How we change what others think, feel, believe and do

| Menu | Quick | Books | Share | Search | Settings |

Resolve to Build a Reliable Business Continuity Plan: Recognizing the Threats to Disaster Recovery


Guest articles > Resolve to Build a Reliable Business Continuity Plan


By: Dwayne Melanšon

As 2006 ends and you begin to set goals for the coming year, you may be reflecting on the success of the current year’s resolutions. For instance, did you intend to implement a change control process, limit access to IT systems, or develop best practices, such as frequently testing your disaster recovery plan? If, like so many IT organizations, you were too busy firefighting to keep those promises, your next outage could result in a doozy of lost data.

One of the most significant events involving lost data since the beginning of the information technology age was the result of the terrorist attacks on Sept.11, 2001. Of the 131 technology sites affected, only two performed a successful "failover" to a redundant system. Of the 129 sites that failed, 70% of data was recovered after 120 hours, but 30% was lost forever. This means $3.1 billion worth of technology did not work as expected.* As a result, for many companies the big technology issue became "how to rebuild", not "how to recover."

Unfortunately, none of this comes as a surprise. Many organizations are at risk of unsuccessful failover because of the three, "public enemies" of any disaster plan or business continuity plan.


Public Enemy #1: Unplanned/undocumented changes
Unplanned work may seem harmless–a few tasks here, a few tasks there–but its cumulative effect is staggering. Forrester Research estimates that as much as 35% of an IT organization’s "operate/maintain" workload is unplanned. That can easily drain resources and budgets, place the organization in constant firefighting mode, and prevent the timely completion of planned business objectives, such as developing a robust BCP.


Public Enemy #2: Too Much Access
As an IT organization grows, the number of those who have access privileges also grows. People who have been promoted to management or other duties may have "legacy access" to systems they should no longer tamper with. Immediately review access privileges, clearing everyone away from your IT infrastructure unless they are formally authorized to make changes. Why? One unauthorized change can undo a previous change or even a whole series of changes, causing immediate catastrophe or planting a long fuse for one.


Public Enemy #3: Lack of Accountability
The expectation of what is required to ensure an adequate BCP must come from the top, with the CIO or equivalent. Sound control processes, based on best practices frameworks and common standards, must be made a priority, not just in business silos, but across the enterprise.


Make a Resolution to Rid Your Organization of "Public Enemies"

While many companies use configuration management tools to reduce risk and manage change, these tools can be easily circumvented—they do not have a universal view of all change taking place within on your entire IT system. Adding a change control solution provides a "detective" with a universal view that can continually monitor all systems to discover unplanned, undocumented or unauthorized changes, alerting the IT staff to such events. Change auditing controls also help establish a necessary zero tolerance policy for undocumented changes. Eliminating unplanned changes also reduces time-consuming "firefighting" and frees up resources for a more useful activity–such as ensuring your BCP is in good working order.

Limiting change to a specific window of time (planned vs. unplanned) is what the Information Technology Process Institute (ITPI) calls "electrifying the fence." You can use this change window to track the number and type of unauthorized change, and to begin the process of identifying and prioritizing the "fragile artifacts", those assets in a data center at most risk of crashing or negatively impacting service delivery. A specific change window lets you find out who implements what changes and when, which is a clear view of the level of access to your IT systems. Use this information to review access privileges and explain to personnel that restriction is critical to the integrity and success of disaster recovery and business continuity.

As for accountability, IT is one area of business that can be managed entirely on facts and analysis, from urgent matters to day-to-day operations. There’s no reason to "manage by gut feel" or circumvent processes; in fact, circumvention can ruin a BCP. Adherence to change management policies and procedures is a strategy that benefits the business as a whole and ensures recovery after a disaster.

These are just a few of the New Year’s resolutions organizations can make to ensure business continuity in the case of a disruptive event. The ITPI Visible Ops process offers a step-by-step approach to implementing a thorough, secure change control system. Tripwire Enterprise works hand-in-hand with Visible Ops and the unique needs of your organization’s processes and systems to ensure data is secure and recoverable.

* Source: Center for Research on the Epidemiology of Disasters; SunGard; U.S. FEMA



Contributor: Kristin Wall

Published here on: 14-Dec-06

Classification: change management, business



Site Menu

| Home | Top | Quick Links | Settings |

Main sections: | Disciplines | Techniques | Principles | Explanations | Theories |

Other sections: | Blog! | Quotes | Guest articles | Analysis | Books | Help |

More pages: | Contact | Caveat | About | Students | Webmasters | Awards | Guestbook | Feedback | Sitemap | Changes |

Settings: | Computer layout | Mobile layout | Small font | Medium font | Large font | Translate |



Please help and share:


Quick links


* Argument
* Brand management
* Change Management
* Coaching
* Communication
* Counseling
* Game Design
* Human Resources
* Job-finding
* Leadership
* Marketing
* Politics
* Propaganda
* Rhetoric
* Negotiation
* Psychoanalysis
* Sales
* Sociology
* Storytelling
* Teaching
* Warfare
* Workplace design


* Assertiveness
* Body language
* Change techniques
* Closing techniques
* Conversation
* Confidence tricks
* Conversion
* Creative techniques
* General techniques
* Happiness
* Hypnotism
* Interrogation
* Language
* Listening
* Negotiation tactics
* Objection handling
* Propaganda
* Problem-solving
* Public speaking
* Questioning
* Using repetition
* Resisting persuasion
* Self-development
* Sequential requests
* Storytelling
* Stress Management
* Tipping
* Using humor
* Willpower


+ Principles


* Behaviors
* Beliefs
* Brain stuff
* Conditioning
* Coping Mechanisms
* Critical Theory
* Culture
* Decisions
* Emotions
* Evolution
* Gender
* Games
* Groups
* Habit
* Identity
* Learning
* Meaning
* Memory
* Motivation
* Models
* Needs
* Personality
* Power
* Preferences
* Research
* Relationships
* SIFT Model
* Social Research
* Stress
* Trust
* Values


* Alphabetic list
* Theory types


Guest Articles


| Home | Top | Menu | Quick Links |

© Changing Works 2002-
Massive Content — Maximum Speed