Jan 16, 2015
As organizations increasingly rely on digital resources, such as Oracle databases, to run their operations and store valuable information, protecting these assets is becoming a key business priority. From standby databases to failover processes, a strong disaster recovery (DR) and business continuity (BC) strategy can help companies resume activities faster and safeguard their mission-critical resources.
However, with both technology and enterprise objectives and strategies constantly evolving to meet new demands and opportunities, companies must ensure their DR processes stay up to date. That's why they should test their DR plans regularly, assessing whether their DR preparedness aligns with their business goals and requirements.
An audit assists enterprises in this regard, enabling them to test their processes to ensure they can meet recovery time objectives (RTO) and recover up-to-date backups in their standby databases.
What does a DR audit entail?
Conducting a DR audit involves gathering information about systems, processes, applications and governance to ensure the key assets are both safeguarded and meet the organization's business needs.
During the audit, analysts identify and evaluate risks as well as the controls in place to address these issues. This includes checking whether resources will be available in a sufficiently timely manner following an unexpected incident, such as a network failure or natural disaster.
While the specific components of the audit and its scope will vary based on the organization's resources and priorities, auditors usually examine DR/BC documents, assess how well staff members are prepared to act in the event of an incident and evaluate whether the processes have been adjusted to changes in the company's system. They may also run and evaluate the results of DR tests as well as investigate insurance and service-level agreements with contracted companies.
To guide them through the audit process, enterprises can turn to resources that outline steps for gathering information, running tests and assessing preparedness. Some companies utilize third-party services to conduct the audit for them.
Why are audits important?
The purpose of an audit is to minimize risk. By evaluating whether they have sufficient DR/BC resources and plans in place, organizations can make necessary adjustments to mitigate their risk.
For instance, if an audit reveals that companies won't be able to resume operations quickly enough in the event their primary system goes down, they may choose to implement a standby database. Other enterprises may realize their staff members aren't well-trained on the processes that should be followed during a disaster, prompting them to create handbooks and conduct information sessions.
Being able to adequately respond to incidents in a way that minimizes immediate and long-term losses is a significant business advantage. Numerous studies have revealed the high costs of downtime and data loss, pointing to the urgency of dependable DR/BC plans that will only become more pressing as digital resources continue to expand.
The Aberdeen Group's 2013 study found the average cost of downtime to be $163,674 per hour, for example.
Similarly, research firm Gartner typically estimates the cost of network downtime at US$5,600 per minute, or over $300,000 hourly, based on industry reports.
As organizations continue to build their digital resources, gathering greater volumes of information and implementing additional applications, each minute they lose access to these tools will only heighten in costliness.
Of course, the degree to which particular digital assets are vital to a company depends on many factors, each influencing the strain caused by downtime or data loss. That's why the Aberdeen Group emphasized the importance of evaluating proper recovery time objectives and assessing risks before settling on DR/BC technology.
These insights demonstrate the need for ongoing DR/BC planning - for which audits play a pivotal role. Even as organizations improve the robustness of their network systems, their risks may change and heighten as their technology evolves. To guard themselves against expensive downtimes and data loss, they need DR/BC strategies that align with these developments.