Common Mistakes - Disaster Recovery Business Continuity
Most common mistakes made in Disaster Recovery and Business Continuity Planning are eliminated by implementing the Janco Disaster Recovery and Business Continuity Template. Problems that are avoided are:
- Failure to identify every potential event that can jeopardize the infrastructure and data that your enterprise depends - In addition to the security and network threats - viruses, Trojans, worms, etc. - you need to identify any forces that are unique to your geography. Do you live on an earthquake fault, tornado alley, or in a flood zone? Does your region experience frequent power interruptions from storms or rolling blackouts?
- Failure to cross-train personnel in disaster recovery and business continuity - Often businesses create a Disaster Recovery and Business Continuity plan that depends on just a few people. You need to identify and cross-train a pool of employees that are capable of responding in an emergency. It also helps if this pool of resources is geographically dispersed in case of a large environmental disaster that affects all local employees.
- Failure to create a communication processes which will work when your communication infrastructure is lost - If the power goes out in your facility and no one is there to report it, will your Disaster Recovery and Business Continuity staff be informed? You can also establish an arrangement with a third-party service provider to monitor your facility and notify a pre-defined set of individuals that are trained to execute your disaster recovery business continuity plan.
- Failure to have adequate backup power - If your facility is affected by a widespread environmental disruption, you may find yourself without power for an extended period. Be sure to have on hand enough fuel to run the back-up generators for more than a week. In addition, purchase the longest-life, most uninterruptible power supply available.
- Failure to know which resources need to be restored first - Which of your IT applications need to be accessed first? Are there some that can wait a day or two without affecting your business? You need to be selective about the order in which applications and services are brought back online first after a disaster. For example, you might choose to reactivate your company's email application before you restore departmental file servers. There may be politics involved in this decision, so make sure you get buy-in beforehand, to avoid the “me firsts!”
- Failure to have adequate physical documentation of your Disaster Recovery and Business Continuity plan - After creating a plan, be sure that you create detailed systematic instructions on how to execute the recovery plan. Ensure that every process is well documented. Describe the location of all system resources needed to accomplish the recovery. Be sure to store the documentation at multiple locations and verify that all key personnel have easy access to the manuals.
- Failure to validate the adequacy of your back ups - It does not matter how good your Disaster Recovery and Business Continuity plan is if your data is out of date, is in a location also affected by the disaster, or has become corrupted. Perform backups at rigidly enforced, regular intervals to protect information integrity. Test and test again.
- Failure to test your Disaster Recovery and Business Continuity plan - You need to make sure your recovery plan actually works in an emergency! You should regularly conduct data fire drills to test every possible scenario, from basic power failures to catastrophic events that could result in multiple months of devastation.
- Failure to have passwords available to the Disaster Recovery and Business Continuity team - Though password protection is a key goal for data security, you need to store your system passwords in at least two geographically separate, secure locations. Make sure that more than one IT staff person has access to all passwords and codes. Change these passwords promptly if key personnel leave the company.
- Failure to keep your Disaster Recovery and Business Continuity plan up to date - You should never stop updating your Disaster Recovery and Business Continuity plan. Once a plan is created, revisit it at least on a quarterly basis. Establish and document a list of trigger points that should invoke changes to the plan, like personnel, equipment, location or application changes, to name a few.
The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:
- Plan Introduction
- Business Impact Analysis - including a sample impact matrix
- DRP Organization Responsibilities pre and post disaster - drp checklist
- Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's
- Recovery Strategy including approach, escalation plan process and decision points
- Disaster Recovery Procedures in a check list format
- Plan Administration Process
- Technical Appendix including definition of necessary phone numbers and contact points
- Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available
- Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)
There is a extensive section that show how a full test of the DRP can be conducted. It includes
- Disaster Recovery Manager Responsibilities
- Distribution of the Disaster Recovery Plan
- Maintenance of the Business Impact Analysis
- Training of the Disaster Recovery Team
- Testing of the Disaster Recovery Plan
- Evaluation of the Disaster Recovery Plan Tests
- Maintenance of the Disaster Recovery Plan
Click on the link below to get the DRP/BC sample pages now and make it part of your disaster recovery toolkit.