The question of whether or not you can manage disaster is perhaps an incomplete one considering humans have been given the will and desire to survive through the most challenging circumstances. So the fact that the survival is already happening, is somewhat irrelevant. What people are becoming more aware of is the fact that they are unable to prepare themselves to cope with disaster. In order to maintain the continuity of business, it is essential to be able to have the necessary backup or secondary switch that you can turn on, and keep going.
A few months ago, we covered LMKR and how they had managed the aftermath of the Marriott Bombing, something that people appreciated around the world. Other IT companies were also able to follow their DR plans and mitigate the aftereffects of the tragic incident, but here's the point: because IT companies know about all of this because the largest chunk of their business is dependent on their intellectual property. In a world where technology helps manage business, you really don't have an excuse to get caught unprepared.
Whether it is a natural disaster or an attack of sorts, have you thought to ask your office building on what their DM plan is? How about the school where your children may go? In the event of chaos, what plan of action will be followed? Same list of questions apply to hotels, restaurants, city district planning agencies -- this is an endless list. In a lot of cases where disaster planning for physical damage is done, people still fail to plan how they are going to rehabilitate themselves back into the system. It's the same sustainability (or lack there of) challenge all over again. If you conduct a Business Impact Analysis in your organization, it will help you to figure out what your various operations are and since most apps are linked to one another, how long you can afford to have one app or area down, before it begins impacting the core business function.
You'd like to think that the BIA is something that is done through technology, but it's not. The majority of the BIA planning is done by an analyst who can communicate with each of the departments and areas and actually assess the importance of every step of the organizational and virtual hierarchy.
Before selecting a Disaster Recovery strategy, the Disaster Recovery planner should refer to the company's business continuity plan which should specify the key metrics of Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for various business processes. The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes.