The tragedy of the earthquake in Japan and the resulting tsunami serve as stark reminders of the importance of disaster planning and preparedness. There are few places, if any, in the world that are immune from some sort of natural disaster and no one is immune from system failures or cybercrime. The real measure of our worth as IT people lies in how quickly and reliably we deliver information services to our end-users. After all, our jobs are about helping our end-users work more productively, creatively, and efficiently.
We understand it, but what about management?
Interestingly, my experience with my students and colleagues in IT is that, although most of us understand the importance of disaster preparedness, our upper management often doesn't support it. I have a good friend who is an IT manager for a large concern. Her company, despite her protests, is planning on locating their data center in a flood plain downstream from an at-risk dam! Small businesses abound with servers under someone's desk because the owner doesn't realize the potential economic impact of a data outage.
It's a matter of survival
In their book, "Firewall Fundamentals", authors Wes Noonan and Ido Dubrawsky state, "...the majority of smaller companies that experience a week of downtime as a result of a security incident are rarely able to recover...and go out of business."
How to make the case for preparedness
This blog post is not about trying to convince you of the importance of disaster preparedness. You're well aware of its importance. It's also not about how to develop disaster recovery plans. There are plenty of websites, books, and training programs that do that very well. I thought, however, that I might arm you with some data to help you convince your management to support disaster recovery preparedness.
It's about avoiding a financial disaster
In order to convince management to do something, you have to make a business case for it. Business managers and owners are focused on profitability. Anything that affects profitability will get their attention. Your disaster preparedness plan has to make sense from a business standpoint. The financial cost of a disaster must be greater than the cost of disaster preparedness or management won't support you. You can use historical data to determine the likelihood of particular events such as floods, earthquakes, equipment failures, and security breaches.
What are some numbers?
According to a study by Computer Associates, European organizations with 50+ employees lose an average of 552 staff hours per year to downtime. At a pay rate of, say, $50/hour, that amounts to $27,600 in lost wages alone. That doesn't consider lost revenue or credibility. You can probably get information about revenue per employee from your organization's accounting department.
Some helpful resources
Iron Mountain produced an excellent document titled The Business Case for Disaster Recovery Planning: Calculating the Cost of Downtime
Sudora Computer Services is a St. Louis-based IT consulting company in St. Louis that created a simple calculator to determine the cost of downtime.
Intel has an interesting paper on Establishing a Low Cost Disaster Recovery Site.
Symantec conducts an annual Disaster Recovery Study. You can view the results of their 2010 study here.
You might have some data on the cost of disaster recovery preparedness or, more importantly, the cost of disaster recovery un-preparedness. Please share that in your comments.
The pictures from Japan are a daily reminder of the forces of nature, the costs of recovery are staggering, and there is no doubt that many businesses will never recover from the disaster. Right now is an excellent time to have this conversation with upper-management.
Don R. Crawley is President/Chief Technologist at soundtraining.net, the Seattle IT training firm. A geek and nerdy kind of guy since sometime back in the 60s, today he pontificates at Computerworld, writes books for IT people, and speaks to IT groups on customer service, communication, and technology.