Include Data Center Risk Assessments in Your BCPs
Include Data Center Risk Assessments in Your Business Continuity Program
Risk assessments have been performed for many years, and they are a regular part of business continuity projects today. Often the task falls on the risk management or insurance departments. However, a good risk assessment can be a valuable tool in a data center’s disaster recovery plan. Normally the RA covers the usual list of potential risks: Natural events (e.g., fires, thunderstorms, tornadoes), security (e.g., locked facility, badge access) and procedures (e.g., evacuation, backups).
The current thinking is that as data centers become more critical (e.g., 24 X 7 X 365 operations), a proper risk assessment should go beyond the normal list of risks. In short, they should address what you can do to limit downtime and/or reduce recovery time.
Here are a few examples that you may want to add to your own risk assessment process:
* Is a heat sensor in place with remote notification that will call a cell phone number if the temperature gets beyond a critical level? This is especially important when data centers are not staffed all the time.
* Do you confirm on a regular basis that all critical equipment is indeed on the circuit associated with a UPS? In many data centers the UPS only supports some equipment.
* Does your risk assessment look for all single points of failure (SPOF)? For example, is there a central telecommunications switch that manages all incoming data and/or voice traffic but does not have a backup unit in place? If it goes down, everything stops.
* Does the content of your off-site storage have everything needed to restore operations at an alternate facility? How about vendor software CDs? How about build procedures for PCs? How about special forms or equipment? How about restoration procedures for all critical equipment and processes? Remember, assuming you can’t get in the door to your data center, everything you need to recover business operations is in off-site storage.
* Is your voice communications system (e.g., PBX) backed up and is the system’s backup database (e.g., a flash drive or tape cassette) stored off-site? And is the most current version of the system database stored off-site? It’s much easier to restore it than reprogram it.
As you can see, most of these points are not found in standard risk assessment procedures. They really deal with disaster avoidance. Specificially, you should fix a potential problem before it has a chance to disrupt operations or lengthen your recovery time.
Finally, consider performing an annual data center risk assessment. Simply include it in your BCP maintenance procedures. It could save a lot of trouble if a disaster occurs.
For an excellent tool to help you develop a data center disaster recovery plan, check out Go.Recover:Data Center:Data Center Disaster Recovery Plan on CD-ROM.
Tags: Business Continuity, data center disaster recovery, Disaster Recovery, I.T. DIsaster Recovery, risk analysis
