Companies have recognized that they need to function 24/7 in a global economy -- and that they can ill afford to experience disasters and outages. This has given some "lift" to disaster recovery as a corporate priority -- but there still are transformations of thinking that need to occur within organizations when it comes to disaster recovery (DR) and business continuation.
This starts with the fact that most organizations still regard IT as the custodian of the plan. True enough: IT probably plays the most major of roles in DRs -- but there are also other areas that need to be addressed in disaster recovery planning that IT alone cannot fulfill. Two of these key areas are:
Customers, investors, the board of directors, and other stakeholders want immediate word from the organization when something happens. This is before a problem is diagnosed and a fix and recovery are underway. The parties that coordinate these corporate communications are the CEO, other C-level executives, and corporate public relations. It is their job to communicate to stakeholders, customers, and the media exactly what is going on -- and to reassure interested (and anxious!) parties that the business is OK. The communications plan (i.e., who talks to the press, etc.) should be part of the disaster recovery plan -- and those who carry it out should be in close contact with IT so they have a thorough understanding of the size of a disaster or an outage and receive regular status updates on restoration.
When systems don't work, it doesn't mean that the business can't. Bank tellers can manually log transactions if they have to. Clerks in stores can deliver the goods for check or cash, even if they can't process your credit or debit card. Nevertheless and regardless of the situation, those on the operations side have to know what the manual procedures and checkpoints are for doing work when a system fails. This is where it becomes imperative for operational groups to develop their own business continuation plans that can work around systems when those systems aren't available.
It is often up to the CIO to educate other C-level executives and high-ranking managers on the importance of developing a comprehensive plan for disasters and business continuation that covers not only IT but also the business operations and communications to stakeholders and the general public. Initially, the CIO might encounter resistance -- because even in today's 24/7 environment, with its demand for constant uptime, disaster recovery is still not a popular project.
Ultimately, though, others in the organization realize that disaster recovery and business continuation must be executed along every front in the business, and not just IT. What they might not realize is that you just don't write a set of operating procedures for an outage once, and then stick them in a drawer or on a server. Like IT resources, operational contingencies in DR and failover times have to be periodically tested and revised. They also have to be synchronized when systems, regulations, or the business environment changes. Most organizations do not have the luxury to perform full tests of their DR plans each year -- but they arrange to systematically test key pieces of the plan on a quarterly or semi-annual basis.
Organizations that have been most successful in getting their DR plans in gear for 24/7 business usually have thoughtful C-level executives, including the CIO, leading the charge.