Most CIOs are not directly involved in their companies' disaster recovery plans, a new survey from Symantec Corp. has found.
Questioning more than 1,000 IT leaders in "large organizations" worldwide, the survey found that only 33% of companies have a CIO, CTO or IT manager involved in disaster recovery planning.
Of course, midmarket CIOs -- running smaller IT shops -- are more likely to be directly involved in everything that goes on at work, including disaster recovery.
And Andrew Barnes, a senior vice president at disaster recovery firm NeverFail Ltd., says midmarket CIOs are more likely to be on top of a good disaster recovery plan.
"You might think it is harder to sell into smaller organizations, [that] they don't have the resources," Barnes said. "Actually, we find it's more straightforward talking to the smaller organizations, because they realize."
That's a good thing for midmarket IT shops, said Robert Simpson, IT director at ImagePoint Inc. in Knoxville, Tenn.
"IT execs may no longer be in charge [of disaster recovery] at many organizations, but to not at least be involved would be a strategic error," Simpson said. "The IT infrastructure recovery is vital to business recovery and the IT execs represent the most extensive DR experience in many organizations.
"IT execs do not see this as a trend," Simpson added. "Nor is it a new requirement brought on by recent regional, national and/or world events. It has been a way of life for years."
At ImagePoint, Simpson has seen the disaster recovery plan evolve to include the business units. The company's technology availability plan, aligned with an incident management plan, reflects the typical, technical aspect of disaster recovery and business continuity. But the company also has a corresponding business availability plan run by a director of risk management. The technology availability plan is overseen by Simpson and his IT team and includes "presenting plans, upgrades, vulnerabilities and testing results to the board of directors."
Both Barnes and Simpson said not only do CIOs need to be involved in their companies' disaster recovery plans, but they also need to push for regular testing. The survey by Cupertino, Calif.-based Symantec found only 47% of organizations testing once or more a year. Thirty-one percent of respondents felt they were in shape to be up and running within a day in the event of a disaster, a statistic Symantec says shows the need for more regular testing to improve disaster recovery plans.
At ImagePoint, which designs branded signs for major chain restaurants and retail stores, annual testing includes a failover test to the company's disaster recovery site, data and system recovery testing and a mock disaster.
Simpson said he recognizes why CIOs might not want to test -- it could mean significant downtime and costs. But to ignore the need is "not wise," he said.
"Observe the chaos and indecisions during a mock disaster and you will immediately see the importance of testing," he said.
Consider, too, that the Symantec survey found one-third of organizations have actually had to activate a disaster recovery plan in the past year. The most likely reason for using a plan was hardware and software failure, followed closely by external security threats and power failures. IT leaders responding to the survey also told of natural disasters, internal IT problems, data loss and accidental or malicious employee failure.
The survey also found 64% of North American respondents are re-evaluating a disaster recovery plan to account for the growing impact of virtualization tools on the IT industry.
Let us know what you think about the story; email: Zach Church, News Writer