The Peer-to-Peer blog is a forum for Channel Partners readers with the goal of stimulating discussion among partners about important issues impacting their business. The opinions expressed here are those of the authors and not necessarily those of Channel Partners editors or publishers. If you are interested in submitting a blog, please contact Managing Editor Buffy Naylor, firstname.lastname@example.org.
Disaster Recovery in the Electronic Era
By Nick Chandler
A hurricane strikes and your health care facility must care for an influx of injured patients. How quickly can you access your computer systems and electronic data?
While most health-care facilities have disaster-recovery plans in place, many are based on an outdated paradigm in which information technology was much less critical than it is today. Today, many health care providers lack adequate capabilities to restore critical information and services in an adequate amount of time in the event of a disaster.
With the rapid migration of health care systems from manual, paper-based processes to centralized computer systems, data backup and disaster recovery have become more critical than ever, but also more complex. This increasing reliance on computer systems has led to an explosive growth of data — and a growing challenge when disaster strikes.
Whether a disaster results from a hurricane or a computer hacker, damage to centralized technology systems will affect multiple processes and data. And the longer it takes to reinstate systems and restore data, the more difficult it will be for the healthcare provider to continue operations.
We often work with health care systems looking to improve their disaster recovery strategies. Aligning the disaster recovery plan with the needs of the institution is a four-step process.
- Determine business needs. First, interview end users, application owners and other stakeholders to uncover business processes and applications used. An important goal in this step is to establish the recovery point objective (RPO): How much data can the organization afford to lose? You also need to establish the recovery time objective (RTO): How long can the service be unavailable before the organization can no longer operate?
- Gap analysis. What capabilities do the IT systems currently provide? How do these capabilities differ from the business requirements? With gap analysis, you can document key gaps and identify the impact of outages on the organization.
- Design a plan to close the gaps. Create a technical and procedural plan to close the gaps. Where IT cannot currently provide the required RPO and RTO to the business, define a plan to ensure these objectives can be delivered.
- Execute the plan. Closing the gaps between business needs and capabilities may be a multiyear process, depending on the time and resources available. In general, we recommend that an organization prioritize the most critical applications. If budget is unavailable to update systems and processes to provide the desired RPO and RTO for all systems, choose those with the greatest return on investment — the ones which are most important to the success of the organization. Plan to budget capital and/or operational funds in subsequent years to provide adequate recoverability for additional services.
Disaster-recovery planning can be a valuable education process. Most importantly, it compels the organization to anticipate the worst — and to feel more confident about tackling the aftermath.
Nick Chandler is a senior consultant for data center & application delivery at Burwood Group, a consulting firm specializing in IT management and infrastructure solutions. He specializes in the design and deployment of data center infrastructure technologies, including core networking, server virtualization and unified storage.