Practice Makes Perfect
Practice especially makes perfect when testing our disaster recovery plan. If you don’t have a regular testing process with your disaster recovery plan, you will never know if it will be effective until it’s time for it to take effect. Because of this, you need to take every step necessary to ensure that if a disaster strikes, your company can retain its structure and data integrity. You will really have to take the time to analyze your plan and thoroughly test it to make sure that you are ready if a disaster strike.
Why do you need to test your disaster recovery plan?
Testing your disaster recovery plan is critical to the success of the plan. Testing will help you determine any holes in your process. If you have a problem area in your plan, you need to know about those gaps ahead of time in order to correct them and be prepared if something really happens.
While most people have a primary focus on core disaster recovery components, there is a multitude of tiny details that can cause delay or complete failure in a recovery process. For example, many times a disaster recovery plan includes using back-up servers in a new production site. This usually entails changing IP addresses both where you host the backup servers as well as potentially different IP addresses where the users initiate a connection. While you may be able to quickly boot up the servers end users may not have access if they are working from home and have not established the proper VPN access. If a test included people connecting from home (or some other designated alternative work location) then you would find and mitigate these issues before disaster struck.
Not only should you test your disaster plan regularly, but you should also repeat your test again and again. After the plan is tested, it is crucial that you document the outcome of each step, the success, and failures, that way you can improve upon your plan so that your organization is ready if a disaster actually strikes.
What can cause a disaster?
A disaster recovery plan is very complex and requires a lot of moving parts in anticipation of a multitude of scenarios that can strike without notice. If you have thoroughly tested your disaster recovery plan, then, if the time ever comes, your team will have rehearsed enough to eliminate panic or mistakes when you implement it.
Testing Your IT Recovery Involves Examining and Practicing Each Step
You will have to carefully plan each step and objective and then develop a practice scenario. Notify all of your staff that you will be doing this drill, from management to the end user. Make sure that each one of your key team members has clearly defined roles in the planning and implementation process.
Your testing should include all of your infrastructure, databases, firewall, networks, hardware, and applications. The point of each one of your practice steps is to identify any areas of the test that need to be improved.
Key Team Members
No matter how technically proficient you are, your business depends on people. Your disaster recovery plan will require your organization’s management, human resources, IT, and public relations staff to be prepared to respond as needed. In the event that you are hit with by a disaster, your key members will have to ensure that your services and process keep going.
For this to work, of course, you need to plan for the key team’s readiness. You need at least the following:
• Written protocols for key team
• Building security
• Evacuation plan
• Backups for key personnel
Assigning responsibilities and assuring that everyone knows who is responsible for each significant component to your disaster recovery planning and testing. Your plan should also have contingencies for staffing problems, in case of instances like a floor or bad storm, and your key team members are dealing with their own storm damage at their homes.
You need your organization ready to respond. A core team that can keep your structure, data, and personnel operating to meet your basic needs is critical to your disaster recovery plans.
Regular and Automated Backups
Beyond your key team members, it is absolutely essential that you plan to keep your data secure in case of loss or theft. Whether it is a natural disaster or human infiltration, a complete catastrophe can compromise your operating systems or customer information. Because of this, your plan should include security protocols on site and data backups and redundancies off-site.
At a minimum, you should maintain servers in a separate facility from your offices (and/or in a separate data center from the production data center). If you hold data in multiple locations, it helps limit the damage if one location suffers a catastrophe. This will allow you to quarantine access in one place in the event of a security breach, while maintaining any operations that need to continue uninterrupted in your other locations. This will keep your company operating smoothly while in the midst of a disaster recovery process.
REMEMBER: A DISASTER RECOVERY PLAN WITHOUT A FORMAL TEST IS ONLY A THEORY…it should work…but will it?
Your company’s disaster recovery plans cannot be definitively assessed until the aftermath of an actual event. Still, you can identify the ways you are prepared, and shore up areas in which you may not be as ready as you should be. Remember, a disaster recovery plan without a formal test is just a theory.
CIS is an IT business partner and technology solutions company that has been focused on and implementing business lines of technology since 1989. For more information or help in formulating a solid disaster recovery plan, contact us today.