Disaster Recovery

1. Business impact assessment How soon do you need to resume operations? And how much information would be lost, including its financial impact?
Risks perceived are: financial loss, damage to reputation, regulatory penalties or operational disruption.

2. Analysis "For each application, you have to understand the network infrastructure, the systems infrastructure and the storage infrastructure. If you don't have that information, it's nearly impossible to begin discussing technology options for your DR architecture," Segment data according to "tiers of criticality" based on its relevance. Make sure you cover any and all enterprise-critical applications, as well as any line-of-business-critical applications.

3. Budget Not every risk is worth offsetting. Financial institutions may face severe fines for failing to meet government regulations. Health care companies similarly are at risk if sensitive patient data gets exposed. A retailer may lose customers should its system be hacked in credit-card scams.
A phased approach to implementation to spread the cost over short cycles of time is a good approach.

4. Data protection Perhaps no component is as crucial as technology. Aside from people, information is the single most important asset for any organization.
"The most critical thing is getting data secured, because equipment and buildings can be replaced.

5. Semiannual tests The conventional wisdom is that DR plans should be tested at least twice a year, perhaps more depending on the degree of change within your environment. Moving servers in and out of production, reworking a database or launching new applications are all significant environmental changes that need to be documented in your DR plan.