Harvey is reminder of need for detailed disaster recovery plan

The devastating impact of Hurricane Harvey on many communities in Texas serves as a stark reminder that healthcare organizations of all sizes need to be prepared for disasters and have a plan in place to help with recovery from such events.

While the Texas coast just north of Corpus Christi was ground zero for the hurricane landing Friday night, Houston to the north is experiencing unprecedented flooding from an expected 50 inches of rain in the hurricane's wake. Federal and state officials have already predicted it could take the region years to recover from the damage.

The crisis is putting renewed focus on disaster recovery plans and what organizations should do to ensure their systems and data remain safe and accessible after order is restored.

For IT executives, disaster recovery and business continuity strategies should be among the top priorities, because so much of the day-to-day operations of most organizations now relies on systems availability and data.

An IT recovery plan should have three layers, all of which must be addressed in order to recover successfully, according to Joseph George, vice president of product management at Sungard Availability Services.

One is data protection. “If you don’t have your data at an off-site, secure location, then you really have nothing at all,” George said. “How you choose to get your data off-site—via tape, disk backup, storage replication or server replication—will depend upon the [criticality] of your particular applications and the recovery time objective and recovery point objective for each.”

Another layer is system recovery. This constitutes the platforms, servers, operating systems, backup software, backup hardware, hypervisors, networks and storage that organizations will use to actually recover their applications.

“Your recovery environment should align with your production environment,” George said. “If your recovery environment has changed over time, then ideally you have performed adequate change management between your production and recovery environments so that when you attempt to recover your data, the two are in sync.”

The third layer is people, processes and programs. It will be people on staff who perform the recoveries—therefore it’s imperative that they have an operational place to work, with the right equipment, space and communications to enable them to do their jobs. It’s also important that they have the right expertise and focus to successfully recover data and applications, George said.

Processes are the procedures that document the steps of the recovery. They need to be updated and correctly maintained to avoid the risk of failing at recovering applications and data. Programs are the ongoing lifecycle and management of the disaster recovery program and govern crucial activities such as test planning and execution, post-test analyses, execution of change management, and active integration of best practices and lessons learned on an ongoing basis.

For reprint and licensing requests for this article, click here.