Building a Comprehensive Disaster Recovery Plan

By | August 22, 2006
  • Are application priorities known and agreed to? Are inter-dependencies between applications understood, and inter-dependencies between applications and business processes understood? Are these documented and agreed to by stakeholders?
  • Can improvements be made to the security and availability posture ahead of the most recent vulnerabilities and threats?
  • If an emergency arises that takes all or part of the company’s network down, how quickly can the organization return IT operations to a normal state?
  • Is the organization prepared to quickly and seamlessly restart business processes in order to continue operations?
  • Are we testing the plan to drive out deficiencies or to show success for audit or visibility purposes?
  • Do we truly understand the business needs to meet those service levels through proper investment to close the gap between expectations, realistic capabilities, and risk appetite?
  • IT managers should prepare a business case and communication with their executive team to obtain resources for Disaster Recovery Plan development and execution. IT managers should also work with executive leadership to maintain an ongoing commitment to testing and change management.

    Make it Happen

    Thirty-three percent of respondents in Applied Research’s survey stated that the primary reason they did not have a plan in place was because of a lack of resources. Additionally, cost was the most frequently cited challenge for creating a Disaster Recovery Plan.

    It is important to note that the cost of developing a Disaster Recovery Plan can be quite low relative to the impact on recovery. Simply placing critical information such as employee and vendor contact lists, IT equipment lists, existing network diagrams and application manuals is a step in the right direction. You would be surprised how many businesses have not done this. Spending a half hour during a regular staff meeting to discuss who would be in charge at time of disaster and who would take responsibility for what, is another simple step. Asking management to approve of automatic higher spending limits for IT managers in the event of a disaster is another step. Disaster Recovery planning is all about taking another step. It is never perfected but can always be improved, regardless of the level of available resources or funding.

    Respondents in the Applied Research study consistently cited several motives for creating a Disaster Recovery Plan (respondents could choose more than one): 61 percent cited data corruption, 59 percent cited component/application failure, 54 percent cited site outage, and 54 percent cited downtime required for maintenance.

    Leave a Reply