Home > IT Perspectives > Survivable Disaster Recovery (part 1)

Survivable Disaster Recovery (part 1)

November 25th, 2009 Leave a comment Go to comments

It would be hard for me to ignore the topic of disaster recovery after these past two weeks. I was able to witness an organization react to their own disaster while I played the active role in a rather blind recovery process. It was a powerful perspective to be in, to help understand what really is needed from having a good disaster recovery plan.

I rarely find a company that has not confused the actual role of a disaster recovery plan. We know we need it, we think we know it what it is, yet most companies over-think the process, muddying the discussion with what really should be a business continuity strategy.   The disaster recovery plan should be a simple, yet focused outline of what keeps your organization running.  As the person yeilding the power to bring you back to a functional organization, I need to know where to focus my energy and how much energy to exert.  What departments make the organization run? (psst, trick question, it’s all of them) Identify the crucial resources of each department (psst, risk analysis model). How long can they operate without those resources? (psst, recovery prioritization model).

While you have toiled for hours to create what you consider to be the perfect plan for that perfect disaster, you missed one important step.  A disaster is something you can not plan for.  It wouldn’t be much of a disaster if you could, would it? Get your head out of “fire in the server room” or “plane in the building” scenarios and start with asking the important questions, like “what do we need to run this organization?”

Here are some easy signs to identify your disaster recovery plan needs revising.

You don’t have one. Don’t worry you are not alone. Many companies out there are still “really intending” to get to that disaster plan. The good news is, after the disaster, you will have all sorts of resources and attention put towards making one.  We are a reactionary culture and while the events of 9/11 were enough to shock most companies into putting attention towards a disaster recovery plan, we all react at different paces.  Give me a call after your disaster and we can talk because we all know you are too busy to sit down before hand.

You created the plan out of compliance. Mildly worse than not having one at all, is having one that isn’t really focused one what you need. Many companies don’t sit down to create a disaster recovery plan until some auditor tells them they need one.  Most resultant plans are structured to ensure compliance, not act as a usable resource when the disaster actually happens.  You will find yourself pulling out this document only confuses and delays an actually recovery process.

The auditing companies are either financial based or compliancy driven for some single objective. Come to the realization that you may be maintaining a surface level disaster recovery plan, along side of the one that will actually be useful in a disaster.

It goes unread. D day arrives, your disaster is upon you, and nobody reads the document.  Hopefully it is because you have been so involved with making such a solid plan, that you have it memorized.  Realistically you don’t look to the plan because it holds no pertinent information, it is outdated, or nobody knows how to find it anyway.

It is thick. Most people mis-apply the relevance to creating a disaster recovery plan. If you plan resembles the encyclopedia, then congratulations.  You have officially created a plan so detailed that nobody could actually follow it if they needed to.  Except for perhaps the one person who wrote it.

So you realize you may actually need to focus on a disaster recovery plan before the disaster.  Now the trick is to give you some easy tools to make it happen.  As I navigate my own organization through the following weeks of preparing a disaster recovery plan, I will publish up some very usable and basic guides for you to use in setting up your own plan. Consider it a usable guide to IT disaster recovery, apposed to the document you have creating dust now.

That is not to say there aren’t a lot of valid, powerful resources out there if you need a head start.

Disaster Recovery Journal

Guide to Rules and Regulations (compliance requirements)

NIST IT Contingency Planning

Categories: IT Perspectives Tags: