Ray Richards is founder of Mindspan Consultants and a technology journalist hailing from Ottawa, Canada

Skip site navigation and move to main content of page.

An Interview With Dr. Jeff Williams

Last month we took an in depth look at Disaster Recovery Planning methodology. This time around we have an interview with Dr. Jeff Williams, a recognized world leader in DRP.

Monitor: I'm sure our readers are interested in how you got into the field of Disaster Recovery, what your background is and so on; could you tell us a little about yourself?

Dr. Williams: "My background? Well, I have a Bachelors Degree in Math and Physics and a Systems Engineering Masters and Ph.D.. I worked inside the government for 15 years in places like the Treasury Board, Transport Canada and was the Director of Research for Revenue Canada. Once I got out and started a consulting practice, we were doing a lot of EDP (Monitor: Electronic Data Processing) studies. I had also been a volunteer fireman for 15 years, so I've seen people in trauma, understood that they didn't respond very well and that it was important to have a preset plan for things; like evacuation from a house and so on. I was asked about 8 years ago by National Defense to look at an emerging topic called Disaster Recovery Planning.

We did a survey for them and only found two companies, both in the United States, that could help us with this sort of thing. We selected one company for them which they then utilized. We then began to realize that it brought together two aspects of my background, EDP and emergency response and therefore began to work more in that area. Now I would estimate that there are probably over 600 companies in North America that are involved in some aspect of Disaster Recovery Planning.

I was out in Malaysia one time doing a study when I realized that we'd done the same study over and over and over; so what we decided to do was to productize what we were doing and so we came out with our Disaster Recovery Planning system (Monitor: Binomial International's "Phoenix" software) which accounts for about 85% of our revenue. We get about 10% from consulting and 5% from seminars... and the reason we do the consulting and seminars is to remain current with the field, keep ourselves humble and to make sure the network approach is still a workable solution."

Monitor: So why is Disaster Recovery such a hot topic right now?

Dr. Williams: "Well, it's really a hot topic because people have begun to realize that as their companies get more and more computerized, it's so easy for your company to suffer a major hit. There are three types of Disasters, which occur about equally... about one third each, one is natural disasters: fires, floods, hurricanes, earthquakes ... what we see in the news.

The second is what we used to call "finger troubles" where somebody that works for you has done something accidentally dumb, and you've lost large amounts of data... or they've set fire to the building or what have you; something accidental.

The third is some sort of willful damage, and that typically is sabotage... people that have been caught in downsizing and so on. A portion of that, maybe six or seven percent is viruses. So now as companies become so much more computerized it's much easier to lose everything because the knowledge that's embedded in your company is concentrated in electronic form.

Monitor: Last month we talked about TRA's, Statements of Sensitivity, Business Impact Analysis etc. Once these preliminaries are done, what's the next step?

Dr. Williams: "Well typically what you'll do is write the Recovery Plan at that point; as you then know what your critical systems and vulnerabilities are. Essentially what the plan does is to lay out a checklist of things to be done by people that are on your recovery team so that when a Disaster begins to happen, they know what to do to protect your assets and to lessen the losses. Then afterwards, in the recovery phase, you will know what to do to recover your critical systems in minimal time at acceptable cost. Outside of the plan, but part of the same process, is that you will take certain steps to mitigate your exposures."

Monitor: How would you define acceptable time for say a small company of approximately 50 employees with one centralized network?

Dr. Williams: "If you're out of business more than a week, all of you're customers will go somewhere else. They'll find an alternate source of supply... and it's much more difficult to get a customer back than to keep them or to find new ones. If you have that size of company you probably  should aim to be back up and running within 24 hours."

Monitor: What do you find are some of the most difficult aspects of doing DRP?

Dr. Williams: Selling to senior management.

Monitor: Really?

Dr. Williams: "Absolutely."

Monitor: Why so?

Dr. Williams: "Well, typically when they look at this topic they realize that this is an area of concern but by the same token they have 50 other areas of concern. They will start to have a plan done; and depending on the size of the organization, they will designate one person to be the DR manager as his sole occupation... and I know that within a year he'll have five other "equally important" things to do. It seems senior management doesn't maintain the commitment over a period of time. The big thing with Disaster Recovery Planning is that it's not a project, it's a process and you have to put it in place and continually maintain that plan. You have to train your employees and your team members and you have to test the plan. Unless senior management continues to do that, then it is doomed to failure."

Monitor: After you have sold a company on Disaster Recovery Planning, and you've done the initial baselining and such, what are some common stumbling blocks that you come across?

Dr. Williams: "Common stumbling blocks are typical in what you would get in most management consulting studies. One is actually nailing down the people so that you can interview them; because employees are traveling more now and it's difficult to get them into your acceptable study time frame. The second most common thing is that in order to keep the costs down you generally get the clients to supply the data... well, clients never provide data the way they are supposed to and so things will run much longer than you intended. Something where you may have one month of effort allotted will typically take six months before you can finish that project."

Monitor: What are the most common shortcomings of completed Disaster Recovery Plans?

Dr. Williams: Well, as I said, a plan has to be maintained... A good example- The Bank of Indiana got in touch with me a couple of weeks ago because they had a plan that was "only two years out of date" which they wanted to make current. Price Waterhouse wanted $150,000.00 US to accomplish this. This is probably what it cost them to do the plan in the beginning!"

Monitor: So a Disaster Recovery Plan is a living document that they let die essentially?

Dr. Williams: "That's right. The big thing about a plan is that it's not going to cover everything. What it's going to do is to provide a framework for good management; but you have to have knowledgeable people that will follow the plan and do the right thing.

Next Month: Interview with Dr. Jeff Williams part 2.

Originally published in Monitor Magazine, November, 1997 in the lanStuff column, by technology columnist, Ray Richards.


Article Index