AccuImage, LLC - The AccuView

From My Perspective

Don't Forget the Paper!

Data Availability Tools Drive Resilience

Industry Spotlight: Health Care

About AccuImage, LLC

Contact Us

How to Subscribe or Unsubscribe

by Tom Beasley

It may seem that disaster recovery is a new concept, a term coined in response to the disastrous events of September 11, 2001 and further fueled several years later by Hurricane Katrina. But actually the term disaster recovery - and the more recent variations like business continuity and continuous information availability - has been buzzing around the IT industry for decades.

Disaster recovery first emerged in the 1950s as companies began to store backup copies of their critical data, paper or electronic, at alternate sites. At first merely periodic, file backup and offsite storage procedures became more frequent and regular by the 1970s, when a handful of third-party regional storage facilities created what would become the alternate site, or "hot site," market. Disaster recovery came into its own in the 1980s, when the alternate site market grew to over a hundred vendors throughout the United States.

The 1990s saw perhaps the greatest revolution in computing to impact the disaster recovery industry, as computer systems moved from the data center and into the field. PCs became ubiquitous, and most companies moved from one centralized mainframe to vast networks of servers and desktop PCs distributed throughout the organization. This changed the game for disaster recovery, as the decentralized computing environment opened the door for recovery issues covering a much larger set of possible hardware and software combinations.

While the concept has been around for many years, disaster recovery has a different connotation today. As technology and software have advanced, disaster recovery has come to mean more than simply the ability to get your systems back online after a power outage. Companies are now expected to recover from unforeseen disasters, both natural and manmade, and retrieve all critical documents with minimal interruption - as close to zero downtime as possible.

There are many measures you can take to prevent against data loss in the event of a disaster.

Decrease your dependence on paper by scanning all documents into a document management system so that they can be included in all backups.
Create regular, frequent backups of your systems and data; send backups offsite in regular intervals; use a remote backup facility to minimize data loss.
Consider using a storage area network (SAN) over multiple sites, which would make data immediately available without the need to recover or synchronize it.
Use surge protectors to minimize the effect of power surges on delicate electronic equipment.
Have uninterruptible power supplies (UPS) and/or backup generators in place to minimize downtime in the event of power failures.
Ensure that fire preventions are in place and check them regularly - including smoke detectors and accessible fire extinguishers.
Protect against hacks and theft by implementing tested firewalls, anti-virus software, user access and authentication measures, encryption tools, etc.

At AccuImage, we realize that the process of planning for disaster can be a daunting task. We have helped many clients implement and maintain technological tools that ensure their disaster recovery readiness. And we can help you, too! Our team of experts can review your existing processes, procedures, hardware and software, and address any areas of concern. Call me at 615.242.7226 to schedule a disaster recovery consultation.

No one wants to dwell on what will happen when disaster strikes. But we can work together to ensure that if (or when) it does, your data will be safe and your business will survive.

Best regards,

Tom Beasley

tom.beasley@accuimagellc.com

You don't have to be addicted to watching the evening news to see the impact of different disasters on people, their communities and their livelihoods. Disasters can appear with little or no warning, can negatively impact people in a variety of ways, and can come in many forms:

Extreme weather conditions (Hurricane Katrina; the flooding of the Danube across Eastern and Central Europe)
A sudden failure in power or communications infrastructure (the 2003 blackout in the Northeastern United States; the blackout in Italy)
Robbery or other criminal activity (the theft of social security numbers and credit card numbers we hear about nearly every day)
Major hacking events (the I Love You virus)
Civil unrest (the riots at the World Trade Organization conference in Seattle in 2000 and the Group of Eight summit in Genoa in 2001)
Terrorist acts (World Trade Center and Pentagon attacks on 9/11; the Oklahoma City bombing)

Businesses are constantly at risk for both natural and manmade interruptions to their operations, any of which can have devastating consequences. Gartner has estimated that two out of five organizations that experience a disaster go out of business within five years. Making a speedy recovery from unforeseen interruption is imperative to staying solvent as a business. However, if a company does not develop and implement a disaster recovery and business continuity plan, one that is able to bring its systems back up in as short a time as possible, the potential for lost revenue can add up to millions of dollars within several days. Having no recovery strategy means the actual time to be fully functional can stretch out across several weeks or months.

Unfortunately, just like people sometimes hesitate to spend money on insurance for their personal interests, many organizations ignore the basic tenets of disaster recovery. And even those organizations that think they are prepared sometimes overlook the need to protect one of the most hard-to-recover assets - paper documentation.

Seeing the Signs but Not Taking Action

In the winter of 2000, Gartner conducted a survey of IT managers and discovered that over 60 percent of the businesses surveyed did not have a basic plan to mitigate the effects of a disaster. Unfortunately, even after the events of 9/11, many organizations still had not made serious preparations for quick disaster recovery. Almost a full year later, Gartner issued another report, which indicated a continuation of this trend: many businesses may be closely evaluating their level of disaster preparedness, but most haven't fully identified plans to address the disaster recovery shortcomings within their organization.

Research by KPMG also helps illustrate the level of widespread avoidance of disaster contingency planning. This research found that 81 percent of U.S. companies believe their organizations are susceptible to attack by terrorists and/or other outside predators, and yet 47 percent of these organizations do not have a crisis plan in place or even a method to measure their readiness.

What is even more troubling is that the organizations that do develop disaster recovery and business continuity plans often do not have a recovery strategy for their paper-based documents in those plans. Some organizations may have records management strategies in place for vital paper-based records stored offsite, but related documentation (such as faxes, paper in file cabinets, memos, reports and financial statements) is not backed up or stored securely offsite.

Much of this additional paper is what feeds data-driven transactions and forms the paper trail that is a key component of any ongoing investigation or transaction adjudication. When this information is lost, complete data records cannot exist.

Paper Recovery is Necessary

In terms of information and data loss, any size disaster has significant consequences for your business. For example, in early December of 2002, the Old Town of Edinburgh, Scotland, was devastated by a fire, which ripped through the heart of the historic area. Council officials and property owners estimated that the cost of the damage ran into many millions. Almost every building affected by the fire had come down and many of the historic facades were affected. But the buildings were not the only great loss.

The School of Informatics at the University of Edinburgh lost a major collection of books and journals. This collection, which included significant research papers on artificial intelligence, took years to accumulate and could not be replicated on the scale that it had existed before the fire. This paper had not been subject to a recovery plan, and now a great deal of globally important information is lost forever.

Another secondary but equally relevant issue when dealing with paper-based information relates to emergency management during the course of a disaster. Of primary importance is the ability to get quick access to appropriate municipal information, including maps, drawings, inventory data and blueprints. This information can help pinpoint the location of underground pipes, tanks, wiring systems, and known stockpiles of hazardous materials in the area. If this information is lost, misplaced, out-of-date or damaged, it becomes a problem that can stop an emergency response team in its tracks.

Being Prepared is Not an Option

Gartner analyst French Caldwell says it best when he points out, "In this new kind of war, business readiness and resilience are your most effective deterrents to terrorism. We are not going to return to business as usual, but we can get back to business." Getting back to business includes developing a business continuity strategy that takes into consideration all the different types of catastrophes that can occur to a business, such as fire, electrical outages, flooding, and so on. In addition, taking into account the backup strategies for your paper-based documents is a critical component to any strategic recovery plan.

To ensure your business continuity plans are complete, a paper scanning and archiving application is vital. The integration of imaging and scanning technologies, together with strong search and retrieval capabilities, will allow you to:

Easily add paper-based documents to your backup schedule and media storage strategy.
Backup vital paper documents with fast and easy archiving to a variety of media types.
Provide quick remote access to your paper-based reference information.

Source: e-Nterprise Advisors

Executives are tasked more than ever with running businesses that must operate around the clock. Every company is facing the onslaught of global economic volatility, fierce competition, customer churn, waves of regulatory compliance issues, and rising security concerns that add to the information availability issues.

To handle these issues, much is demanded from information technology departments. Organizations depend on IT to keep the business running, support key business endeavors, and align with growing business goals. Companies need resilient information and applications, systems, and security that can support the business wherever the future leads it.

Information Availability Enables Resilience

Information resilience encompasses most of the data, applications and systems aspects of what we know as business continuity, continuous availability, high availability, and data protection and recovery. Information resilience looks at the long-term viability of the IT "dial-tone" that runs your business today, tomorrow and long into the future.

Because a business thrives on information, the availability of that information plays a key role in business resilience. Any interruption or interference (downtime) that makes your information or applications inaccessible or inaccurate adds delay to your go-to-market processes, supply chain, analyses, and vital decisions.

Downtime: Bad for the Bottom Line

Downtime prevents immediate action from your customers, employees, and business partners. Many business executives are not even aware of this hidden, but altogether unnecessary cost. Gartner estimates downtime costs a business $108,000 per hour. A truly resilient business, however, will take steps to solve downtime issues throughout all of its business processes as well as in its IT infrastructure.

Even the most highly effective, information-driven organization inevitably suffers from some form of downtime or interference to access and information flow. But the most proactive organizations have taken steps to severely reduce its impact and costs.

While some unplanned downtime results from natural disasters, most happens because of hardware or application failures, human errors, and security violations. Surprisingly, studies show that planned interruptions (downtime) caused by routine daily/weekly backups, system upgrades, performance tuning, and batch jobs create 70 to 90 percent of interruptions for most businesses.

For most companies, downtime is the equivalent of closing the business, turning off the lights, and sending everyone home. A study by a major business continuity group showed that 54 percent of surveyed businesses indicated than an hour of downtime would cost $51,000 to $1 million. Of even more concern, a similar survey found that, on average, restoring access and availability to critical information systems would take nine to 12 hours.

Information Availability Choices

Information availability solutions help drive business resilience because they ensure that information and applications remain as accessible and available as needed. The right solution can provide the protection of a disaster recovery system, to mitigate the effects of unplanned interruptions and other disasters. In addition, because they transform downtime into uptime, they enable you to uncover new value for the organization, including driving new revenue, profitability, productivity, and compliance to higher levels - no matter what events occur.

Along the continuum of information availability solutions, there are many choices.

Hot Site, Offsite Recovery. Very often, we think of disaster recovery as having a third-party, hot site available should an unplanned event or natural disaster occur. These commercial hot sites act as a remove backup or "vault" for your entire systems infrastructure and provide a necessary level of security to mitigate risk.
Traditional Tape and Disk Backup. Tape-based backup and recovery solutions are the oldest and simplest form of disaster recovery solution. They provide a relatively low cost method to archive large volumes of information. Disk-based backup performs frequent backups to a secondary server or partition. When the backup server is placed in a remote location, disk-based backup also serves as a disaster recovery solution.
Continuous Data Protection. A particular disk-based technology, continuous data protection continuously tracks or captures data modifications and stores changes independent of the primary data, enabling recovery points from any point in the past. Because it is capable of capturing changes on a real time basis, it eliminates the need to recover pack to a point in time determined by the last tape backup.
High Availability Solutions. High availability solutions aim to delivery continuous uptime with zero data loss so that applications and business data are always available. This type of solution uses a backup server with a current replica of the application environment that can replace the production server at any time. High availability solutions dramatically reduce the risks and costs of business interruptions.

A Note About Regulatory Compliance

There are four critical issues when it comes to compliance, no matter where you do business: data protection, data access requirements, response time requirements, and reporting requirements. Since most compliance regulations and guidelines require accurate, accessible, timely and complete information and reporting, an availability solution ensures that your organization can respond and meet the reporting requirements and deadlines no matter what situation arises.

Such requests always will impact normal workloads, but they can become an even greater burden should applications or information become unavailable. Some regulations require contingency plans that include data backup strategies, disaster recovery plans, and emergency mode operation to enable continuation of critical business processes. Loss of data or inability to access the data within the specified timeframe can incur severe penalties and possible legal action.

Source: Continuity Insights, May/June 2007

Disaster recovery technology is similar to home, health and auto insurance - you really need it, it hurts to pay a lot for it, and you hope you never have to use it.

But businesses of every stripe must consider what to do in case of a catastrophic event. Disasters can come in many forms - hurricanes, floods, hacker attacks, fires, power surges and tornadoes -but they share a common trait in that they can quickly destroy an organization by wiping out financial, administrative and, in the case of health care organizations, clinical data that is required for ongoing operations.

The stakes obviously are extremely high for health care organizations. But as Hurricane Katrina revealed, not all care providers have comprehensive plans in place to deal with catastrophic events that threaten to wipe out their critical patient data, says Tom Walsh, an independent health care consultant who focuses on data security and disaster recovery planning.

"Health care is way behind when it comes to disaster recovery," he says. "For example, when I asked an IT manager at a hospital what his disaster recovery plan was, he got down on his knees and folded his hands together."

Some hospitals and group practices, especially in the aftermath of Hurricane Katrina, have moved toward creating more comprehensive disaster recovery plans, including deploying redundant backup systems that can be online within minutes after a network or information system goes offline or is destroyed, Walsh says.

These redundant systems basically duplicate information flowing through a hospital's critical applications and send them to backup servers. Organizations typically choose only critical applications, such as patient records and payroll, to replicate.

Throughout the course of the day, the data in critical systems is backed up on schedule to make it immediately available if something happens to the main systems. Some facilities have redundant systems housed onsite, but others have implemented systems that periodically transmit information to remote servers housed in a more secure location.

According to a recent study by Forrester Research of health care IT spending trends, 49 percent of hospital IT decision-makers surveyed say disaster recovery is an IT priority, with 21 percent calling it a top priority. The survey results are based on the responses of 1,214 health care IT decision-makers, including executives at 33 large North American hospitals and delivery systems.

However, many provider organizations, because of the high costs, are reluctant to spend capital on disaster recovery, Walsh adds. "IT systems are expensive in the first place, and it's hard to convince upper management that it's necessary to spend even more on redundant systems," he says. "IT used for disaster recovery is pure overhead - it doesn't produce revenue, and providers can't bill a health insurer more because they have a good backup system."

But health care organizations that have dealt with disasters have found that continuing operations during and after a disaster takes more than expensive IT. In addition to ensuring data is safe and secure, plans must be in place to keep communications up and running and ensure that business functions return to normal as quickly as possible.

The most important lesson is to expect the unexpected (and be prepared for it). Deploying a disaster recovery system that includes fully redundant backup capabilities of critical information systems is regarded as the ideal solution.

Source: Health Data Management, January 2007

AccuImage, LLC is a systems integrator that empowers their customers with solutions designed to gain the maximum value from their information at every point in the information lifecycle. Founded in 1996 and headquartered in Nashville, Tennessee, AccuImage specializes in the design, installation and support of document and content management systems, forms processing solutions, and electronic workflow systems. The company offers hardware and software from leading companies - AnyDoc Software, Böwe Bell+Howell, Canon, Captaris, Captovation, EMC Documentum, Fujitsu, Hewlett-Packard, IBM, Kodak, Kofax, Panasonic, Plasmon and Verity - as well as consulting, document conversion and professional services.