Technology-- Redundancy & Recovery

Many IT departments today are managed as internal or sometimes external service organizations to the business. Typically, there are service level agreements or expectations by which these departments are measured by their users. These services must be provided under normal conditions and during emergency/disaster conditions, as well. Proactive, structured and integrated efforts are required to achieve desired resiliency commitments. Business application priorities driven by Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) will dictate the level of investment to be made in the technology resiliency architecture.

Redundancy & Recovery: In cases where a business is totally dependent on technology, there may be a resiliency goal established requiring that no single-points-of-failure exist in the support environment. For less technology dependent businesses, "next day" or "two day" recovery may be adequate. As such, IT Disaster Recovery plans should be a combination of service continuity (fail-over) and restoration, accounting for all levels of RTO/RPO specified by the business. The first step of the plan involves the people and tools required to maintain or restore the environment. The next step is the granular implementation "playbook", which details the priority order of steps, anticipated time frames, and inter-dependencies among the processes. Establishing critical levels of Technology Redundancy and Recovery are key criteria in all accepted standards and guidelines and regulations (i.e. BS 25999, ANSI NFPA 1600, FFIEC, HIPAA, NASD & NYSE) for best practices in Business Continuity Management.

Key Business Elements		Resiliency Investments
	|
	|
	|
	|
	|
	|
	|
	|