this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

I.T in practice: Unnatural disaster stories

Every Issue

Cite as: (2005) 79(11) LIJ, p. 85


Loss of computer resources is potentially disastrous for practices, but effective contingency planning can minimise the damage.

Disaster recovery planning is an all-encompassing term that means the development of a contingency plan in the event that one or more of the practice’s computer resources were to become unavailable.

Typical scenarios include a burglary of a small practice’s offices, where its network server is stolen, or a crash of a main computer to the point where it cannot be easily or quickly repaired.

There are actions that the practice can take to minimise the effects of a system disaster and, in many cases, prevent it. Generally, prevention measures fall into two categories – process measures and system setup.

Process measures

A diligently maintained backup regime is a good foundation on which to base disaster recovery planning (DRP).[1] Typically, a grandfather-father-son backup system is the best. This involves three sets of backups – daily, weekly and monthly.

The daily or son backups are rotated each day, the weekly (Friday) or father backups are rotated each week, and a number of monthly or grandfather backups are rotated each month.

Often with CD or DVD-based backup, the grandfather images are burnt once and archived in permanent storage. Some firms ensure that grandfather backups are complete system backups, which include data, programs and the operating system. It is essential that some backups be kept off-site and only brought back into the office on the day they will be used. When budgeting on tape backup drives, it is common to allocate at least as much on backup media as for the backup drive itself.

Testing backups is essential. This is more than merely checking the tapes to see if they can be read; it involves restoring them on another system and verifying that all of the data that was expected to be backed up is present and usable.

It is not difficult to find people who will relate true stories about organisations whose nightly automated backup was diligently rotated and kept off-site, but later discovered to contain no data at all.

Backups should also be tested for completeness – backing up emails is an often neglected component of a rock-solid DRP. In addition, if there are any special applications which require the storage of data on specific workstations in the office, backups of these workstations will also be required.

System setup

When a system is set up, the most common way to establish resilience in the case of a disaster is to have redundant components. In small practices, it may be desirable but is more often cost prohibitive to have a whole standby server ready in the event of problems. However, inside the main server computer, it is possible to install redundant hard disks which automatically cut in when there is a failure.

This is known as “RAID” – redundant array of inexpensive disks – and can be thought of by analogy as similar to a car that has a spare tyre that automatically changes itself when one of the other tyres goes flat (as the car is in motion).

More expensive computers can have additional duplicated sets of internal components that will activate when there is a failure, while the system is running, and in some cases can send an email or SMS message to warn someone that there has been a failure.

DRP does not just cover computers. It can extend to things such as laser printers and Internet connections. It is good practice to ensure that all printers in the office can be used by all network users if there is a permanent failure of the main network printer. Also, many Internet service providers (ISPs) allow broadband users to use a dial-up modem if needed, and retaining the equipment and configuration for this is a good element of a practice’s DRP.

DRP also includes ensuring that the appropriate resources such as phone numbers of technical consultants, access to spare funds, etc., are available when required.

Thinking the unthinkable

For practices that have never had to survive the disruption and cost of a total system recovery, it may be difficult to envisage what could happen in the event of a disaster.

A pessimistic brainstorming session of disaster “what if” scenarios should be sufficient on which to base a good disaster recovery plan. However, practices should balance the risk or probably of a defined disaster event, with the cost of avoiding it.

Often, minimisation rather than avoidance strategies will yield more appropriate disaster recover plans.

“To do” list

• Upgrade your computer resources to reduce your reliance on specific points of failure.
• Develop a disaster recovery plan and review it at least every year.
• Review and test your current backup procedures every three months.
• Don’t go overboard – balance your risks with the costs of minimisation.


ADAM REYNOLDS is the principal of Proficio, an independent IT consultant firm. For more I.T. in practice information, see the contributions of the LIV Legal Practice Management Committee and IT special projects department at http://www.liv.asn.au/members/sections/lpm.

itcolumn@liv.asn.au


[1] See “Troubleshooting troubles” (2005) 79(4) LIJ 73.

Comments




Leave message



 
 Security code
 
LIV Social
Footer