The Most Common Mistakes Made in Developing a Disaster Recovery Plan
It is very easy to set up a disaster recovery project, have meetings and develop a plan that is detailed and then relax and think that you are now protected. Many companies have done that only to find that when disaster hits, that plan did not anticipate something critical or it failed or the recovery was far more difficult and costly than originally forecasted. There are some common assumptions and, for lack of a better word, "mistakes" that would be good to avoid when putting together your disaster recovery plan.
Be sure that you seek wide scale participation in your plan. It is a mistake to have a committee of the top department heads and the planning coordinator hammer out a disaster recovery plan that nobody else in the company is aware of. You are going to have to expose the entire organization to your plan. So conduct exhaustive interviews and include as many people as possible in the planning process. There are many line workers in your company that have knowledge of critical functions that must be covered in your disaster recovery plan if you truly want to achieve full business resumption after a disaster hits. So leave no stone unturned in learning the depth your business resumption plan must reach.
People are going make or break your disaster recovery plan as much as computer systems or machinery. A disaster recovery plan that only covers how to put the physical plant and infrastructure back to pre-disaster levels is setting itself up for failure. You must also plan to have the expertise ready to put your business back in full operation and to have resources should a human resource become unavailable in a disaster situation. Cross training is one way to give yourself assurance that you have a plan should a key person not be available for whatever reason during a disaster. Communication is also a key so people you rely on day to day are also briefed on their role in disaster recovery.
From an IT systems recovery perspective, you must create a step by step plan and review your IT disaster recovery plan to make sure it is up to date. You also must think through the question, "What's the worst that can happen?" If you are using offsite or online backup of your critical systems, test how long it will take to restore your key data and systems and that the restoration works perfectly under stress. Also be aware of your software media. If you have installation tapes, CDs and documentation, it must be stored offsite as well.
If an important IT system is destroyed or rendered useless, the recovery process will include building a new system, installing all of your critical software applications and then restoring your data from offsite or online backups. Be sure you have a plan for reinstalling patches and upgrades. If you have performed minor software upgrades over the year and then you go back to installation media that is a year or more old, that software you need to resume business may fail you. Similarly, be sure the hardware you are going to use to resume business after a disaster is up to date and able to handle the load of carrying your business forward in a disaster situation.
But perhaps the biggest mistake that is made in disaster recovery planning is failure to test. You must test your plan at both the walk through level and as a full disaster simulation. And that testing should be done routinely which means at least twice a year. By testing, you find the mistakes in a test mode so the disaster plan can be fixed. By testing, you prepare all of the people who must know how to participate in a disaster recovery. So be sure that testing is both planned for and funded to assure your disaster recovery plan is one that will really work when you need it.
Be sure that you seek wide scale participation in your plan. It is a mistake to have a committee of the top department heads and the planning coordinator hammer out a disaster recovery plan that nobody else in the company is aware of. You are going to have to expose the entire organization to your plan. So conduct exhaustive interviews and include as many people as possible in the planning process. There are many line workers in your company that have knowledge of critical functions that must be covered in your disaster recovery plan if you truly want to achieve full business resumption after a disaster hits. So leave no stone unturned in learning the depth your business resumption plan must reach.
People are going make or break your disaster recovery plan as much as computer systems or machinery. A disaster recovery plan that only covers how to put the physical plant and infrastructure back to pre-disaster levels is setting itself up for failure. You must also plan to have the expertise ready to put your business back in full operation and to have resources should a human resource become unavailable in a disaster situation. Cross training is one way to give yourself assurance that you have a plan should a key person not be available for whatever reason during a disaster. Communication is also a key so people you rely on day to day are also briefed on their role in disaster recovery.
From an IT systems recovery perspective, you must create a step by step plan and review your IT disaster recovery plan to make sure it is up to date. You also must think through the question, "What's the worst that can happen?" If you are using offsite or online backup of your critical systems, test how long it will take to restore your key data and systems and that the restoration works perfectly under stress. Also be aware of your software media. If you have installation tapes, CDs and documentation, it must be stored offsite as well.
If an important IT system is destroyed or rendered useless, the recovery process will include building a new system, installing all of your critical software applications and then restoring your data from offsite or online backups. Be sure you have a plan for reinstalling patches and upgrades. If you have performed minor software upgrades over the year and then you go back to installation media that is a year or more old, that software you need to resume business may fail you. Similarly, be sure the hardware you are going to use to resume business after a disaster is up to date and able to handle the load of carrying your business forward in a disaster situation.
But perhaps the biggest mistake that is made in disaster recovery planning is failure to test. You must test your plan at both the walk through level and as a full disaster simulation. And that testing should be done routinely which means at least twice a year. By testing, you find the mistakes in a test mode so the disaster plan can be fixed. By testing, you prepare all of the people who must know how to participate in a disaster recovery. So be sure that testing is both planned for and funded to assure your disaster recovery plan is one that will really work when you need it.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home