Disaster recovery and business continuity planning tools: A guide to selecting the best product

If you're faced with developing a business continuity (BC) plan and/or a disaster recovery (DR) plan, plenty of help is available. You can ask an experienced consultant to develop the plan. You can also use one of dozens of disaster recovery planning software packages or other business continuity planning tools that can facilitate nearly any level of plan development you like.

Products are also available for just about any degree of sophistication, from ready-to-use disaster recovery templates (click here to download SearchDisasterRecovery's free downloadable disaster recovery templates) to powerful, automated business continuity tools that use relational databases and contain multiple functions, such as a risk assessment module, a business impact analysis (BIA) module and an exercising module. Depending on the finished product you desire, your programming skills, your time line and your budget, you can find a solution for nearly any requirement.

DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING TOOLS: TABLE OF CONTENTS

>> Disaster recovery planning software
>> Using the Software Development Life Cycle for disaster recovery planning
>> Tips for selecting disaster recovery and business continuity tools
>> Popular business continuity planning software packages

DISASTER RECOVERY PLANNING SOFTWARE

Early disaster recovery planning software came in several forms: fill-in-the-blank templates, checklists or automated systems using a common database structure. But many of these templates and checklists provided little guidance and were difficult to use. Today the content and capabilities of disaster recovery plan development tools have been significantly enhanced. Specialized products designed for complex activities like business impact analyses are also available. Some products boast compliance with industry standards, such as the British Standards Institute's BS 25999. At the end of this article, we'll provide a list of products for your review (see "A partial listing of vendors and business continuity planning tools").

USING THE SOFTWARE DEVELOPMENT LIFE CYCLE FOR DISASTER RECOVERY PLANNING

When you start the business continuity/disaster recovery process, it's not a bad idea to use the Software Development Life Cycle (SDLC) model as a guide to all stages of the process. The following table depicts the SDLC with business continuity/disaster recovery as the topic area.

Software Development Life Cycle Phase	Activities
Feasibility	Determine the scope of the requirement, e.g., entire enterprise, individual departments, specific systems, specific locations. Determine if your organization has any regulatory requirements for BC/DR, such as the banking and finance sectors. Determine if you wish to be compliant with one or more of the established BC/DR standards, such as National Fire Protection Associate (NFPA) 1600 or BS 25999. Build a business case for the program.
Requirements	Determine which specific functions (e.g., BIA, plan only, plan plus exercise) are required. Determine the level of user interaction with the plan development system, e.g., point-and-click. Analyze available internal software development staff, as this may be a viable alternative if your firm is large enough to have several developers and can justify the internal development costs. Analyze off-the-shelf products. Determine which approach makes the most sense and offers the best business case.
Design	Establish baseline specifications for primary (e.g., PBX system) and secondary systems (e.g., voice mail, call center). Determine if and how the system should interface with existing systems. Determine who will be using the system and if network assets will be needed. Determine database, security and change control requirements.
Selection	If an off-the-shelf product is desired, develop a request for proposal (RFP), obtain and evaluate proposals and select the most appropriate system.
Development	If the system will be homegrown, begin development of the operational components of the system. Test components of the system frequently. Test the full system. Conduct user acceptance testing. Document all elements of the system.
Configuration	If an off-the-shelf package is selected, configure the system to fit the organization's requirements. Work with the vendor to achieve a smooth installation. Develop interfaces with existing systems as needed.
Implementation	For internally developed or externally acquired systems, establish operation of the system, conduct user acceptance testing and sign-offs as needed. Perform a certification process to validate the effectiveness of the system.
Post-implementation	Once the system has been placed into production, establish a process to periodically assess the system's adequacy, return on investment (ROI), and any lessons learned for future updates.

TIPS FOR SELECTING DISASTER RECOVERY AND BUSINESS CONTINUITY TOOLS

Use the following list of tips as part of your selection process when evaluating a business continuity tool. Many choices are available for you, which is good, but it also means that finding the optimum product will require some legwork.

1. Determine which BC/DR activity you wish to perform. If it's a basic business continuity/disaster recovery plan for a single location or system, a template-based product may be sufficient. If you want to perform all traditional business continuity/disaster recovery activities (e.g., risk assessment, BIA, plans, exercises, incident response plans, maintenance), a more sophisticated database-oriented product may be advisable.
2. Build a business case. As the investment in a package may be considerable, it's essential to build a strong benefits-oriented case for a particular product.
3. Research options carefully. Rothstein Associates Inc. and TAMP Systems have a large selection of software products available, plus books and publications on all aspects of the BC/DR process. Research your options and be well informed before you begin.
4. Speak to other users. Identify users of software packages through contacts you can make in associations like the Association of Contingency Planners (ACP) or from the vendors themselves. But be careful, many vendors offer their most supportive customers, and you may get a one-sided view of a product.
5. Evaluate demos and live systems. Most vendors have demonstration versions of their systems, which may focus on the highlights of their systems, instead of on your specific needs. If at all possible, spend time with a live production system so you can see it in its "normal" operation.
6. Evaluate training options. As the new system will probably be unfamiliar to you and your team, make sure the vendor offers on-site training (preferred), distance learning, or guided instructions using self-help programs embedded within the system. If your team isn't comfortable with the system, they won't use it.
7. Make sure you have documentation. Most systems will have embedded help functions and possibly also wizards to help understand how the system works. Be sure the vendor has formal documentation about the system, how to set it up, build the database, complete the various templates, produce reports, plan and facilitate exercises, complete plans and maintain them.
8. Check company's viability. Check the prospective vendor carefully, including its financial status, previous or current litigation, customer base, willingness to adapt their system to your needs, warranties available, maintenance plans, availability of technical support, and support for service-level agreements (SLAs).
9. Know the product's history. If the product is brand new, decide whether it's in your organization's best interest to be an early adopter. If it's an established product, get information about its history, previous problems, previous releases, vendor plans for future updates, the cost of future updates, and evolution of vendor support (e.g., training, documentation, technical support).

POPULAR BUSINESS CONTINUITY PLANNING SOFTWARE PACKAGES

The following chart provides a listing of popular vendors and tools to consider when looking for software for developing your disaster recovery or business continuity plan.

A partial listing of vendors and business continuity planning tools

Vendor	Product	Type of Product
Archer Technologies	Archer BCM	Full complement of business continuity/disaster recovery activities, Web-based
Avalution Consulting	The Planning Portal	Full complement of business continuity/disaster recovery activities, Web-based
Brellion Continuity Ltd.	ImpactAware	Full complement of business continuity/disaster recovery activities, Web-based
Business Protection Systems International	Business Protector	Full complement of business continuity/disaster recovery activities, Web-based
Contingenz Corp.	IMCD	Full complement of business continuity/disaster recovery activities, Web-based
Controll-IT, GmbH	Alive-IT	Full complement of business continuity/disaster recovery activities, Web-based
COOP Systems	myCOOP	Full complement of business continuity/disaster recovery activities, Web-based
eBRP Solutions	Toolkit BCM	Full complement of business continuity/disaster recovery activities, Web-based
Evergreen Data Continuity	Mitigator, EverSafe	Full complement of business continuity/disaster recovery activities, Web-based
Flexas Ltd.	Disaster Recovery Manager	Online, subscription-based DR plan management
Global Magnitude	recoverEASE Risk Mitigator	Enterprise risk management and BCM integrated
IBM Corp.	Recovery Express	Data center recovery for small- to medium-sized businesses (SMBs)
INONI Ltd. (U.K.)	BCM Pro	Full complement of business continuity/disaster recovery activities
Logix Corp.	ErLogix BCM System	Full complement of business continuity/disaster recovery activities, Web-based
Paradigm Solutions	OpsPlanner	Full complement of business continuity/disaster recovery activities, Web-based
Rothstein Catalog	BCP- A Step-by Step Guide	Templates
Rothstein Catalog	Comprehensive BCM Program	Templates
Rothstein Catalog	BCM Framework	Templates
Rothstein Catalog	School Crisis Continuity Template	Templates designed for educational institutions
Rothstein Catalog	BCP for Manufacturing and Distributing	Templates designed for manufacturing
Rothstein Catalog	Plan AHEAD Exercise Software	Exercise planning software
Rothstein Catalog	Go.Recover Data Center	Data center disaster recovery plan
Rothstein Catalog	Business Impact Analysis Template	Business impact analysis planning tool
Rothstein Catalog	Pandemic Prep and Response Plan	Pandemic plan templates
Strategic BCP	ResilienceONE	Full complement of business continuity/disaster recovery activities, Web-based
SunGard Availability Services	LDRPS	Full complement of business continuity/disaster recovery activities, Web-based, PC-based, server-based
TAMP Systems	Disaster Recovery System	Full complement of business continuity/disaster recovery activities
Virtual Corp.	Sustainable Planner	Full complement of business continuity/disaster recovery activities, Web-based
Waypoint Advisory Services	Web Planner Express	Full complement of business continuity/disaster recovery activities, Web-based
Note: If you have a business continuity planning tool and would like to be included in this chart,  email the editors at SearchDisasterRecovery.

About this author: Paul Kirvan, CISA, CSSP, FBCI, CBCP, has more than 20 years experience in business continuity management as a consultant, author and educator. He is also secretary of the Business Continuity Institute USA Chapter.