It’s fair to say there are some things you don’t miss until they’re gone. Business data is a classic example. Yet not protecting this lifeblood of any organisation can have far-reaching consequences, as the world’s largest stock exchange discovered.
A year ago in March 2013 the New York Stock Exchange was submitting its report to regulators on a new disaster recovery plan following the devastation wrought by Hurricane Sandy. When the hurricane struck, a lack of confidence in their original backup plan led to the longest shutdown after bad weather since 1888.
But despite the publicity that surrounded this high profile case and recent examples of catastrophic flooding in the UK, many companies still fail to adequately review or test their business continuity plan. A survey of 1300 IT managers conducted by TechTarget in 2013 revealed that only 25% had ever tested their cloud recovery service.
For some experienced data recovery experts this statistic comes as no surprise. “We continually come across organisations that have placed all their focus and faith in backup technology without ever having tested whether the data can be restored adequately,” says Gavin Smith, DATAFORT’s technical director.
As a consequence some companies run a huge risk when it comes to a real life disaster. As business continuity expert Chris Needham-Bennett, of Needhams1834, quoted at DATAFORT’s recent FCA compliance seminar “If you don’t rehearse a disaster you’re not going to have any confidence in the plan”.
For financial companies regulated by the FCA taking a cursory interest in business continuity is no-longer enough. FCA regulated companies are now required to “monitor and, on a regular basis, evaluate the adequacy and effectiveness of its systems, internal control mechanisms and arrangements established for business continuity, and take adequate measures to address deficiencies”. Failure to adhere to these requirements can lead to some pretty hefty fines.
Needless to say, lessons were learnt by the NYSE and a well-prepared and tested business continuity plan was later adopted. But lessons don’t have to be learnt the hard way, and even challenges to testing backup can be overcome.
This includes one of the biggest barriers to testing: the disruption caused to production systems when restoring a backup. This can be easily resolved through utlising backup technologies that can enable testing to be conducted without disruption, such as DATAFORT Critical Care. This avoids the inevitable reluctance to test disaster recovery plans which could ultimately save a business.
For FCA regulated businesses, the relatively new compliance requirements shouldn’t just be seen as another hoop to jump through, but an opportunity to see how quickly and well their business will perform in a crisis. All too often, companies take for granted that their backup tape will deliver, only to later find the data can’t be restored. And when you consider the consequences of a failed recovery in terms of customer relations, reputation and business operations, testing a recovery procedure works certainly makes business, not just compliance, sense.