Guarding your IT infrastructure is a planning matter

March 8 was the beginning of Business Continuity Week. You missed it? Too bad, you'll have to wait until next year to celebrate.

Until then, you can study the eight-point disaster recovery plan that IT consulting giant EDS published to mark the occasion. You might even think about tacking the document on the wall of your data center while storing a second copy in an off-site vault because, as Joyce Repsher, director of continuity services for EDS, points out, the first thing to disappear in an IT disaster typically is the recovery plan. And that's no joke.

Many disaster recovery plans either disappeared in the rubble or were rendered inaccessible behind the security cordon following the September 11 terrorist attacks. Repsher says memories of that event, as well as the continuing onslaught of viruses threatening IT networks, have elevated disaster recovery to "a board-level issue."

Technology, particularly in the form of more robust data storage solutions, is helping companies address this issue, but human intervention is the most effective means of protecting IT assets. That intervention must involve developing, testing, and practicing disaster recovery plans that fit the business.

For instance, if your company is heavily engaged in e-commerce, you need to be familiar with your trading partners' recovery plans. What happens when a key vendor is unable to provide materials or services?

Check these things out, Repsher urges. And be firm if you don't like the answers. "If [your trading partners] have no disaster recovery plans, you want to make sure they create them."

If you're unsure how to create a disaster recovery plan, mimicking European companies—which have a longer history with things like terrorism and devastating natural disasters like earthquakes—would be a good place to start. "Regional disasters have a way of mandating priorities you weren't even aware of," Repsher says.