Disaster Recovery / Strategies

Acknowledgements to Euan Wilson (Staffordshire University)

What is a Disaster ?

• Very similar question to

• How long is a piece of string ?

Dictionary Definitions

• “an occurrence that causes great distress or destruction”

• “a thing, project etc. that fails or has been ruined”

“causes great distress or destruction”

• Has an effect on business functions and the way business operates

• Could define it as a loss of business functionality (or partial loss) for a period of time

• But still doesn’t define what a disaster is

Problems of defining a disaster

• For example– DIY store has a UK network – enabling all stores to view other stores

stock– they can reserve / order stock for their

customers from other stores stock– enabling them to hold less stock at

each store

Stoke Stone

Newport

Telford Derby

HubStafford

So what is a Disaster ? Example One

• The Stafford site has a problem and is no longer connected to the other sites– Therefore it’s a disaster for Stafford– but it is a disaster for the organisation ?

• The company has lost 1/6 of a particular business function

• so is it an annoyance rather than a disaster ?

– But is might be a disaster if business is lost

– or the fault persists for a period of time

– what fall back methods are available• use of the phone / fax• pen and paper

– will these overcome the “disaster” ?– If so, its not a disaster

Systems that need to be in place

• Network– need to have in place a recovery

strategy that gets the network up and functional within an acceptable time period ?

• So what is that time period– 30 minutes, 4 hours, 1 day …… – have to analyse cost of down time

• Telephone– Possible the most important

• Nice easy one !• Have a contract with a mobile telephone

company to provide instant “mobile lines”• Second contract with “land line” company

to provide land lines within 24 hours• or something else!

• Buildings ?– If they are destroyed what happens

• New premises• Portable cabins• Rented• Work from “home”

• Hardware• Needs to up and running before network ?• In-house or bought-in support ?• Depends on allowable downtime

• Software• Same as for hardware• Example

– Oracle DBA at Brussels Airport is allowed to have a non-functional database for 30 minutes each year

Example two

• CREST– Bank of England Electronic Share

Settlement System– System that allows permitted stock

brokers to deal with share on-line– UK wide network– FTSE companies and more

• Each member of CREST has to response to a share dealing with 2 hours of the start of the function.

• So what would be a disaster ?– A loss of the system for more than 1

hour ?• Recovery

– A second identical system

– Expensive • Too expensive, but perhaps necessary

– It was actually mandatory

– But needed• the fines for not completing the

transactions is – barring from the system– loss of image– loss of business– loss of reputation

Example three

• Same network layout as for first example– but

• System for dealing with Police cells– Systems needs to check for

• Outstanding warrants• Bail conditions• Other Forces requirements• etc. etc.

Timeliness?

– When the person is processed the Duty Officer needs to be aware of all possible data available.

– Each area keeps “their own data” I.e. Stafford records data about Stafford residents etc.

• Stone link fails– Disaster ?– Duty Officer is not left with a

complete picture– Fall back plans ?

• Use of telephone / fax etc. ?– System needs to have in-built

redundancy

Creating a Disaster recovery Strategy

• Stage one – Define organisations view of a

disaster• maybe one line

– “loss of business functions for more than …” (a time period)

• maybe series of scenarios

• Stage two– Define disaster scenarios

• Fire, flood, acts of God, ….• Bomb, sabotage, ….• Loss of power etc. etc.• Plane crash• Loss of network, telephone system

– Define all possible solutions

• Stage 3– Recommend solutions

• Fire– New premises– Portable cabins– Shutdown period– etc.

• Stage 4– Implement

• All will have– Cost– Contract

– and review• Conditions and reliance's change