one drastically reduces the odds of total loss.

At larger companies, data backups are commonplace and often include information contained on wireless phones as well as desktop computers, analysts said. The issue becomes more difficult when IT shops trust users who put critical company data on personally-owned wireless phones that aren't backed up.

Despite urging users to back up critical data, Staten joined three other analysts in remaining faithful to the mobile phone industry's strong push for cloud computing services, noting that the Sidekick case was relatively isolated.

Nearly every major smartphone provider is working on some version of cloud computing to back up data from smartphones and other cell phones. All those services could be vulnerable to data loss, and the Sidekick example is likely to prompt a broad re-examination of internal server backup procedures.

One added is risk is that backend services open enterprisees up to having data potentially lost, stolen or replicated somewhere that enterprises do not have knowledge of.

Imagine if this happened across an entire carrier's servers. For Verizon Wireless that could be 90 million people. Everybody should think twice if these services could really save your data up in the cloud.

With lost data being a competitive liability, there is no room for downtime in today's business world.

Some areas have been flattened and the tsunami brought a lot of sand onshore. The Samoan resort Sea Breeze on the Southside of Upolu was destroyed when the waves hit it. The restaurant just floated out to sea complete, until it was smashed up in the water.

• Network recovery plans are impacted by unanticipated traffic growth, configuration issues; link overloads due to traffic rerouted around failed network elements, and more.
• Changes may lead to undocumented side effects, so understanding the impact of changes before making them is essential for reliable network operations.
• The monotonous work of making simple changes to hundreds or thousands of devices or objects is error prone and often difficult to reproduce in the recovery mode.

To add to the pressure, network operations teams are expected to run larger networks that have become many times more important to the business, and to do so with fewer staff members. These con­ditions exacerbate the problems associated with disparate disaster recovery and business continuity plans.

In addition, high-profile data breaches involving state systems last year led to the suspension of the data-center consolidation project until IBM could prove to the state that necessary security measures were in place. As a result, seven of the state's 27 agencies have still not signed off on IBM's proposed plan for managing data backup, which could lead to additional delays.

Adding to IBM's challenge on this project are the results of a survey of the IT directors for the state agencies: 88% said they are dissatisfied with the services IBM has been providing.