After developing a clear strategy in the initial stage of DR planning, the next two phases put the plan into a “ready for action” state. Implementation and maintenance are two distinct parts of the overall life cycle, but work together to ensure readiness, should the plan need to be set in motion.
Implementation of the Plan
What architectures and technologies will you need to achieve the speed and expected level of recovery desired? Once you have undergone a selection process and sharpened estimates, purchase any necessary equipment, then select, contract/set-up and prepare your recovery site for the implementation process. Start with your top tier, or most critical systems and provide clearly written scripts and procedures for each sequential activity in your fail-over process. These should include detailed steps, illustrative “screen shots” and any key references to operational and as-built documentation for each system.
In addition to the technical recovery information, there are many “soft”, sustaining elements of a successful disaster recovery plan:
- A well-documented declaration & decision-making process
- Well-defined and assigned roles for specific actions
- Management training, specifically for communication, escalation and decision-making responsibilities
- Initiatives to build awareness company wide
- “Call trees”, contact lists and procedures to keep clear communication lines in place
- Accessible documentation that is available on-demand to recovery team members
- Progressive testing plans to ensure plans will perform as expected when the time comes
A recovery plan is only as good as the training that goes into making sure staff knows what to do should they need to use it. When you have a clearly outlined plan, you should practice running it with the right people. The testing can begin very narrowly, with selected systems, and then get broader, and more encompassing until fully completed. Start with a desktop walk-through of all the documentation and procedures, until you are confident enough to try a simulated or live switch over (downtimes and/or outside of business hours is best) and eventually during office hours. Once certain critical systems are up and running, you can continue to expand the plan and build out similar capabilities for lower priority systems.
Maintenance of the Plan
The most effective disaster recovery processes follow the system development life cycle and become part of the day-to-day routine of planning, building and maintaining systems. The needs of disaster recovery must be routinely “top-of-mind” in order to ensure proper protection of the business’s most critical systems. As systems change and get updated, revisions will be required regularly to the plan, and must be addressed with immediacy. To be most effective, consider the disaster recovery plan as a living document that requires constant attention. Regular testing will alert the business to issues or necessary upgrades to such areas as communications bandwidth, storage capacity, servers and security.
The error most businesses make in implementing a disaster recovery plan is the failure to regularly verify that it works. Systems are constantly updated and your disaster recovery plan needs to reflect these changes, or it will introduce unexpected “snags”. Build in well-planned, scheduled testing to ensure this step is not overlooked.
