News Stay informed about the latest enterprise technology news and product updates.

Disaster recovery planning off CIOs' plate -- sort of

A new survey finds fewer CIOs are involved in disaster recovery plans. Bad move. Here's why.

Most CIOs are not directly involved in their companies' disaster recovery plans, a new survey from Symantec Corp. has found.

Questioning more than 1,000 IT leaders in "large organizations" worldwide, the survey found that only 33% of companies have a CIO, CTO or IT manager involved in disaster recovery planning.

More on disaster recovery
Disaster recovery funding often hard sell for CIOs

Failover sites key to surviving disaster

DR planning begins with commitment
That's down from 55% just a year ago. In a press release, Symantec called that a "troubling trend," noting that a disaster recovery plan has a better chance of success when an executive is involved.

Of course, midmarket CIOs -- running smaller IT shops -- are more likely to be directly involved in everything that goes on at work, including disaster recovery.

And Andrew Barnes, a senior vice president at disaster recovery firm NeverFail Ltd., says midmarket CIOs are more likely to be on top of a good disaster recovery plan.

"You might think it is harder to sell into smaller organizations, [that] they don't have the resources," Barnes said. "Actually, we find it's more straightforward talking to the smaller organizations, because they realize."

That's a good thing for midmarket IT shops, said Robert Simpson, IT director at ImagePoint Inc. in Knoxville, Tenn.

"IT execs may no longer be in charge [of disaster recovery] at many organizations, but to not at least be involved would be a strategic error," Simpson said. "The IT infrastructure recovery is vital to business recovery and the IT execs represent the most extensive DR experience in many organizations.

"IT execs do not see this as a trend," Simpson added. "Nor is it a new requirement brought on by recent regional, national and/or world events. It has been a way of life for years."

At ImagePoint, Simpson has seen the disaster recovery plan evolve to include the business units. The company's technology availability plan, aligned with an incident management plan, reflects the typical, technical aspect of disaster recovery and business continuity. But the company also has a corresponding business availability plan run by a director of risk management. The technology availability plan is overseen by Simpson and his IT team and includes "presenting plans, upgrades, vulnerabilities and testing results to the board of directors."

Both Barnes and Simpson said not only do CIOs need to be involved in their companies' disaster recovery plans, but they also need to push for regular testing. The survey by Cupertino, Calif.-based Symantec found only 47% of organizations testing once or more a year. Thirty-one percent of respondents felt they were in shape to be up and running within a day in the event of a disaster, a statistic Symantec says shows the need for more regular testing to improve disaster recovery plans.

Observe the chaos and indecisions during a
mock disaster and you will immediately see the importance of testing [disaster recovery plans].

Robert Simpson
IT directorImagePoint Inc.
A full third of tests are also unsuccessful, according to the survey, with human error and technology leading the reasons for failure.

At ImagePoint, which designs branded signs for major chain restaurants and retail stores, annual testing includes a failover test to the company's disaster recovery site, data and system recovery testing and a mock disaster.

Simpson said he recognizes why CIOs might not want to test -- it could mean significant downtime and costs. But to ignore the need is "not wise," he said.

"Observe the chaos and indecisions during a mock disaster and you will immediately see the importance of testing," he said.

Consider, too, that the Symantec survey found one-third of organizations have actually had to activate a disaster recovery plan in the past year. The most likely reason for using a plan was hardware and software failure, followed closely by external security threats and power failures. IT leaders responding to the survey also told of natural disasters, internal IT problems, data loss and accidental or malicious employee failure.

The survey also found 64% of North American respondents are re-evaluating a disaster recovery plan to account for the growing impact of virtualization tools on the IT industry.

Let us know what you think about the story; email: Zach Church, News Writer

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.