Why Disaster Recovery Business Continuity Plans Fail

Almost 30 percent of DRPs and BCPs fail when the are activated

One of the primary reasons why disaster recovery and business continuity plans fall short when they are needed is the failure to test and train staff in how to use the plan. The reasons for this are many, and include:

• Cost - There may be a view in the organization that time taken up in business continuity testing and exercising is unproductive time and therefore an unnecessary cost that can be avoided. There may also be reluctance to invest in external consultants to help facilitate tests.
  
  
• Organizational Inertia - Getting a group of busy executives and managers to commit their time is a difficulty in its own right; but getting all the required participants to agree on a convenient time and date can be an administrative nightmare.
  
  
• Lack of top-management commitment -  If top-managers view business continuity as a box-ticking exercise or if they simply don’t fully understand the importance of a fully tested and well exercised business continuity plan, then senior management will probably not provide the arm-twisting support that business continuity managers need to get tests off the ground.
  
  
• Failure to comply with mandated requirements - Many regulations stipulate that compliance requires a business continuity plan to be in existence. But they don’t often include proof of testing and exercising activities within the scope of the regulations. This is an area where improvement could bring large benefits. Similarly when contracting organizations ask suppliers to provide evidence of business continuity plans, they don’t often ask to see details of the tests and exercises that are carried out. Doing so would help testing and exercising move up the priority ladder.
  
  
• Poor structure of previous tests - If an organization runs tests and exercises which are badly structured, boring or un-realistic (meteorite landing on head office at the same time as a pandemic etc. ) then participation in subsequent tests and exercises will plummet.
  
  
• Belief that testing and training is too hard to do adequately - Reports of training, testing and exercising sometimes being difficult to achieve create a perception that it will  always  be less than adequate. This results in the area being shelved in the ‘one day’ tray rather than on the ‘must do’ list.
  
  
• Fear of failure - One of the points of business continuity tests is to discover weak areas in plans and strategies. However, if an organization has a blame culture then it may be perceived that the business continuity manager has failed because the plan is shown not to be perfect. Who would want to place themselves under such a harsh spotlight?

 

• DRP Standard
• Premium
• Gold
• DRP/Security Standard
• Premium
• Gold

Disaster Recovery Business Continuity Standard Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations
  • Plan Distribution

  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

Disaster Recovery Business Continuity Premium Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory,
  • Location Contact Numbers,
  • Off-Site Inventory,
  • Personnel Locations,
  • Plan Distribution,
  • Remote Location Contact Information,
  • Team Call List, and
  • Vendor Contact Information.
• 15 Full Job Descriptions (WORD)
  • Chief Information Officer,
  • Chief Security Officer,
  • Chief Compliance Officer,
  • VP Strategy and Architecture,
  • Director Disaster Recovery and Business Continuity,
  • Director e-Commerce,
  • Director Media Communications,
  • Manager Disaster Recovery,

  • Manager Disaster Recovery and Business Continuity,
  • Disaster Recovery Coordinator,
  • Disaster Recovery - Special Projects Supervisor,
  • Manager Database,
  • Capacity Planning Supervisor,
  • Manager Media Library Support,
  • Manager Site Management, and
  • Pandemic Coordinator.

Disaster Recovery Business Continuity Gold Edition

• Disaster Recovery Business Continuity Template
  
  
• 243 IT Job Descriptions including all of the job descriptions contained in the Premium edition

Disaster Recovery Business Continuity & Security Manual Templates Standard Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations
  • Plan Distribution
  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

• Security Manual Template (Word)
• HIPAA Audit Program
• ISO 27000 Security Audit - Compliant with ISO 22301 & 27031
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Tool
• Sarbanes-Oxley Section 404 Checklist
• Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
  • Blog Policy Compliance
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgment
  • Employee Termination Checklist
  • Internet Access Request
  • Internet Use Approval
  • Internet & Electronic Communication - Employee Acknowledgment

  • Mobile Device Access and Use Agreement
  • Employee Security Acknowledgement Release
  • Preliminary Security Audit Checklist
  • Security Access Application
  • Security Audit Report
  • Security Violation Reporting
  • Sensitive Information Policy Compliance Agreement

Disaster Recovery Business Continuity & Security Manual Templates Premium Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations
  • Plan Distribution
  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

• Security Manual Template (Word)
• HIPAA Audit Program
• ISO 2700 Security Audit
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Tool
• Sarbanes-Oxley Section 404 Checklist
• Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
  • Blog Policy Compliance
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgment
  • Employee Termination Checklist
  • Internet Access Request
  • Internet Use Approval
  • Internet & Electronic Communication - Employee Acknowledgment

  • Mobile Device Access and Use Agreement
  • Employee Security Acknowledgement Release
  • Preliminary Security Audit Checklist
  • Security Access Application
  • Security Audit Report
  • Security Violation Reporting
  • Sensitive Information Policy Compliance Agreement
  
  
  
• 25 Full Job Descriptions
  • Chief Information Officer (CIO); Chief Compliance Officer (CCO); Chief Security Officer (CSO);VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

Disaster Recovery Business Continuity & Security Manual Templates Gold Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations

  • Plan Distribution
  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

Security Manual Template (Word)

• HIPAA Audit Program
• ISO 2700 Security Audit
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Tool
• Sarbanes-Oxley Section 404 Checklist
• Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
  • Blog Policy Compliance
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgment
  • Employee Termination Checklist
  • Internet Access Request
  • Internet Use Approval
  • Internet & Electronic Communication - Employee Acknowledgment

  • Mobile Device Access and Use Agreement
  • Employee Security Acknowledgement Release
  • Preliminary Security Audit Checklist
  • Security Access Application
  • Security Audit Report
  • Security Violation Reporting
  • Sensitive Information Policy Compliance Agreement

243 Full Job Descriptions which includes all of the job descriptions in the premium edition