By Jeff Whitaker, Sr. Cloud Solutions Marketing Manager, NetApp & Yaron Haimsohn, Cloud Solution Architect, NetApp
Disaster recovery (DR) planning is no longer something that businesses can afford to ignore. For a start, if a natural or a manmade disaster strikes, companies can’t resume operations without a DR plan in place. Also, many jurisdictions now have regulations that mandate DR planning for certain industries. If an emergency arises and a company isn’t prepared for it, the company can face fines and legal penalties.
Complying with these regulations protects your firm in the long run, because it forces you to plan for a disaster and keeps you from running afoul of the law. Here are three useful tips for adhering to DR regulations and making sure that you are up to speed.
Understand Your Compliance Requirements
Your compliance requirements depend on your industry. However, some regulations affect virtually all industries.
Consider the U.S. as an example. The Sarbanes-Oxley Act of 2002 (also known as SOX) was passed by Congress to protect the American public from fraudulent enterprise practices. Although the goal of the act was greater financial transparency for all companies, the act has implications for the IT sphere. SOX states that firms must save all business records, including electronic records and messages, for no less than five years. If a firm fails to comply, its corporate leaders face imprisonment and the company could be fined.
Verify That Your DR Plan Complies with Regulations
You might have a DR plan in place right now. However, if it doesn’t meet the standards set out by government regulations, you could face serious repercussions.
For instance, the Federal Financial Institutions Examination Council (FFIEC) has guidelines about the maximum allowable downtime for IT systems based on how critical downtime is to the business. If an IT system is part of a critical process, the recovery team must make it operational within a period of minutes. Therefore, financial institutions should set their recovery time objectives to FFIEC guidelines if they want to avoid prosecution.
Choose the Right Infrastructure
No government regulation states that businesses must use a particular type of infrastructure to comply with the law. That being said, some technological solutions make it easier to adhere to legislation than others. What you need to know is which infrastructure will best meet your DR needs while preventing you from violating the law.
Some DR solutions enable you to perform failover testing without bringing the network down and disrupting business. This means that you not only comply with the law, but that your DR plan exceeds legal requirements for the maximum allowable downtime. DR testing is critical, because it demonstrates whether your plan will work if disaster strikes. Many organizations avoid testing their DR plans because they fear the cost of downtime.
NetApp disaster recovery solutions are built on the NetApp® Data ONTAP® operating system, which is enterprise-grade scale-out storage. Data ONTAP is architected for nondisruptive operations and efficiency. With the Data ONTAP operating system, you can leverage your DR infrastructure to perform failover testing and not experience a moment of downtime. You can support vital DR testing without sacrificing crucial business continuity. Discover how the NetApp Data ONTAP operating system creates a win-win situation for your organization.
Check out our white paper “Budgeting for a Disaster: 7 Cost-Savings Tips for Disaster Recovery.” In the paper you will find more actionable tips on how your organization can maintain compliance and cut the cost of disaster recovery.