I don’t know about you, but I cannot remember the last time I got to work a “Greenfields” client. What a shame then that so many people still treat all situations as being greenfield.

Sometimes you can find that there is no real BCM Program in place, but generally there is some form of “tick in the box” BC Plan on a shelf somewhere.

Irregardless of this, it is very rare to find an entity that does not have a sunk investment in IT, and perhaps some form of DR in place. Even if it is just a backup tape the IT guy takes home each night.

Brownfields IT will probably contain infrastructure, applications and perhaps SOA services that have not been designed to facilitate failure nor designed for recovery.

The real bottom line here is that in this situation the Recovery Time Objective (RTO) is not always going to be derived from any analysis of business needs, but from the “as built” IT DR solution. Sure an Enterprise Business Impact Analysis may provide the input for a business case for future DR investment, and after that investment has been made and commissioned the new DR Plan can work to a new RTO.

Until then your business users better have manual workarounds to cover the difference between the time they would like to be without systems and the time they are going to be without them.

Shocked? Heresy?  No, supported by a best practice guide …

• “A RTO represents the required level of capability that the organisation aims to recover within a defined time frame. This is often determined by the ‘provider’ of the infrastructure or service.” •
• Standards Australia, HB 292-2006, p64

Do you know what the “as built” recovery of your IT systems is?

Do you have “fantasy” plans that are not related to real, proven recovery capability?