10 Signs It's Time to Rethink Your Approach to DR & BCP
We teamed up with a couple of Eze Castle’s DR and BCP experts earlier today to discuss 10 signs it’s time to reevaluate your firm’s approach to disaster recovery and business continuity. Steve Banda, Product Manager, and Lisa Smith, Business Continuity Manager (and Certified Business Continuity Professional!), joined us for a live webinar to share their expertise.
Let’s take a look at the 10 signs they outlined. If you’d prefer to listen to the full webinar replay (it’s only 24 minutes long!), you can do so here.
1. Your firm is due for a hardware refresh or you are moving to a new office location
One of the most logical times for a firm to evaluate its technology environment is during an office relocation or a hardware refresh period. Rather than purchasing costly new equipment or building out a new Comm. Room, the cloud offers disaster recovery services that scale easily with investment firms and offer complete protection from outages and disasters.
2. You are still backing up data to tape
First off, let’s remember than ‘backup’ and ‘DR’ are not interchangeable terms. While a backup allows you to restore data you may have lost during a system failure or outage, a disaster recovery solution protects your entire infrastructure, including servers, networking, data and applications.
As far as tape backup is concerned, we are seeing it used less and less as companies opt for online backups, which provide faster recovery and greater reliability. However, depending on your firm’s recovery requirements, tape may still be suitable, but it’s usually not the only backup strategy employed, as it does not do enough to protect firms from a major system outage.
3. Your backup strategy does not include a geographically-diverse location
If your office is impacted by an outage or disaster, in most cases this will impact your email, data and applications. If your DR is housed in your office, for example, you’re suddenly exposed to extreme risk, and the chances of prolonged downtime are significantly increased. With cloud-based DR, not only is you’re data located far away from the disaster, but now you’re employees can also connect from anywhere. So if there was a regional disaster, your business operations could resume quickly with the right cloud-based DR strategy.
4. You’re due for an audit or investor due diligence review
There has been a tremendous increase in requests for transparency and investor due diligence inquiries in the past several years.
Investors are particularly interested in data center integrity, DR testing policies and data retention.
- Ensure data centers are Tier II or above and have fully redundant power, cooling and network infrastructure.
- Investors will want to know specifics of your firm’s DR testing plan including the frequency of testing, which applications are validated, and what the process is for addressing any issues.
- Another frequently asked question from investors is in regards to data retention. Particularly when it comes to meeting regulatory and compliance requirements, we see investors demanding files be backed up and archived for five to seven years.
5. You’ve recently experienced a disaster…or you know someone who did
Hurricane Sandy prompted a lot of firms to reevaluate their DR approach and ensure that it could withstand a disaster of this nature. The SEC, FINRA and CFTC conducted a sweep of several registered advisers after Sandy with the goal to see how these firms prepared for Sandy and ensure they were prepared for future disasters. The agencies turned their findings into a list of best practices firms should follow from a BCP perspective. You can download the document here.
6. You recently dealt with a situation (e.g. power outage, fire, etc.) and your employees didn’t know what to do.
Lisa recommends creating your own lessons learned and then forming a committee to create, address and resolve issues from them. By documenting the lessons learned and outlining a strategy for improvements, you will ensure everyone is on the same page.
7. Your organization has recently undergone changes that could impact your recovery from an incident or disaster.
As your business changes, whether its via headcount, adding new office locations, or implementing new applications, your firm’s underlying IT infrastructure has to keep up – so adding storage, computing resources, or bandwidth may be required if you are growing. Or just the opposite, if you scale down and need to reduce excess resources you pay for. In either case, a good cloud-based DR solution should be flexible enough to seamlessly scale up and down with your business.
Any change that occurs within your organization will ultimately affect your business continuity plan and related documentation. It’s imperative to have a clear strategy and provide documentation to employees, such as Quick Reference Cards, with details on employee procedures and test plans.
8. Your firm’s last risk assessment was completed over a year ago.
Exposures can change within a year. Having an updated risk assessment overview will ensure all leaders are on the same page.
9. Your firm has never conducted a complete DR test.
Scheduled periodic DR testing is a key component of a sound DR strategy. It’s easy to miss DR tests if they are not properly coordinated and executed on a routine basis. Luckily with the cloud, disaster recovery testing is dramatically simplified.
10. You’re not sure which DR and BCP best practices to use as a guide.
From a BCP perspective, use best practices as a guide, such as the recent directives from the SEC, CFTC, and FINRA. Remember to be realistic that some items might not apply to every firm. You can also reach out to third-party service providers, who can offer guidance to firms on what type of DR and BCP strategies to implement for optimal business recovery.
Beyond that, we also recommend looking at four key components when evaluating a DR solution:
- Automation: Ask your provider how they monitor data replication. What alerts do they have in place? What reports are provided as part of the solution?
- SLA: Ask about service level agreements to make sure you get the Recovery Point Objectives and Recovery Time Objectives that your business requires.
- Support: 24X7 Help Desks are critical. You also want a solution managed by a firm with multiple data centers and a strong track record of uptime.
- Technology: What infrastructure is being used? How is replication performed? The technology used will indicate the expected flexibility and reliability of the solution.
We hope you found this recap helpful! If you would you rather watch the full replay scroll down or click here.