Change Control: The Basic Ingredient of Any DR Plan

By CIOReview | Tuesday, August 23, 2016

With a substantial degree of risk at play, it becomes of utmost importance for organizations to take care of the humongous amount of data and make it more safe and secure with the passage of time. Security concerns are at the top of any company’s agenda and Disaster Recovery (DR) in case of any misfortune is of critical importance for the survival of any organization. There is yet to be an organization that has not suffered accidental loss of data from an incident or a disaster. A robust and highly effective Disaster Recovery (DR) plan in place forms the backbone of an agile and effective organization in the IT arena. As the name suggests, Disaster Recovery (DR) involves a set of rules and regulations for companies to enable the recovery of valuable data and continuation of vital system infrastructure in case of a man induced disaster or natural calamity.  One of the most important challenges in DR today is that most of the programs are archaic and not in sync with today’s changing reality. If you ask any IT professional about their DR plan for the organization, the response would be a simple acceptance of the fact that they need to look into it. Things are moving at such a rapid pace in the IT arena that every organization needs to have a proven DR strategy in place to avert any misfortune or calamity. There are many reasons for DR programs to be out of tune with today’s reality:

• The program was meant only for analysis and is now lying as an outcast in some far off corner of the organization.
• The program is obsolete and not in sync with the present requirements.  The archaic nature of the program makes it unfit for use in today’s environment.
• There is a complete void and absence of a formal change control process and many times they don’t take into consideration the Disaster Recovery (DR) plan.

According to a Gartner survey, approximately 51 percent of respondents made changes to the disaster recovery plan on a preset and predetermined maintenance cycle, while 35 percent entrusted the change management process for an effective Disaster Recovery (DR) plan.

Nothing ever goes as planned and randomness is the law that governs the universe, where change is the only constant. So, what should we do? Should we just develop plans in the hope they are as good as they can be, and then abnegate ourselves to the scorn of a rancorous universe, actively disbelieving those plans? No, we must be ready for the changes and tread carefully to avert any kind of misfortune or calamity, based on our past experiences and efforts.

Change management exactly does that. It is a formal process that ensures alterations to a product or process according to the changing needs, and is introduced and implemented in a controlled and coordinated manner. It scales down the possibility of unnecessary changes coming into play without active planning and analysis, which can result in faults in the system or processes. The aim of change management in a Disaster Recovery (DR) plan is to cut down on disruptions to operations and cost-effective use of the available resources for implementing these changes.

Change management is a vital cog in the disaster recovery wheel for several reasons. Change management offers various gains by paying close attention to disaster recovery plans and keeping a tab on sensitive information. It also helps in avoiding certain problems like failure to respond to an incident because there was no plan in place. Listed below are few important activities that form the core of any change management process:

1) Ability to identify potential change.
2) Analyze thoroughly and evaluate every change request.
3) Plan elaborately and implement the changes as per the necessity over a period of time. Review and close out the change process.

Lack or absence of change management is one of the arch enemies of any Disaster Recovery (DR) plan. In fact the absence of any change management process in place might lead to disaster recovery plan’s downfall.  But there’s also another aspect to the change management process—Small and Midsized Businesses (SMBs) can find themselves particularly  challenged when it comes to change management due to lack of resources. The company’s disaster recovery plan should aim at planning and developing a robust change management process to meet any eventuality and enable the organization to recover as effectively as possible from a manmade disaster or natural calamity. A well designed DRP should aim at a 24 hour resolution and resurrection.

Points to Ponder

• Business Impact analysis encompasses designated IT professionals looking at the whole DR plan elaborately and an evaluation is done in order to identify the risk and threat.
• Disaster Recovery (DR) is not a very complex affair and businesses of all shapes and sizes should take a proper look at the existing DR methods in place and work accordingly.
• All care should be taken to make sure that change control management takes into consideration the disaster recovery plan while evaluating the impact of the change.
• One should not wait for the lightning to strike in order to update the existing disaster recovery environment.
• Disaster recovery is an ongoing process and proper attention should be paid to it. It holds the same value as the production systems, and organizations should look at DR in the same way as they look at the production process.

Change control and disaster recovery is a must for any organization and one should look at it in a proper and methodical way in order to protect the organization from any impact because of poorly planned changes. Change control helps to keep both production and disaster recovery environments in complete sync with each other, thus leading to an increased and efficient productivity.