Protect Your Organization: Why a Disaster Recovery Plan Matters

The first step in the DR planning process is to engage with the business leaders to gain buy-in and support for this process. Most companies launch a full-blown DR planning effort without realizing that development of a DR plan is a complex and invasive project that can take many months or even years to complete depending on the size of the company.  The project demands significant time and involvement from the organization; valuable resources that are almost always in short supply causing projects to either fail or be deferred.

A key to succeeding in the establishment of a DR plan, that is both functional and provides a solid foundation for subsequent revisions to the plan, is to start small and evolve to a plan that is specific to the needs of the organization.  In DR terms this is usually called an “Interim DR Plan”.  An Interim DR plan covers the basics of a DR scenario (such as the complete loss of the data centre) and identifies the necessary information and processes to recover the key systems needed to continue to operate the business.

An Interim DR plan is critical to the development of a comprehensive DR plan.  Once the Interim DR plan has been established and tested, a review of the assumptions used in its creation should be conducted.  This review must involve the business and IT teams to identify the risks associated with each assumption.  As a result, the IT group can cost the necessary mitigation strategies and the business, and IT can then review and agree on how to deal with gaps for the next iteration of the DR plan.  This iterative process should continue for some time in order to provide the necessary flexibility to the business and IT regarding costs, resource demands, and execution.

The final critical piece of a DR plan is related to awareness and continuous improvement.  Once created, the DR plan is a living document that needs review and update.  Businesses that have DR plans but whose plans are out of date because they do not follow a continuous improvement model may be rendered useless in the event of a disaster.  The organization, the vendors, partners and customers all need to be aware of the plan and they need to be involved in ensuring it is maintained.

The plan is only as good as its’ last test.  DR plans should be tested yearly (or more frequently, if possible) as this provides feedback on the effectiveness of the plan and identifies gaps that may be present and must be mitigated in the next revision.

40% of businesses surveyed tested less than once a year and another 40% of those surveyed did not do a complete test of the plan.

The IT DR plan will be a long term and complex undertaking that has proven to be an absolute requirement for business success.  Start it modestly, covering the absolute basics to keep the business running; update it every year with a complete review and conduct a full test; communicate the plan to everyone inside and outside the company and evolve it through an iterative process that uses the DR test as a feedback process for the next revision of the plan.