Critical. Authoritative. Strategic.


CBR is proudly produced & published
by Technews
Issue Date: April 2008

Is your organisation at risk?

1 April 2008
Guy Kimble, IT and operations director at Metrofile

Far too many organisations are guilty of overlooking critical measures needed to safeguard IT and core corporate information. This is particularly true during busy or growth periods when implementation of the required measures are put off until 'things calm down', as it is during tough times when downsizing, cost cutting and other measures result in the loss of good practice.
Guy Kimble, IT and operations director at Metrofile
Guy Kimble, IT and operations director at Metrofile
Questions you need to ask yourself.
* Do you have a backup plan?

* Is it clear whose responsibility it is?

* Are you sure that you know what needs to be backed up?

* Where is your backup stored? Is that storage secure, environmentally controlled?

* Do you have a disaster recovery plan?
If you answered no to any of the above, then your organisation is vulnerable and could be faced with significant loss of data and potentially financial ruin. Whilst IT equipment is generally more reliable there is always the danger of drive failure, but perhaps likely attack from viruses, hackers, data thieves and more recently power outages. Backing up is not an option; it is an essential business practice.
The first step in protecting your data is the development of recovery plan, a document that should form a key part of both the organisation's business and risk management strategies. It is important that the plan is not just something developed and implemented by IT, but rather that there is buy-in and adherence across the organisation as a whole. Please bear in mind when developing the plan that this is not about building a power base or creating a gate keeper situation but rather about developing a plan that is very much part of and supportive of core business activity - that means you need to involve your users in developing the plan.
So what should the plan include?
* The strategy
- What is your information protection and recovery strategy?
- What tools are you going to use?
- The objective.
- What do you hope to achieve by implementing the plan?
- How is the plan going to contribute to core business operations?
* What information needs to be protected and backed up?
- MS Office documents.
- Financial systems.
- E-mail.
- Customer databases or related information.
- Websites and intranets.
* Where does the information reside?
- Notebooks.
- Desktop computers.
- File or data servers.
- Flash Disks (Memory Stick).
* Who has and should have access to and control of how information is kept?
- Shared folders.
- Mapped drives.
- Organisational defined structure or unstructured.
* Action plans
- What actions will you take to protect the information?
- What backups will be made, how frequently, what rotation period is sensible?
- Where will backups be stored - internally or outsourced?
- What communication is needed to make staff aware?
- Perhaps most importantly who is responsible for what and by when?
* A disaster recovery plan
- What actions need to be taken in the event of a disaster?
- How will you restore the organisation to normal trading?
* Measurement
- What controls are needed to ensure compliance?
- How will you know the strategy is successful?
- Contingency plan.
* What are the alternatives should it not be possible to implement the plan?
This list is by no means exhaustive but designed to illustrate the need for a formal recovery plan, one that fully takes into account the needs of the organisation and the potential risks. Do not think this will not happen to me, do not think that your office is a safe environment, one that is free from the risk of theft, hacking or natural disaster - these are issues every business faces daily. The time to take action is now!

Others who read this also read these articles

  • Everything in its place

    A 2006 EMC-sponsored AIIM survey, which investigated the role of ECM in storage decisions, found that larger organisations are aggressively pursuing consolidation and rationalisation of their storage and content archiving strategies

    [ March 2008 ]

  • The art of compliant backup

    New regulations on both sides of the Atlantic, such as the Freedom of Information Act (2000) in the UK or new electronic data retention rules in the US (Federal Rules of Civil Procedure 26, 2006), mean electronic data now needs to be retained for compliance reasons

    [ January 2008 ]

  • MarketWatch: Dell steps up storage with EqualLogic

    The purchase will take Dell into the realm of technology development for the very first time

    [ November 2007 ]

  • Virtualisation grows up

    While the technology is designed to simplify server administration by breaking hardware dependency and creating a pool of processing resources on which software can run, this has a knock-on effect on systems management and monitoring, as well as storage management and back-up

    [ November 2007 ]

  • Throwing a lifeline?

    Although IT budgets overall remain flat, the portion for storage has grown from 13% in 2002, to a 22% average in 2006

    [ November 2007 ]

  • MWeb Business uses Attix5 for backup and restore

    Designed for bandwidth-rare South African conditions, it uses very little capacity by only updating those files which have changed since the previous backup

    [ August 2007 ]

  • Alexander Forbes boosts DR capabilities with DCC and DiData

    Server virtualisation enables Alexander Forbes to manage approximately 200 to 300 servers on just 16 blades

    [ August 2007 ]

  • One-stop storage solutions

    Quantum has the most comprehensive portfolio of disk-based backup and de-duplication/replication solutions, is the no. 1 provider of tape automation, as well as a long-standing leader in tape drives and media

    [ July 2007 ]

Others who read this also read these regulars

Search Site

Search Directory

  • Search for:


Previous Issues