Identifying short term and long term needs, current vulnerabilities and helping develop a strategic plan may require help. Especially true if internal resources are concentrating on running the business and putting out fires. Having the important decision makers present at the meeting is also very helpful as you get a unified direction and it helps increase the productivity of the meeting. Of course the biggest challenge is the allocation of financial resources and a lot of IT departments find that to be quite the brick wall they run into. Having key decision makers present helps greatly as they gain understanding explained to them in a non-technical sense. One important document that can help put things into perspective is creating a disaster recovery plan (DRP).
The disaster recovery plan is probably the most important as it helps address short term crisis’ that are acute and potentially catastrophic to an organization. Things like response time, disaster detection, and resource allocation are just a few of the hot topics that need to be addressed as part of the disaster recovery plan, frequently referred to as the DRP. Unfortunately most organizations do not have such a plan. The DRP helps identify unknown weaknesses in the IT system and also strongly helps documenting what’s currently in place.
For example I had a client with over 12,000 people on their payroll. These workers were all out in the field. This was at a time when it was difficult to hire people. It was of critical importance to never miss a pay run. If they missed one, people were sure to walk. Those were the type of workers they had in their employment. We ensured that part of their disaster recovery plan was hosted at an alternate geographic site, somewhere away from their main location. Their entire accounting system, such that they could do a full pay run, was replicated offsite including physically having a printer with some cheques. In the event that something happened, it can be difficult to gain access to your own financial resources. Having all that in place is something that you need to think about right down to who do you call, which manufacturers can you call, what equipment do you have, what models were they, and what are their serial numbers, are they on warranty, where do you call for that, are there 24/7 phone numbers…
This really brings forth a lot of questions that you might not have asked or that you might have taken for granted. They are brought to surface and decide whether or not you even want to deal with it. We call that risk analysis or risk management; you’re deciding whether or not a particular concern or product or software or service or some data within the organization, what is the amount of risk within that topic, what is the amount of risk associated with losing it, and how much time can you be without it, and what you are willing to spend to address the issue. A few years ago, a person could be without their email for days or a week, it was no big deal. Now I have many clients where they cannot live without it! If they’re without email for a day it’s almost a disaster in itself. All the communication is done that way and there are actual costs attributed to it. Some organizations can attribute actual dollars lost due to missing a piece of equipment or someone’s time. Loss of productivity with your own staff where you actually have to shift what they’re doing away from billable work into non billable work because something internal has to take priority (such as reconstructing valuable data) can be costly.
For more information, see my book www.ITSurvivalGuideBook.com
Having a DRP document in place, even to raise questions that have never been considered, can be very valuable.