Can’t stop, won’t stop
In July, when a San Francisco information technology (IT) employee changed the passwords on the city’s wide area network — essentially locking out everyone from payroll, e-mail, law enforcement and other personnel records — the city had to implement its IT recovery plan and use backup systems to restore critical services. Elsewhere, other cities and counties that have been battered by severe weather have had to enact emergency plans to safeguard their IT infrastructure. Either case demonstrates the need for an IT disaster recovery plan.
Unfortunately, local government officials and IT staff know that disasters are not only generated by Mother Nature, but also from intentional acts and unintentional incidents, such as server crashes, hardware failures and infrastructure problems. And, since Sept. 11, 2001, local government IT leaders have worked harder to ensure that mission-critical IT services continue uninterrupted during emergencies.
While developing disaster recovery strategies, IT directors and government leaders first should establish what “recovery” will mean and the level of recovery expected. For local governments, IT disaster recovery can mean regaining access to data (records, hardware, software), communications (Web portals, phone, VoIP), and office space. A higher expectation of recovery — a lower amount of data loss and the least amount of downtime — will mean more costly disaster recovery options.
For many communities, not losing data or time is unrealistic, but some strategies can protect a large amount of data and speed recovery. Anti-virus software, surge protectors, uninterruptible power supplies and/or backup generators, fire alarms and fire extinguishers are the most essential tools to preserve IT infrastructure.
In addition, IT staff can regularly replicate data to an off-site location, which eliminates the need to restore it following a disaster, leaving more time to restore or sync systems. Tape backups of data can be regularly sent off-site, or disks can be backed up in the office and automatically copied to an off-site disk, or saved directly to an off-site disk.
A growing number of vendors are offering software as a service, which is hosted at the vendors’ offices and runs the programs over the Internet. The high-availability systems keep both the data and system replicated at the vendor’s office, so cities and counties can restore operations once they have an Internet connection. Lastly, in some cases, a local government may use a disaster recovery provider, which will offer a stand-by site and back up systems.
Developing a workable, realistic recovery plan can take a lot of time, research and resources, and the frequency with which the plan is tested is one of the biggest keys to success. A disaster recovery plan and extensive security measures will not prevent damaging incidents, but they can minimize the effects they have on the entire organization.
The author is a senior consultant for Portland, Maine-based Berry, Dunn, McNeil and Parker.