To persuade others of the value of your ideas, it is necessary to delve into the dark, shadowy world of organizational politics. Fundamentally, this means that you achieve your goals by helping (or if you aren’t particularly scrupulous, appearing to help) others around you achieve their goals, so that they then help you achieve yours.

Start Inside Probably the best way to convince others of the value of your ideas is to first convince them that your ideas will help them achieve their own goals. To do that, you must understand what their goals are. The development manager’s goals are going to be different than the goals of the marketing manager, which will in turn be different from the goals of Human Resources. The good news is that to impress most managers, you need only demonstrate a high rate of financial return on the required investment to get their attention, but that is not always the case. You must also understand the organization’s overall goals. If the organization is a public company, there is a wealth of information available about the organization and its business. The annual report is an excellent place to determine what is important to a company, and what projects are perceived to be the most important to the company’s future (they are usually the ones with the nice color pictures of smiling people near their descriptions). Other ways to find information about a company include reading through press releases, looking for published interviews with executives, and surfing the Web for financial statements that companies are legally obligated to generate. In the United States, these include the 10-K and 10-Q forms, which are available on the Web. It is always good if you can demonstrate how your ideas can add value to popular internal projects. After you understand and have confirmed the manager’s and the organization’s goals and objectives, you must work out how your ideas will make them more successful. How will increasing the availability of their computer systems allow them to perform their jobs better? Remember that if you are asking for money, you are competing with everyone else in your organization who has an idea that costs money.

Money is an extremely limited resource in most organizations, especially when the economy is suffering. You may run into people in your organization who do not want your proposal to succeed because if it does, it will reflect badly on them. Beware of such people. Learn to speak the language of business. In formal writing and presenting, messages are generally delivered calmly or with mild enthusiasm. Slang and street language are unwelcome. Remember that most organizations are businesses. (There are exceptions, of course, in academia, government agencies, and nonprofits, where goals may be different, but saving money is a high priority in just about any organization.) To impress businesspeople, messages must be delivered in terms that they understand without technical buzzwords, lingo, or acronyms, and they must solve problems of the people receiving the message. The gospel of high availability is an important one, but if you deliver it to the Human Resources manager, it is unlikely he or she will be interested, and it’s even less likely that the manager would be able to help you.

If your message will help someone above you in the organization to be more successful and to look good to their management, they will be happy to help you. If your message makes them look bad, they will be unwilling to help you.

Then Go Outside

Once you have an understanding of your organization’s goals, it’s time to go outside the organization and get an education about high availability. If you have enough money to afford outside training, attend conferences. USENIX (www.usenix.org) and its technical subgroup SAGE (The System Administrators’ Guild) hold conferences throughout the year to help raise and address issues that commonly affect system administrators. If your interests are in the area of disaster recovery, Disaster Recovery Journal (www.drj.com) publishes an excellent magazine and holds two conferences a year, attended by experts on all aspects of disaster recovery. If you lack the budget to attend conferences, then read articles (you are off to an excellent start!) and magazines on high availability. Visit web sites like www.techtarget.com, which has about 20 different web sites dedicated to many different aspects of system administration. Their whatis.com companion site is a tremendous resource for understanding complex technical terminology and concepts. Learn about real problems that plague real companies. Disasters are the most colorful and newsworthy problems, and they are certainly very important, but there are countless other events that can cause outages. Is your enterprise prepared for them? How well prepared is your organization to handle a nasty worm or virus attack? What if your Internet provider were to go out of business tomorrow? Are you prepared for a hardware failure in your business’s most critical computer servers?

Legal Liability

There are many laws on the articles in the United States (and in other countries as well, although we only discuss American laws here) that legally obligate public companies and certain other organizations to do all they can to protect their enterprises, their critical systems, and their data. These include the following:

The Health Insurance Portability and Accountability Act, or HIPAA, which was passed by the U.S. Congress in 1996, affects just about everyone who delivers any sort of health-related services in the United States. The impact on data and information technology from HIPAA is huge. It affects patients’ privacy rights and the way data relating to patients, procedures, and insurance records is stored, managed, and protected, with specific attention paid to patients’ privacy and data retention. Failure to comply with some of the more serious HIPAA guidelines can result in fines of up to US$250,000 and up to 10 years in jail; others will only result in fines of up to US$25,000.

The Foreign Corrupt Practices Act of 1977, a federal law in the United States, requires all public companies to have formal DR plans. If your public company does not have an emergency contingency plan or a security program, they can be found in violation of this law. Further, they must be able to demonstrate that these plans were implemented and tested on a regular basis.

The Securities and Exchange Act of 1934 is full of requirements as to data and record retention. To oversimplify the requirements, the act says that all records of publicly held companies and the firms who audit them must be retained for at least 7 years.

Internal Revenue Service ruling number 71-20 requires that corporate tax records must be retained for as long as they are relevant. The IRS does not want to hear about system crashes or bad backups; they just want to make sure that you have all of the data that you are supposed to have. The good news is that criminal prosecutions under these acts are pretty much unheard of. There are many other corporate malfeasances that have gotten the attention in the last few years. However, there’s bad news too. We live in an extremely litigious society (at least in the United States), where law firms routinely file class action suits against public companies just about any time the company’s stock price goes down. It is not hard to imagine a scenario where a public company suffers a major financial loss due to a lack of preparation for systems problems, which results in further losses when the lawyers begin to file suits. In the end, the result of the civil litigation could cause a greater financial loss than any system problem or data loss. There are even cases where corporate officers could be held personally liable for significant business losses due to outages. If nothing else gets their attention, this will.

Cost of Downtime

We discuss the cost of downtime in other places around the article, but no discussion of the business impact of downtime and availability is complete without mentioning it once again. The Meta Group, an industry consulting firm, estimates the cost to a business of total system downtime at just over $1 million an hour. A University of Minnesota study says that a 48-hour outage would put 20 percent of the Fortune 500 out of business. And a study from Contingency Planning Research Inc. says that the average time to recover a business’s systems after a disaster is four days. The University of Minnesota study also said that of companies that suffer a major outage from a disaster and do not have a working recovery plan, just 43 percent of them will ever resume operations. Of that 43 percent, just 29 percent of those will still be in business two years later. Relax, we’ve done the math for you: 87 percent of companies that have a disaster and do not have an adequate plan will be out of business within 2 years. So, how long will it take your enterprise to recover? Do you have a plan?