For example, the company could consider placing the data recovery system in the desert between West Texas and Nevada. In general, these areas are not subject to tornados or hurricanes. You could then choose, to place the location for all backup servers in a facility that will protect it against the weather such as: placing it underground. Once the facility is complete, you want to ensure that there is key staff to monitor and address any kind of issues that arise. Using such a system, will allow you to reduce the overall amounts of lost data that can occur at a particular location (due to weather / terrorist related activity).
Emergency Operations Center
The next issue that is going to be faced by the company / location is: establishing an Emergency Operations Center (EOC). In general, an EOC will serve as a place where the company can effectively coordinate a response, perform any kind of recovery effort and most effectively direct the company's resources to the most appropriate places. The most important aspect that should always be kept in mind when designing the EOC is: that the objective is to effectively coordinate communication as much as possible. This is important because, once an actual event occurs, the overall amounts of communication will speak volumes, as to how severe the property damage and casualties could be a location. Once this basic foundation has been established, you want to begin implementing what is known as the Incident Command System (ICS). This is a management system that effectively establishes procedures for the EOC including terminology, how information is released to the press and the proper procedures for most effectively coordinating different responses. The biggest advantage that this system offers is: it can be implemented quickly and adapted to a variety of real time situations that are occurring on the ground. (Kunene)
Next, you want to ensure that there will be competent managers who can take command of the situation once an incident occurs. This means that you must place key personnel at certain locations and have a chain of command in place, where a second or third person can fill in if something unexpected happens. This is important because once an incident occurs, means that the company will have a window of opportunity to establish effective command and control over the location. When, you have select personnel at the various locations that are trained for such events, means that they can quickly have the EOC up and running. This command structure; will ensure that everything at the location will work in accordance with the objectives stated in the company's disaster recovery plan.
Personnel issues are the third aspect that must be carefully examined, for any kind of disaster recovery plan that the company is working on. This is because having a focused effort that will train and direct various resources to the points that they are needed most, will help to mitigate any kind of collateral damage that could occur. Otherwise, the resources of the company will not be directed to help alleviate the situation, only making the problem worse. A good example of this occurred during Hurricane Katrina. Despite, the fact that everyone knew a major storm was headed towards New Orleans several days before, the disaster recovery plan of the city and state were ineffective. This is because many of the key personnel did not fully understand their responsibilities. Then, when they wanted to go to particular areas they were instructed to wait. This lack of communication and not having the various personnel in place only increased the amounts of damage and casualties. (Hoffman) To avoid these kinds of situations, the company may want to consider creating disaster recovery teams, where a specific team is assigned various aspects of disaster recovery. Each person would be assigned various responsibilities / duties. This will to help protect the location against various kinds of possible threats. You would then, have one or two people trained in the same job as a backup. This will effectively organize personnel, as to what their roles are during the event of a disaster and what they can do to be aware of unusual activity. These two elements will help to reduce the possible risks and prepare for any kind of situations that need to be dealt with quickly.
Next, you want to create situations that will consistently test key personnel on various issues. This means, that you must continually have mock drills on a wide range of events and then critique everyone on how well they performed during the exercise. You would then, want to continue to have different exercises that focus on specific threats that are relevant to a location. For example, the three locations that are in the middle of terrorist hot beds would obviously have to focus more on a number of terrorist related issues. While the locations in the Southeastern and Midwestern United States would have to worry about natural disasters and terrorist events. At each location this would mean, taking the company disaster recovery plan and then implementing the parts of it that are relevant. Once this has been established, you want to then create several teams that would test a site for various vulnerabilities, unannounced. This means, those members of these different teams would go to various locations, blend in and then attempt to exploit the various security related issues. Over the course of time, this would help each specific location to see how and in what ways they are most vulnerable, to a number of different scenarios. This will help to consistently reinforce the attitude of always being watchful within the company itself.
The company is large multi-national corporation, that has adjusted revenues each year are $1 billion. This means that the company would need to normally spend in the first two years on training and establishing the disaster recovery plan of: 5% of the total revenues. This number is above the 2 to 4% that was stated earlier. The reason why 5% was chosen for the first two years was to ensure that the added expenses of: bringing in additional personal, technology, consultants and training were realistically budgeted. This would give the company a total budget on developing an implementing an effective disaster recovery plan of: $50 million each year (for the first two years). Within this number would include: added improvements that will be required for each location ranging from data recovery to within the physical plant itself to security. For example, in those locations that are in the hot zones for terrorist activities, a number of different costs will be required to address all primary threats. These would include: added guards, increased surveillance equipment, construction of specific security gates / barrier (such as cement barriers to prevent car bombings), consultants and the constant drills that must take place. In each of these different locations, there must also be a specific assessment as to what threats are the most pressing. In this particular case, an outside security consultant would be required to perform an assessment. The costs for preparing each location for the various threats that they could be facing could be as high as $1 million per location. Then, there are the costs of training and testing the effectiveness of the plan. In this particular case, holding a series of four different drills per year could cost as much as $3 million per location. The reasons why these costs are higher are: the added amounts of time, training and planning, that is required in coordinating these different events. Then, there are the costs of having consistent random checks for various weaknesses. This means, that there must be a series of different teams will randomly test the disaster recovery plan of each location. In general, the costs for having the different teams engaging in such actions would cost $6 million per year. Then, you must account for building an underground data storage facility in the desert southwest. This will cost approximately cost $4 million to implement. The remaining $1 million would be used to provide additional improvements in the disaster recovery plan, that are found after the random checks at each location.
During the preceding years, the total amount of revenues spent on the disaster recovery plan will then fall within the 3% range or $30 million per year. This money, would be used to provide each location with updated equipment, analyze the disaster recovery plan that is in place for each location once year, analyze the disaster recovery plan of the company every year, test the various locations for weaknesses, address any weaknesses found, ensure that the data recovery center is always available and provide continued training to the staff. If the cost of various disaster recovery planning rises during this time, the total amount spent can be increased by 1% to accounts for any changes in inflation. These total costs can be tied…