Driving Business Continuity &
Disaster Recovery
ComputerWorld Singapore Vol. 10 Issue No. 5
By Louis Chua
A new working group has been set up in Singapore to create a
standard to certify business continuity/disaster recovery (BC/DR)
service providers, help -service providers to differentiate
themselves and improve the service quality of vendors.
These measures are aimed at enhancing Singapore's credentials
as BC/DR hub and helping end user organisations choose the best-fit
service providers.
Singapore is generally considered an ideal BC/DR location for
most business operations because of its competitive edge as
a regional transportation hub, international financial centre
and a primary regional centre for technology and education,
according to Jon Murray, programme manager, -Business Continuity,
EMC South Asia. Freed of natural disasters and coupled with
a stable political/social climate and world-class telecommunications
infrastructure, Singapore is a good choice for businesses to
set up their data centres, either as a primary or secondary
site, he said. EMC has several customers who are already using
Singapore as a DR hub.
In a presentation at a recent Security and Standards Seminar,
Edmund Chong, the secretary of the BC/DR Working Group highlighted
the need for a BC/DR industry standard in Singapore to boost
the country's hub credentials. The Working Group was formed
in October. Its founding members include National Computer Systems,
Singapore Computer Systems, IBM, Hewlett-Packard, Equinix, Singapore
Telecom, Avaya, the ASP/IDC Alliance Chapter of the Singapore
IT Federation, SIG^2, PricewaterhouseCoopers, DRI Asia and BCP
Asia.
According to Chong, there is currently a comprehensive range
of service providers in Singapore because many players have
entered the BC/DR market, but there is a need to maintain and
constantly improve service level even as these players differentiate
themselves to retain competitive advantage.
From the customers' perspective, there is often a lack of clarity
over the different types of -service providers, which often
leads to confusion.
For example, while customers often use BC interchangeably with
DR, Murray says there is a major -difference between disaster
recovery planning and enterprise business continuity planning.
"The former anticipates recovering from a disaster while
the latter achieves continuous information availability in a
non-disaster scenario," explained Murray. "The most important
objective of a business is to ensure that all its information/data
is protected and -recoverable or more commonly today, can be
re-started without lengthy recovery procedures."
"Another major gap in business continuity planning is using
the infrastructure productively," he added. "Most companies
do not realise that putting in place a business continuity solution
actually allows the -company to leverage it and boost its business."
Murray believes that DR sites are no longer just costly maintenance
expenditures or expensive -insurance, but replication sites
for revenue-generating activities. The business continuity solution
will pay for itself by delivering new capabilities, accelerating
time-to-market for new applications, and lowering overall costs
through productive protection.
Research firm Gartner has also pointed out that less than 1
per cent of downtime is due to natural disasters but 85 per
cent of the time, the information that is needed is not available
due to reasons such as planned downtime, for example, backing
up or migrating the data between applications, refreshing a
datawarehouse, upgrading the server and testing applications.
Hence, to ensure business continuity capabilities, businesses
should not just focus on the 1 per cent chance of having a natural
disaster but planned downtime, which is more likely to occur.
The proposed industry standard will have three parts, Disaster
Recovery Facility, Service Provider Capability and Industry
Best Practices.
For the Disaster Recovery Facility, the standard will specify
details such as what work-desk recovery space must be equipped;
the availability of hot, warm or cold sites; physical security,
facility access procedures; telecom links reliability and redundancy,
even details such as air-conditioning system and redundancy.
The Service Provider Capabilities section aims to evaluate technical
support competency. It covers the type of services; the ability
to support multi-platforms/technologies; availability 24x7x365;
recovery experience; and the number and types of "disasters"
which had been supported by the service provider.
The section on Industry Best Practices includes the mandatory
labelling and cross-inventory of assets for both the customers
and service providers; asserting the right of customers to remove
their assets and data/-information by inserting a model clause
in the outsourcing contract; reviewing contract language and
exploring an insurance scheme or other re-course action plans.
The drafting of the industry standard has started and will involve
inputs from industry working group and consultants to recommend
the suitable standard for Singapore. It is expected to be ready
for pilot adoption between April 2004 to September 2004.
According to International Data Corporation's (IDC) 2002 Worldwide
IT Security and Business Continuity Forecast, the Asia Pacific
market for BC/DR is expected to double from US$6.3 billion ($11
billion) in 2002 to US$12.3 billion in 2006. |