Lessons about the after-effects on IT systems from September 11 have apparently failed to resonate with about half of Australia's companies, which still have no disaster recovery plans in place.
Graham Penn, research director at IDC Australia, said about 40 to 60 per cent of Australian sites "still have not done very much" about disaster recovery.
"There is a greater awareness of the issues post-September 11. However, a lot of organisations don't know where to start and their decision cycle is very long."
Even for companies that had decided in September that a disaster recovery plan was critical, plans would only now be passing through the approval stage.
"It will be another three months before anything is put in. It will not be until July or August that these companies have something in place," Penn said.
This state of non-activity is not "inconsistent" with a recent Compass survey of 1,000 mid-range Unix data centres in large US organisations, which revealed only 25 per cent have any type of disaster recovery plan in place. Moreover, one-third of those that did have a recovery plan had never tested it.
Compass estimates that in the event of a disaster, only 15 per cent of mid-range data centres would be able to recover more than 30 per cent of their applications in any time frame, 3.8 per cent could recover their applications within the same day, and 2.5 per cent could recover within four hours.
For companies that are yet to formulate a plan, Compass analysts Doran Boroski and Carl Pitasi warn that contingencies to protect IT components will prove futile in a true catastrophe; disaster recovery plans should focus on people and processes.
To be blunt, Boroski and Pitasi said, in the event of a true disaster, individuals with the most knowledge of IT operations will not be there to assist in the recovery. "An effective disaster recovery plan protects the business and how it functions. Plans must be thoroughly and regularly tested and must exclude the participation of key personnel."