Even though many organizations maintain they conduct a full exercise of their Disaster Recovery (DR) plans at least once per year, research suggests that many of these exercises are not comprehensive and thorough; businesses – small and large – often just exercise a portion of the plan or a subset of applications.
Organizations know they need to improve their DR exercise program, but face obstacles such as a lack of executive sponsorship, limited employee resources and time, and a general concern for interrupting critical business processes. The following outline best practices for updating and improving your current DR exercise program.
Involve Business Stakeholders
Business stakeholders play an important part in your DR exercises, and thus need to be engaged from the start of the exercise until you have recovered all services. All business stakeholders should confirm the successful recovery of services. This has a twofold advantage of making certain that you have properly recovered business processes with all their critical components as well as ensuring that business stakeholders know what to expect in terms of recovery capabilities and performance at the recovery site during an actual declaration.
Alternate Employee Responsibilities
The employee who creates the DR plan should not be the same person who executes the test, as it is unlikely that that individual would be available in a real disaster. An important secondary benefit of a DR exercise is training; by tasking employees to take on new roles during exercises, you are cross-training staff in various areas.
Create Specific Risk Scenarios for Your Exercises
Many organizations conduct their DR exercises without specific scenarios. It is important, however, to define specific risk scenarios even for DR testing as it affords a more realistic situation for the response team to react to, and varying scenarios require different actions from the IT staff.
Make Sure to Test All IT Infrastructure Concurrently at least Once Per Year
Waiting longer than a year risks too much change in IT environments and personnel — you need to bring new employees throughout the organization up to speed on DR plans. The most advanced firms run full DR tests as often as four times per year. In between full tests, most organizations conduct component tests that vary in frequency depending on the criticality of the systems and rate of change in the environment.
Learn from Past DR Exercises
The objective of running DR exercises is to uncover potential barriers to recovery while in a controlled environment. If you are not encountering problems during your exercises and tests, it’s possible you are not looking hard enough, are not testing thoroughly enough, or you have created scenarios for recovery that are too simple. When you complete exercises and tests and you have identified problem areas, utilize what you have learned to update plans and create best practice documents.
Report Results to Stakeholders
If your organization has recently made significant investments in improving preparedness, most likely executives, and other stakeholders want to know what the return is on their investment. Reporting exercise and test results regularly and in a timely manner gives executives and business leaders visibility into your DR program.
Business Continuity and Disaster Recovery (BC/DR) Planning is not just an IT issue, it is a business problem and that’s where the planning needs to begin. Litcom will help you define your organization’s requirements and build a business case to support your disaster recovery initiatives. Our professional team will work with you to understand your business requirements with respect to disaster recovery and data protection. For more information on how Litcom can help your organization with a Disaster Recovery Plan, please contact us at: firstname.lastname@example.org.