Protect Your Company Against Disaster

Part IV

Walking Through a Disaster

In our third installment, we got to the point where you are putting pen to paper on your disaster and recovery plan. The most important rule you have established is one of an effective standard of operation Ė the minimum level of computers, data, phones, etc. that you need to run your business. It is the return to that level that is the entire point of your disaster plan, and its goal.

We advanced the notion that the best way to plan for recovery is to walk through the stepsóassume youíve had a disaster and start working your way back from it. Hereís what you should be imagining:

Once a disaster strikes, the first impulse is to try to determine what kind of disaster are we having? Have we lost communications, data, our entire location? Is it a workstation, a server, a cluster of servers? Is it hardware? Is it software? Is it a virus? Is it a problem that we think might go away on its own, such as a power outage?

In your planning meetings, you may have run through all kinds of scenarios. But the disaster you end up with may be none of them. Or, you may mistakenly try to fit the disaster you are facing into one of the planned scenarios.

Whether the catastrophe is any of those things, anything from a virus to a meteor hit on your headquarters, it is important to focus on the essence of business interruption: Effectiveness and time. Are you at an acceptable operational capacity or not? If not, how long will it take to get back to capacity? How soon can you get back to a minimal operational standard, and how long will it take to ramp up from there? Who do you need to assist (technicians, phone people, etc)? These are the first questions of recovery.

Donít underestimate the severity of your problem. In the disasters I have seen, one of the chief mistakes was thinking the problem was less serious than it really wasóby the time the gravity of what had happened was apparent, precious time had been lost. It could be because the responsible party wants to minimize the seriousness of the situation to superiors, or technicians want to cover their own mistakes or incompetence, or something as simple as not wanting to be the bearer of bad news. If you are the person in charge of the recovery, you are the bearer of news. Good or bad, itís all you. Donít sugar coat.

In the time that we have, it is better not to explore a variety of scenarios. Instead, we should address the question of returning to an acceptable operational level. In your planning phases, you decided what that level was. Now comes the time to implement.

If you planned well, you already know who the key people are and how to get in touch with them. A key component of this phase is to communicate the severity of your problem. Donít let these key folks believe your problem is anything less than immediate and critical. Donít accept stalling, donít try to work it over the phone. If you need them there right now, thatís what you tell them.

This is the key question. You can have a minor problem that takes days to fix or a major one that is done in an hour. It is not the problem that determines the disaster, itís the time it takes to solve it. Itís also important to distinguish between a temporary solution and a permanent one. The temporary solution will probably take less time, so that would be preferred, as long as an accurate assessment of how long it takes to get to the permanent solution is done.

There is nothing to be gained by keeping the problem quiet. Donít let the employees, management, customers or vendors Ďdiscoverí the problem on their own. Control the story. Once you know what the problem is and how long it may take to fix, time to get the word out. Let people know what is going on and how long you expect to be down. Your disaster plan should include what information to release and to whom. Your downtime results from the demands placed on your IT structure by users, managers, and customers. Letting them know of the problem pro-actively may just buy you the time and patience you need to get it done.

Sometimes, things just donít go the way you plan. Improper assessment, lack of parts to do the repair, and just plain bad luck can conspire to make your recovery fail. What are you going to do if Plan A fails? How much time are you going to give Plan A to work?

Consider this: why not have one team working on repair while another is working on replacement? That way you get to both finish lines at once.

Itís difficult to be too specific about the recovery without knowing the exact nature of the problem, but an easy assumption is that your server is damaged or destroyed, or your physical location is, or both.

If you have to move to a temporary location, consider the following:
1. Does it have enough room for all your people?
2. Does it have enough electrical capacity for all the computers, phones, fax machines, laser printers, etc?
3. Does it have phone lines?
4. Internet access?


It is very tempting to try and fix the server you have. Why? It is already preconfigured the way you like it Ė no need to add the users and printers back on. And if it works, everything comes back just the way it was before the crash. The problem with that, of course, is that it crashed once. It sure can do it again.

If youíre going to fix it, do you have the spare parts needed to rebuild the entire server? It may take hours to determine which part is faulty. I hope itís not the part you donít have.

Consider also the possibility of moving the data to another server in your operation. Believe me, I know how IT guys like to have one server for mail, one for printing, one for data, etc. Itís ok to move the data to a working server rather than be down while you fix the data server. Data is the hot potato, not the machinery itself.

How long will a repair take? Would it take less time to just rebuild the server? Or get a temporary replacement?

If it turns out that you have to start from scratch, youíve got to have all the stuff you need, including:

1. Original media for your operating system, application software, etc, so you can reinstall everything.

2. The media from your most recent backup and the means to restore it (matching tape drive, Internet connection, etc).

3. A machine to put it on. Remember that a server is distinguished by the operating system. Not to say that all computers are alike, but if you have to take a workstation and temporarily install server software on it, do it. Replacing a server is not an easy thing. You need to get a machine, install an operating system, install application software, then recover your data. Itís important to remember that you donít need the final server youíre going to end up with; you do not need a computer that is an exact match of the old one. Not to oversimplify, but what distinguishes a server from a workstation is usually the operating system. You can, under the right circumstances, take ANY computer and make it a server if you install your server-level operating system on it. Things to watch for: it must have enough physical storage space to hold all your data and a way to back it up. You may not have your final server for weeks. Once you get it, this entire process will have to be done over again on the new machine. But you may be stuck with your temporary server for longer than you think.

Try not to have the same disaster twice. When your new server arrives, or your old one is repaired, do the switchover during off-peak times. And keep the old one as a backup against future disasters.

In the end, you may come away with the feeling that you havenít done enough to prepare for and recover from disasters. You may be right about that, but the only way to know for sure is to actually have a disaster, and no one wants that. Donít overcompensate. Every disaster plan is a work in progress.

Part of the CSM Family!

AM Peck & Company
Cincinnati, Ohio

Emory P. Zimmer Insurance Agency
Cincinnati, Ohio

In each newsletter, we would like to welcome clients to our "family." If you would like to have your business highlighted, please call Carrie at:
(859) 491-7947


Who said it???
I had to pick myself up and get on with it, do it all over again, only even better this time

Rules:  Be the first person to email us with the correct answer at and win a $10.00 gift certificate from
Blockbuster Video!

Last Contest Winner:  In our last newsletter; the "Who said it" quote was:
"Big results require big ambitions"

This quote has been attributed to James Champy

Our winner is:
Tub Maxson with TM Risk Services


Deal of the Month



Attachť provides the ultimate mobile storage solution for people on the go. Working on a presentation and need to take it with you? Want to share a new tune or pictures with your friends? Simply copy the file onto Attachť and take it with you -- put it in your pocket, wear it around your neck, or put it in your backpack or briefcase and you're good to go. To access your data, simply plug Attachť into virtually any PC or MAC -- without the need for bulky cables or adapters. And Attachť includes a write-protect switch to safeguard your valuable data from accidental deletion. Access your files. Anytime. Anywhere.

Call Kim at 859-491-7947 to order

Security Audit
Have one?  You need one...

New News @ CSM! 
CSM has been selected as one of only 10 AMS Preferred Vendors in the United States for AMS 360 installations.  CSM will be beta testing 360 and would welcome your input. 
If you would like to assist us in the beta process, please email Kim.

About Our Organization:

Did you know that CSM is 11 years old this year?  
Computer Systems Management, Inc. is about service and about taking the extra steps needed to form lasting partnerships.  In addition to helping our corporate clientele, CSM serves the community by coordinating PC donations to low-income families and schools, providing free training classes to "welfare to work" participants, motivational assistance to GED students and on-the-job training to transitional workers.

Computer Systems Management Inc.; 
2517 Anderson Road, Crescent Springs, Kentucky 41017
(859) 491-7947; Fax: (859) 392-2682

Did someone forward this email to you? Would you like to join our mailing list?
Please click here to subscribe!

Your privacy is paramount to CSM.  You are receiving this email, either because you have an email account on our server or you have requested to receive periodic newsletters from CSM.  If you would like to be removed please click HERE and type REMOVE in the subject line and we will remove you from our database.