Posted by: David Scott
disaster awareness, disaster awareness preparedness and recovery, disaster plan, disaster planning, disaster prevention, disaster recovery plan
In yesterday’s post, we began a discussion of Disaster Recovery vs. the more comprehensive Disaster Awareness, Preparedness, and Recovery.
When we talk about Disaster Awareness, Preparedness, and Recovery, we stand a better chance for securing business in the real world (recognize that the “preparedness” aspect of DAPR incorporates provocative standards of prevention, wherever possible, with the attendant posture for recoveries where the truly unforeseen, or uncontrollable, manifests). We must associate a reality-based handle to disaster, and all business/technical considerations that go with it. The leverage to understanding and compliance is essential:
DAPR forces, not a different question but, a set of questions:
“Are we prepared for disaster?”
“I guess so – we have a disaster recovery plan.”
“Do you have an updated awareness for potential disasters?”
“Well, let’s see – I guess we should list them.”
“Now that you have an awareness, are you prepared?”
“No. We’ve added some events, and we have a better understanding of others.”
“Are we properly prepared to prevent certain outcomes?”
“Prevention? I thought this was Disaster Recovery…?”
“Can you prevent harm where appropriate? Can you truly recover from disasters – have you tested your preparedness?”
“Well, we’ll have to develop some tests, and then conduct them…”
As usual, we can leverage understanding in a powerful way when we set simple and accurate identifiers right up front. DAPR helps us to better know ‘where we are.’ Disaster’s potential is a part of where we are, and we need an awareness of our surroundings as a part of that. Preparedness is a route to a destination – a journey – a ‘how do we get there’ factor. It leads us to the ‘where we’re going’ zones of prevention and recovery.
Awareness is required before you can achieve preparedness, and preparedness is necessary for requirements supporting prevention and recovery. Can you see the ‘where are we’, ‘how do we get there’, and ‘where are we going’ elements of the previous statement?
We then require the satisfaction of a test to indicate your level of success in arriving at a state of prevention or recovery – and in arriving at a properly sized DAPR position for any moment in time.
Who drives DAPR? One guess… Particularly for Business, it is inadvisable to rely on a simple conversation with IT regarding this area. This is not to put down anyone’s IT endeavors, or business continuity efforts. Rather, this is because IT may feel that they’ve done the best they can regarding security of business in this regard, based on the resources they’ve been able to lobby for (including Business’ attention). It also includes IT’s belief (whether erroneous or actual) that they’ve met the Business expectation, and mounted the best mission. But here again there is an ignorance in many organizations. Business may like the numb comfort they often have in this area: Walking away with a simple “Yes, we’re covered” allows Business to go back to the core business focus of the day.
There is also a certain denial at work in many organizations, or a simple pushing aside of DAPR: “We’ll get to that next quarter, next year, soon,” etc. – or – “our vendor handles that.” But like all things in the Business-Technology Weave, the IT Enlightened Organization makes disaster awareness, preparedness, and recovery a Business-driven initiative, too. Who owns “business-continuity?” IT? After all, it’s Business’ continuity. Further, IT can only establish DAPR according to its own allowance, safe-channel and lead – from Business’ sanction and support. When IT fulfills a Business expectation, Business has to make sure the expectation is sized appropriately.
To Business: You own it. It is your business that will suffer from a state of non-recovery. You must oversee DAPR, its maintenance, its evolution, its testing, and you must believe that you can rely on it to your satisfaction, values, and standards. IT will serve, participate, suggest, focus, and implement the mechanics of preventions and recoveries. IT will lead when that lead is designated by Business – but policy and planning must be driven by Business.
Next: Understanding the elements of DAPR.
NP: The Doors: L.A. Woman; original vinyl release with the round-corners jacket and front cover window. Thorens TD-125, Shure v15v xMR, Carver C-1 and M-500t, Jensen cabs and Peerless drivers. Some other goodies in the signal chain, too.