The attacks on Sept. 11 have sent a clear message to the business community to take steps to protect itself against interruption from outside forces. Obviously, most firms cannot protect themselves fully against extreme circumstances. But they can take steps to limit their exposure level and have a plan for recovery.
First, senior management at A/E/C firms must understand that disasters can happen. A task force of representatives of key departments should be assembled and a formal plan developed and disseminated. In that plan, everything from notification of staff and clients, security upgrades, emergency phone numbers, backup locations, and building and information technology (IT) systems should be outlined and documented. Any additional resulting costs should be documented, approved and implemented.
Many noncomputer-related issues should be addressed. However, because of limited editorial space, this month's column focuses only on technology. Other areas will be discussed next month.
The first area of evaluation is whether computer backup systems are in place. Not only is it important that backups are performed on a regular basis, but that they are also verified and tested.
As backups become routine for most IT departments, they are sometimes not treated with the same level of critical concern as many of the day-to-day fires that need to be extinguished. Time and again, bad tapes, incomplete efforts and wrong files lead to backup failures.
A common backup procedure consists of an incremental series of daily backups followed by a full weekly backup. In some cases, however, the IT staff does not have the skills to perform the proper restorations. Many A/E/C firms prefer full backups of all servers every night so that a complete image of the firm's data resides on one set of tapes instead of numerous tapes, which simplifies the restoration process.
In addition to a nightly backup, an incremental backup at midday will provide an extra level of safety.
Typically, only one person in an IT department knows how to restore files from backup tapes. Backup procedures should be documented and distributed to the entire IT staff. Moreover, "emergency restoration drills" should be implemented to avoid disasters.
Tapes should be checked for completion and then removed from the server area. Firms located on Ground Zero lost months of work on Sept. 11 because backup tapes were located in the offices that were destroyed. As a bare minimum, a bank, an attorney's office or a paid service off-site should pick up the tapes regularly. The off-site location should be as far away as possible, but should be available for urgent restore requests that take place throughout the working day.
For added safety, tape backups can be supplemented with online backups, where the contents of the primary server are copied over the Internet nightly to a backup server and then synchronized only for the changed data. These come in many forms, from establishing mirrored servers at another location to using a hosting facility available from an Internet service provider, such as Iron Mountain, Capital Backup or Veritas.
Regardless of the technology used, the backup concept is a promising method of protecting data. Firms with multiple offices should take advantage of these technologies. Firms with single offices should consider outsourcing to a backup service company.