Jan 07 2009

A Guide to Building a Better Recovery Plan

Disaster recovery is critical in IT. Consider these steps to make sure your system is secure.

Behind the Scenes

Building a Better Recovery Plan


Perry Rosenfeld

In IT, you never know what disaster might come your way next.

In IT, you never know what disaster might come your way next.

At the North East Florida Educational Consortium, 30 county school districts participate in our programs, and 10 of these use our data center. Disaster recovery is critical for us because downtime means that 10 counties lose access to their data, their purchasing systems and the system they use for reporting to the state Department of Education.

{mosloadposition mpu}

Based on our experience, here are some things to consider when developing a disaster recovery plan.

  • First things first — take stock: Step back and look at your systems. Do you have reliable, clean power? Do you have independent and redundant network connectivity? Have you built fault-tolerant systems to support your data users? These objectives should be included in daily and monthly work plans.
  • Set priorities: Determine what services are essential during a disaster. As a data center that provides services to education, NEFEC interacts on a daily basis with a variety of user communities. Many of these, while important, don’t rely on us for essential services. Report cards are important, but can wait during an emergency; so can health records. Payroll cannot wait. Our disaster recovery plan is focused on getting payroll and finance systems back up as soon as possible. Other capabilities are restored as time allows.
  • Consider your options: NEFEC is a nonprofit organization, so funding an offsite data center or collocating a large amount of hardware is not an option. Our most critical system is our mainframe. We have found other school systems that use identical software and hardware and have partnered with them to serve as a disaster recovery site. If you go this route, make sure to maintain similar hardware profiles to ensure compatibility.
  • Test as often as you can: Have auditors review your disaster recovery plan annually to ensure compliance. We perform annual tests to be certain that our disaster recovery assumptions remain valid. Every year, our systems are backed up, trucked to our partner site, loaded and tested by volunteer users. This way we know our networking, hardware, operating system and program changes should all continue to function in the event of a disaster. We have learned the importance of testing our backups and not assuming a backup routine is viable until we have checked the restored data.
  • Review and expand your plan: Systems and needs change constantly. As more services are provided through web-based applications, these also must be taken into account. When reviewing your plan, evaluate what’s critical, consider all options, test everything and augment procedures as needed.

EdTech Quick Poll

Which of the following is your most pressing concern in terms of a failure in your IT infrastructure?


What’s on Bleckley County’s Must-Have List?

The Georgia school system’s disaster recovery plan identifies the data it will need access to should a disaster strike. It makes daily backups of files in these ­categories:

  • Special education
  • School food services
  • Financial (district and school level)
  • Student information
  • Media records
  • Student computerized grades
  • E-mail user names and passwords
  • Employee records
  • Equipment records
  • Contracts for outside vendors or contract employees
  • Any network and Internet information, such as IP information, network topology and hosting agency contact information

aaa 1