NEW YORK--The tragic events of Sept. 11 have placed business-continuity and disaster-recovery services in an entirely new light, exposing plans that are flawed or outdated after years of complacency. At its Disaster Recovery, Crisis Management, and Business Continuity Planning conference held here Tuesday, IT industry analyst firm Gartner emphasized the need for better continuity and recovery planning and execution as companies prepare for the unknown.
Gartner recommends that companies disperse IT assets and get several areas of management involved in designing and testing continuity plans, in the event key personnel cannot be contacted. The firm also encourages companies to expand their plans beyond business equipment and assets to include the safety of personnel and the coordination of employees if they're displaced from their offices. "Because Sept. 11 was so dramatic and affected so many businesses, it wasn't clear for many companies who was in charge," Gartner analyst Roberta Witty says.
The advent of E-commerce and increased outsourcing are adding another layer of complexity to continuity problems. E-commerce requires continuous availability and dramatically faster recovery times, Witty says. And the top-line savings of outsourcing has a dark side--bottom-line dependency. Disasters impacting supply-chain partners, for example, can create havoc far up the chain. That means recovery plans have to account for partners.
Companies typically spend 3% to 8% of their IT budgets on business-continuity and disaster-recovery services, according to Gartner. Factors that go into the calculation of a reasonable expenditure include how much downtime will cost in lost revenue and productivity, says Mark Nicolett, a Gartner VP and research director. "The impact of an outage varies by application type and by the length of the outage," he says. Jonathan Good, lead systems engineer for the Reader's Digest Association Inc. in Pleasantville, N.Y., says his company's goal is to allocate a larger portion of its IT budget for continuity and recovery and that the key to doing so is "to get corporate and IT personnel together to agree on a plan." Good says that without corporate support for continuity and recovery, an IT department isn't likely to be given the money it needs to implement a plan that covers all phases, including risk assessment, planning, and testing.
Gartner also recommends companies avoid signing one-year or five-year contracts with recovery-service vendors. According to Witty, long-term contracts don't typically take into consideration the fact that hardware and software costs shrink as technology improves, and single-year contracts put the buyer at a disadvantage because the first year is when most of the time and money is spent switching systems over to the vendor. She recommends three-year contracts.
Reader's Digest recently signed a five-year contract with SunGard Data Systems Inc. Although Good says he's aware of Gartner's recommendation of three-year contracts, he says his company's deal with SunGard includes clauses that make up for the decreasing cost of hardware through additional services over time.