The tragic events of 9/11 and Hurricane Katrina were not only horrific human tragedies, but also served as warnings to businesses to revisit their own disaster recovery plans. According to published reports, in many instances the difference between those companies forced to close their doors, and those able to continue doing business, was well planned disaster recovery procedures including off-site data backup. Digital copies of corporate data systems allowed many businesses, that had prepared for an unseen disaster, to get up and running quickly, while others that were unprepared continued working to recreate their systems and businesses virtually from scratch. While unlikely that a large disaster will befall an entity, the events of 9/11 and Hurricane Katrina highlight the importance of taking such precautions as developing disaster recovery procedures and retaining disaster recovery specialists.
The firms that provide disaster recovery services in the United States offer computer disaster recovery arrangements that run the gamut from simple contracts to backup core computer services, to more complex agreements to provide alternative office space and equipment to operate critical systems. Such contracts, of course, raise numerous legal issues.
Computer disaster recovery contracts typically run for a term of at least several years. The consequences that flow from the length of the contract and the renewal provisions must be fully considered at the time of drafting. Since computer systems are routinely upgraded, it is important to negotiate acceptable terms that anticipate such an event. Often, the form agreements offered by service providers contain language that prohibits a customer from terminating the agreement in the event that the customer upgrades its system, and do not specify the fees the service provider will charge the customer to maintain its backup systems’ compatibility with the customer’s new system configuration. Such language leaves the customer little choice but to pay whatever fee the service provider demands. Therefore, from the customer’s perspective, it is important that the agreement be drafted in such a fashion that it contemplates system modifications and other changes in circumstance, and defines to the extent possible the costs associated with those modifications and changes.
Computer disaster recovery service agreements should also outline the procedures for how the service provider will allocate its resources in the event of a disaster affecting more than one of its clients. Even the largest service providers have a limited inventory of backup systems and alternative space for their customers. Therefore, it is important that service agreements specify how the service provider will determine which customers will have priority to receive resources in the event of large-scale disaster. The service provider should also represent in the agreement that all of its customers will be bound by the same procedures.
Customers need to do their homework in choosing computer disaster recovery service providers. Service providers should be asked such questions as: What resources do you have available? Where are those resources located? How may computer back-up centers do you have? Where are those centers located? What other customers do you have in the same building (or nearby)? The answers to these questions should not only bear on which service provider a customer chooses, but also upon the contractual protections the customer will require be included in its agreement with the service provider it retains.
Finally, on a practical level, a recovery plan is of little use if it is not operational. All such plans should, therefore, be reviewed and tested regularly, as should the services provider’s resources and procedures