One of the most valuable assets to a company its information and electronic data, this data contains monetary figures, customer information, inventory updates, accounts payable and account receivables, in addition to plenty of critical data that its loss could lead to catastrophic consequences. In certain industries regulations are held to force companies to protect their and their customer’s data for certain number of years, as well minimal unplanned outage is targeted. There are general guide lines companies need to follow to reduce the risk of data loss, and minimize its impact on the company’s operations.
Top management should not consider data protection as part of the IT strategy only, whilst as a company’s business continuity plan to protect the organization rather than the IT department itself. Companies should consider protecting electronic information by the introduction of high availability design within the same datacenter as well as within multiple locations, in addition to that backup and restore of electronic data should be designed to ensure full electronic data backup and test restores periodically. A good practice would be by having an alternative copy of backup tapes at different location, and perhaps different locale. One more good practice would be by building alternative site, where all business critical and business important services and data be available incase of natural or unnatural disaster hit the main site. As a best practice, the alternative site should be in a different building, city or country. Instead companies could go for hosted services to host their data and services with less startup cost, as well high availability and resilience guaranteed. My company has to build and test its business continuity plan to be compliant with Central bank regulations, business continuity plan covered all departments to ensure normal operations incase of disaster, we rented a new location far from the head office and equipped it with necessary furniture, computers, and communication lines. Based on the Business Impact analysis conducted by business continuity and risk department we defined the RTO, RPO and RCO. From this point, IT department started working on multiple projects to satisfy business requirements, we focused on upgrading communication lines in main site to accept the additional traffic, as well we rented a new location from the service provider to host our servers and storage at that site to be our disaster recovery site, the site was pre equipped with necessary power and cooling. One of the projects we have raised was automation of failover and failback procedures, we have purchased to new solutions to help us achieve this objective as well reduce recovery time to meet business requirements. Our daily backup media is transferred to the disaster location on daily basis, and we conduct restore tests quarterly. One last process we initiated was the transfer of backup tapes to a different country on monthly basis to avoid risk of natural and unnatural disasters in Qatar. After we tested the efficiency of our setup, we are planning now to have a second alternative site in a different country.
Risk of data loss is a nightmare for business owners, senior management and IT management. Loss of customer information has devastating impact on company reputation, and existence. Senior management should take ownership and invest to ensure that company’s electronic data is well protected against expected and unexpected disasters.
Reference:
Forbes, G, & Steven, B n.d., 'A framework for business continuity management', International Journal Of Information Management, 26, pp. 128-141, ScienceDirect, EBSCOhost, viewed 23 June 2012
Wainwright, V 2007, 'Business continuity by design. Don't let a disaster impair your facility's performance', Health Management Technology, 28, 3, pp. 20-21, MEDLINE with Full Text, EBSCOhost, viewed 23 June 2012
No comments:
Post a Comment