Crisis management plan vs disaster recovery plan

Disaster recovery solutions do not work. Every DR specialist knows this. In today’s world, there are three major factors that change and influence disaster recovery (DR) concepts: Complexity, Overload, Cyber. In a DR’s life cycle there was a shift of perception that changed from a “nice to have” solution to a “must” solution. In the past three years, it was even more escalated, especially because of cyber events. Those facts are the foundation of wider demands and requirements customers have from their DR integrator.

Given the history of disasters, both the wide range of events and the loss of money to businesses that disasters caused, it is time to face the fact that a key factor for a DR plan to succeed is the Testing & Exercising phase, which is the most important stage of business continuity planning and disaster recovery. Without rigorous disaster recovery testing and fixes to the DR plan, a false sense of security may exist. The primary reason for testing is to identify deficiencies in DR plans. Period tests present opportunities to fix problems before a disaster happens. For these reasons, testing should be done on a monthly basis, and not once a year as most businesses are doing. Testing should take place during peak and non-peak periods with specific objectives. This ensures a state of readiness at all times. Information is the engine that drives your business. It’s a mission-critical resource that requires information availability solutions from a proven solution. You need availability that works.

Disaster recovery testing

The goal of testing is to find errors and false procedures that can be fixed to make sure the DR plan works. Business continuity planning and disaster recovery must be tested in order to prove their coherence to reality. The process of exercising the plan also prepares the relevant people to function at the secondary site and verifies its readiness for the site. The test must include all aspects that the business determined as important.

Here are the key elements of disaster recovery testing

    1. Which departments and defined roles need to be involved.
    2. Set testing objectives, focus on servers’ Recovery Time Objective (RPO disaster recovery) and Recovery Point Objective (RTO disaster recovery).
    3. Coordinate staff tasks.
    4. Relevant vendors and their contact details.
    5. Cover options of vendors’ hardware availability, like backup landline, storage, servers, networking.
    6. How can you recover a certain server?
    7. What’s the disaster recovery testing frequency (monthly at minimum)?
    8. What are the success factors?
    9. What will be the next step with disaster recovery backup?
    10. Disaster recovery scenarios 

During the test, the following elements should be considered: hardware, software, personnel, data and voice communications, procedures, supplies and forms, documentation, transportation, utilities (power, air conditioning, heating, ventilation), and alternate site processing.

It is highly likely that you will need to adjust your plan with each disaster recovery test. The errors you will face play a very important role in the maintenance program, and their value is very important. Some of them can prevent your site recovery during a real disaster event. The common perception that the frequency of disaster recovery testing depends on the size and complexity of the business is a mistake. When it comes to cyber security, many organizations are inclined to promote best practices that focus on prevention, which is only part of the equation. Businesses also need a safety net. No company can be 100-percent secure. It must have a Plan B for impacts to accrue.