IT Gap Analysis
It is important that the current level of preparedness is fully understood before undertaking any DR project. This would involve:
- Desktop review of existing response plans and associated documentation
- Gaining an appreciation of the current IT and comms infrastructure and equipment, where it is based and the services that it supports
- Identifying potential threats to the continuity of IT and comms services, ranging from the loss of data centre capability to disruptions impacting single points of failure.
How to identify potential threats
- Through discussions with IT and comms representatives who have a good appreciation of set up, together with review of network diagrams, server lists, risk assessment information and other relevant material
- Carrying out a risk assessment of key IT and comms facilities
- Understanding existing data management processes and the potential data loss to which the business is exposed
- Obtaining information on the known or assumed business expectations for Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
How to identify business requirements
- Through discussions with IT and comms representatives who have a good appreciation of business expectations, although some assumptions may be necessary
- Reviewing existing business continuity plans for the organisation
- Facilitating Business Impact Analysis (BIA) discussions with business representatives to ensure that minimum resource requirements are justified and based upon the prioritisation of critical activities and consideration of the feasibility of contingencies and workarounds that would “buy more time” for the recovery of IT and comms services
- Obtaining views on planned or potential IT and comms initiatives that would improve upon the current position (e.g. implementation of virtualisation, changes in data management, etc.)
A report can then be produced by Teed that clearly outlines the current level of preparedness and in matrix form the “required” versus “achievable” recovery capability against each IT and comms service, thus highlighting the gaps that should be addressed. An appropriate plan of action for addressing the issues and areas of concern identified will be suggested.