The ability to re cover lost data and information is particularly important given the current troubled economic circumstances. According to Joe Costello, business development manager at IBM Ireland, organisations know that losing access to business critical information, even for relatively short periods of time, can be fatal.

“Companies both large and small are continuing to improve their business continuity posture, in many different ways,” said Costello.” Managers are recognising that, in these uncertain economic times, it is important to be able to demonstrate to our suppliers and clients that we are prepared somewhat for the unexpected.”

Detailed data recovery planning is vital to help a company avoid a potentially disastrous loss of business critical information, according to Leonard MacAuliffe, manager of enterprise risk services at Deloitte. MacAuliffe said that such data recovery plans used to be the preserve of larger companies.

“Historical ly, only large companies would have disaster recovery and business continuity plans in place,” he said.” However, with the increasing dependency on information technology and with many companies having an online presence, as well as ecommerce websites, medium and some smaller companies are now looking at cost-effective disaster recovery and business continuity solutions.”

MacAuliffe said that incomplete or faulty data recovery plans could have very serious implications for a company.” Many companies with disaster recovery and business continuity plans in place do not effectively maintain these plans or test them comprehensively,” he said.

“Therefore, if a disaster or total systems failure occurs, most Irish companies would struggle to recover their systems within the timeframes that the business would need - and many of the smaller companies may not be able to recover.”

Helga Muir, sales and marketing manager at Servecentric, said that some Irish companies did not have any disaster recovery plan in place at all.” A lot of companies have not actually got a plan, and they are in trouble if something serious does happen,” said Muir.” They often spend days trying to get back up and running.”

What gets lost Costello said that most people who used IT systems had experienced some kind of system failure at some point.” At one time or another, most technology users have experienced some kind of unexpected outage,” he said.” More often than not, we have just hit alt-control delete and restarted the device, accepting that we have lost some degree of productivity. That is okay if you are playing about on a games console or working on a simple document, but the impact can be quite different if we are talking about an enterprise level application or system.”

MacAuliffe said that, generally speaking, applications and information being used and accessed when a systems failure occurred were most at risk.

“The most common kind of information lost in any crash will be current and active documents, files that are being used and updated when the crash occurs,” he said.

“The most serious example of this is usually databases, whose integrity may be compromised and destroyed. Serious examples may include accounting and customer databases, the loss of which may cripple an organisation financially.”

Loss of access to this information could have potentially fatal consequences for companies, according to Karl Jordan, country manager of enterprise storage at Hewlett Packard Ireland.

“Most companies are at risk of going out of business if they lose enough data, or are denied access to data for long enough,” he said.” Depending on the size and type of company, they will have differing tolerances in this regard. Statistics show that 80 per cent of businesses suffering a major disaster go out of business within three years, while 40 per cent of businesses suffering critical IT failure will go out of business within 12 months.”

The business-critical nature of today's IT systems lead all areas of a company to be concerned with its data recovery capabilities, said Costello.” We have seen a shift in decision making in this area from purely an IT viewpoint, which is what it was around 2000,” he said.

“Today, HR, finance, and senior management are all showing much greater interest in the subject, as business professionals realise that being offline for a prolonged period of time can mean loss of revenue, loss of confidence, and damage to the brand image and reputation.”

Plan elements All companies, from the biggest to the smallest, need to have a data recovery plan which they can implement immediately when their IT systems fail, Costello said.

“People need to identify and prioritise critical business processes and applications, and the data that most affects revenue, customers and business survival,” he said.” They should then come up with a documented plan showing what needs to be done, and by whom, in great detail, in order to recover.

“This should include everything from describing who has the authority to invoke a plan, right down to the individual steps that might need to be taken to recover individual systems. They also should calculate the cost of downtime, which helps to rationalise investment in business continuity and data recovery and security systems.”

Jordan said that a data recovery plan should consider the different requirements of each system and application being used by the organisation, and the varying business importance of different data.” All digital data accessed through hardware or software interfaces becomes unavailable when the hardware or software interfaces go down,” he said.

“This data can be low value or mission-critical. High-value data will most likely need to be accessed quickly, with low tolerance for data loss. Access to low value data may not be necessary for some time, and some may be lost without significant impact. The challenge is to be able to identify this data and develop recovery strategies appropriate to the value of the data.”

Data recovery plans should consider which information should be restored first in the event of a total loss of access, according to MacAuliffe.” Best practice data recovery plans include a business impact analysis (BIA) to ascertain which data and systems should be recovered first and in what priority,” he said.

“This is essential in the event of a disaster, as not all systems will be recovered at once and you have to prioritise, based on the criticality of the business process of the supporting data, applications and underlying infrastructure.”

Chris Mayers, chief security architect for Citrix in Ireland, said that some companies were more able to deal with temporary losses of access to their information than others.

“The question you should be asking is how long can you afford to be out for,” he said.” The shorter the period, the more expensive it is going to be.

“If you have a business critical system, where you cannot really afford much down time, you will be looking for a solution that gives you some kind of continuous availability. There may be an interruption of service of a few minutes, maybe not more than that.”

Jordan said it was vital that data recovery plans were regularly tested to ensure that the data was still protected.

“Testing of a recovery plan in realistic detail is a potentially costly, risky and time-consuming process, which is why organisations are reluctant to undertake this type of comprehensive testing,” he said.” However, testing is the only way to ensure the plan is viable, in case of a real disaster.”

Tamás Jung, senior consultant of recovery management for CA in Ireland, The ability to re cover lost data and information is particularly important given the current troubled economic circumstances. According to Joe Costello, business development manager at IBM Ireland, organisations know that losing access to business critical information, even for relatively short periods of time, can be fatal.

“Companies both large and small are continuing to improve their business continuity posture, in many different ways,” said Costello.” Managers are recognising that, in these uncertain economic times, it is important to be able to demonstrate to our suppliers and clients that we are prepared somewhat for the unexpected.”

Detailed data recovery planning is vital to help a company avoid a potentially disastrous loss of business critical information, according to Leonard MacAuliffe, manager of enterprise risk services at Deloitte. MacAuliffe said that such data recovery plans used to be the preserve of larger companies.

“Historical ly, only large companies would have disaster recovery and business continuity plans in place,” he said.” However, with the increasing dependency on information technology and with many companies having an online presence, as well as ecommerce websites, medium and some smaller companies are now looking at cost-effective disaster recovery and business continuity solutions.”

MacAuliffe said that incomplete or faulty data recovery plans could have very serious implications for a company.” Many companies with disaster recovery and business continuity plans in place do not effectively maintain these plans or test them comprehensively,” he said.

“Therefore, if a disaster or total systems failure occurs, most Irish companies would struggle to recover their systems within the timeframes that the business would need - and many of the smaller companies may not be able to recover.”

HelgaMuir, sales and marketing manager at Servecentric, said that some Irish companies did not have any disaster recovery plan in place at all.” A lot of companies have not actually got a plan, and they are in trouble if something serious does happen,” said Muir.” They often spend days trying to get back up and running.”

What gets lost Costello said that most people who used IT systems had experienced some kind of system failure at some point.” At one time or another, most technology users have experienced some kind of unexpected outage,” he said.” More often than not, we have just hit alt-control delete and restarted the device, accepting that we have lost some degree of productivity. That is okay if you are playing about on a games console or working on a simple document, but the impact can be quite different if we are talking about an enterprise level application or system.”

MacAuliffe said that, generally speaking, applications and information being used and accessed when a systems failure occurred were most at risk. “The most common kind of information lost in any crash will be current and active documents, files that are being used and updated when the crash occurs,” he said.

“The most serious example of this is usually databases, whose integrity may be compromised and destroyed. Serious examples may include accounting and customer databases, the loss of which may cripple an organisation financially.” Loss of access to this information could have potentially fatal consequences for companies, according to Karl Jordan, country manager of enterprise storage at Hewlett Packard Ireland.

“Most companies are at risk of going out of business if they lose enough data, or are denied access to data for long enough,” he said.” Depending on the size and type of company, they will have differing tolerances in this regard. Statistics show that 80 per cent of businesses suffering a major disaster go out of business within three years, while 40 per cent of businesses suffering critical IT failure will go out of business within 12 months.”

The business-critical nature of today's IT systems lead all areas of a company to be concerned with its data recovery capabilities, said Costello.” We have seen a shift in decision making in this area from purely an IT viewpoint, which is what it was around 2000,” he said.

“Today, HR, finance, and senior management are all showing much greater interest in the subject, as business professionals realise that being offline for a prolonged period of time can mean loss of revenue, loss of confidence, and damage to the brand image and reputation.”

Plan elements All companies, from the biggest to the smallest, need to have a data recovery plan which they can implement immediately when their IT systems fail, Costello said.

“People need to identify and prioritise critical business processes and applications, and the data that most affects revenue, customers and business survival,” he said.” They should then come up with a documented plan showing what needs to be done, and by whom, in great detail, in order to recover.

“This should include everything from describing who has the authority to invoke a plan, right down to the individual steps that might need to be taken to recover individual systems. They also should calculate the cost of downtime, which helps to rationalise investment in business continuity and data recovery and security systems.”

Jordan said that a data recovery plan should consider the different requirements of each system and application being used by the organisation, and the varying business importance of different data.” All digital data accessed through hardware or software interfaces becomes unavailable when the hardware or software interfaces go down,” he said.

“This data can be low value or mission-critical. High-value data will most likely need to be accessed quickly, with low tolerance for data loss. Access to low value data may not be necessary for some time, and some may be lost without significant impact. The challenge is to be able to identify this data and develop recovery strategies appropriate to the value of the data.”

Data recovery plans should consider which information should be restored first in the event of a total loss of access, according to MacAuliffe.” Best practice data recovery plans include a business impact analysis (BIA) to ascertain which data and systems should be recovered first and in what priority,” he said.

“This is essential in the event of a disaster, as not all systems will be recovered at once and you have to prioritise, based on the criticality of the business process of the supporting data, applications and underlying infrastructure.” Chris Mayers, chief security architect for Citrix in Ireland, said that some companies were more able to deal with temporary losses of access to their information than others.

“The question you should be asking is how long can you afford to be out for,” he said.” The shorter the period, the more expensive it is going to be. “If you have a business critical system, where you cannot really afford much down time, you will be looking for a solution that gives you some kind of continuous availability. There may be an interruption of service of a few minutes, maybe not more than that.”

Jordan said it was vital that data recovery plans were regularly tested to ensure that the data was still protected.

“Testing of a recovery plan in realistic detail is a potentially costly, risky and time-consuming process, which is why organisations are reluctant to undertake this type of comprehensive testing,” he said.” However, testing is the only way to ensure the plan is viable, in case of a real disaster.”