Essential IT ? Planning for the worst
Kieran Cooper recommends a pessimistic approach to IT systems.
What?s the worst that could happen to your ICT systems? More importantly, what would be the impact on your operation if something terrible happened? You might be able to cope without access to the web for a few days, but how about not being able to send or receive emails? If you weren?t able to sell tickets for a week whilst the box office system was repaired, what sort of effect might that have on your income? Are you covered by insurance if lighting causes an electrical spike which fries your telephone system?
Ask tough questions
However difficult the answers might be, organisations should really be asking themselves these kinds of questions at regular intervals. In the first place, it is very important to consider what steps could be taken mitigate the risk. It shouldn?t take very long to think through all the possibilities and work out what could be done either to try and prevent disaster before it happens, or to make plans to recover from problems as quickly as possible.
Many of the answers are not complicated. For example, I discussed the issues of backups and security in Arts Professional issue 57. In summary, it is essential to make sure that important data is being copied onto some kind of removable media such as tape or CD, and that this should be stored away from the building so that it could be restored if something terrible happens like a fire or burglary. Making sure that you have suitable support cover is also key and everyone should know exactly who they should call in the event of a problem occurring.
Predicting disaster
The key is to consider the likelihood of something happening, and what the effects on the organisation would be. This should be used to determine how strong the mitigating actions should be. One major London venue, for instance, has an arrangement with a phone room where it can relocate all its staff, transfer the phone calls, restore the ticketing system backup and be up and selling again within a matter of hours should something happen. The expense of having this kind of resource on standby is justified in this case because of the importance of being able to continue to trade, though this might not be as appropriate to smaller venues. Other steps may be much simpler. For example:
? it is relatively easy to find equipment which would switch to dial-up Internet if the main ADSL connectivity were to break
? to cover the possibility that your box office operation might be seriously affected if too many staff were struck down with something like flu, you might be able to have a reciprocal arrangement with other box offices to swap staff
? if you are reliant on one server computer for email or key systems such as ticketing or accounts, then it should be fitted with backup hard discs (RAID is the technical term) or redundant power supplies to allow for one to fail
? given that PCs are relatively cheap these days, it may be worth having a spare one in store that could be swapped quickly if necessary
Communicate the plan
It is also important to plan carefully for what should happen in the event of a problem. Who would be responsible for contacting the support company? Can the box office take bookings on paper if the computer system goes down? Do you know where to find the discs for key software if it needs to be reinstalled? All these risks, and the associated action plan, should be documented and circulated to all key staff. It is very important that someone is given the task of reviewing this periodically and, given that the ultimate responsibility for organisational performance should lie with the board of directors or trustees, someone from the governing body should make sure that they keep themselves up to date with the plans ? much as they do with financial information.
A dry run
The other key thing to remember is that it is essential to test these plans, rather than waiting for a disaster to happen. Just as organisations hold fire drills to make sure that everyone knows exactly what they should do (or at least they should do ? I can?t think of the last time that I experienced a fire drill in an arts building, but that?s another story) it is essential to run through the actions to find out where any potential problems lie. For instance, can you be absolutely sure that whoever would be responsible for restoring your email system from the backup tape knows precisely how to do it? If you have an Uninterruptible Power Supply (UPS) providing battery backup for your server, can you be sure that the battery is still working and that it will keep your machines working if there is a power cut? It shouldn?t be difficult to conduct these sorts of tests but it?s the only real way of finding out whether the plan is going to work.
Think ahead
Murphy?s Law (whatever can go wrong will go wrong) is still as applicable as ever. As I?ve said before, however, I?m convinced that the likelihood of problems occurring is in inverse proportion to the amount of time an organisation has spent planning for what would happen if disaster occurs. I?m well aware that IT often comes a long way down the agenda ? both when it comes to expenditure and in terms of planning for the worst; but I can?t stress highly enough the importance of thinking through what the implications might be, in terms of both finance and reputation, of something terrible happening. Nightmare scenarios are thankfully rare, but they do happen and will do even more frequently as we become ever more dependent on ICT. To quote the famous scout motto, ?Be Prepared?!
Kieran Cooper is a Director of the arts management consultancy Catalyst Arts.
t: 01223 562871;
e: [email protected];
w: http://www.catalystarts.com
See the section on Disaster Recovery (or Business Continuity) Planning on the Business
Link website w: http://www.businesslink.gov.uk
Join the Discussion
You must be logged in to post a comment.