Lately,\u00a0we have often depicted CIOs as parachuting down to earth, with dubious levels of safety. But despite our potential overuse of this metaphor, I think it\u2019s still apt, especially when describing the decision to outsource your IT disaster recovery program or stay in-house. IT disaster recovery efforts can consume large amounts of IT staff time and budget dollars, but even so, outsourcing any part of IT operations can raise eyebrows. So how do CIOs make the right choice between building and managing a recovery program internally or selectively out-tasking it to a service provider?\nTo help CIOs safely make the decision without taking a dive, we created a \u201cCIO\u2019s Guide to Insourcing vs. Outsourcing IT Recovery\u201d infographic to provide a framework for asking the right questions (consider it a \u201csister\u201d infographic to\u00a0the one we created for CFOs\u00a0\u2013 but the questions are somewhat different, reflecting the different focus of the CIO). For each question, a \u201cYES\u201d answer may mean you are okay to stay in-house, while a \u201cNO\u201d answer might suggest that you consider outsourcing. Here is a peek at the decision-making process covered in the infographic:\n\u00a0\nQuestion 1: Do you fully understand the business impact of downtime by application?\nIn order to say \u201cYes\u201d to this question confidently, you need to have:\n\nPerformed a\u00a0business impact analysis (BIA)\u00a0to help you prioritize applications based on their importance to the business.\nUsed the BIA to help you prioritize applications\nMapped application interdependencies (so that you have a clear picture of which applications depend upon which pieces, and tier them correctly)\nSet applications\u2019 Recovery Time Objectives and Recovery Point Objectives (RTOs\/RPOs) accordingly\n\nQuestion 2: Can you afford to do IT disaster recovery in-house?\nAnswering \u201cYes\u201d to this question means you have both the necessary capex and opex budget to support an in-house IT disaster recovery program. On the capex side, you\u2019ll need to fund DR equipment and software, as well as recovery sites and systems for the recovery site. (Can you say, \u201cI need two of everything?\u201d) On the opex side, you\u2019ll need to pay for recovery site operations, staff time to develop recovery procedures and maintain recovery runbooks, as well as fund the once-or-twice a year travel-and-other expenses for proper DR testing. It definitely adds up.\nQuestion 3: Do you have the in-house expertise for DR?\nKeeping systems up and running is an entirely different skill set than recovering them quickly from scratch during a disaster or after a disruption, and many CIOs do recognize this (we surveyed Fortune 1000 enterprises on their DR planning efforts and concerns, and\u00a054% mentioned shortages in staffing and expertise as their biggest challenge). The key questions CIOs need to ask themselves here are:\n\nDoes my staff have the skills to develop recovery processes and procedures?\nCan they perform rigorous change control?\nAre we actively up-to-date on DR best practices and integrating them into the IT lifecycle?\nCan we perform robust DR planning and manage a fail-proof disaster recovery program?\n\nQuestion 4: Are you confident you are recoverable?\nThe key question here for CIOs to answer is, are you able to stand up in front of your Board of Directors and certify that you\u2019re recoverable? The below is a directional checklist for being able to say a resounding \u201cYes!\u201d\n\nWe actively test and validate our DR plans.\nWe have a good handle on change management (and perform it regularly).\nOur staff is willing and able to travel in the event of a disaster.\nWe can prove recoverability in an audit.\nIn our last test, we met all RTOs and RPOs for our mission-critical applications.\n\nQuestion 5: Do you have a robust IT DR plan today?\nTo feel comfortable with moving forward in-house, either you\u2019ve got a robust IT disaster recovery plan today, or you are close enough to one that the risk of delay is acceptable. Many companies we encounter, however, rely on recovery plans based on what was considered the norm a few years ago. But markets change and business goals change, so it\u2019s important that your recovery priorities and tasks change along with them. You might be answering \u201cYes\u201d for a certain group of applications, but your answer might be \u201cNot so sure\u201d for a group of new applications. So should you outsource your IT disaster recovery program to an outside provider? That depends on your overall IT strategy, your desired availability posture, and of course, your answers to the foregoing five questions.\nThis post was originally published\u00a0on the Forbes BrandVoice and Sungard Availability Services blogs.