An organization’s IT systems are constantly being upgraded and altered. These changes influence the ability to successfully carry out a Disaster Recovery Plan. Regular maintenance and testing of a DR plan means that a business won’t be caught off guard in crisis time, or risk failure of the DR recovery.
For most audit purposes, a business should conduct a full scale DR test at least once a year. However, consider a different, rolling schedule if testing is becoming too disruptive, even though major changes are occurring in the environment of the IT department. After each environmental change, a business may be vulnerable if the plans and processes for disaster recovery do not match what has been recently changed for the business or updated at the primary or production site. Active maintenance and continuous testing are the safest ways to ensure that a DR plan is dependable.
Every time something as simple as an update to a security patch happens, the original DR plan becomes less reliable. For example, a security patch or upgrade could change drivers or software behaviour or formerly functioning services or protocols, preventing the ability to transmit or accept important data at the recovery site. Regular interval or change-triggered testing can help to catch these issues prior to a disaster by allowing for the opportunity to diagnose and remedy the incompatibility.
Common changes that may require DR testing:
- Swapping new applications in and old applications out
- Enhancing, re-developing applications
- Making major changes to computer room infrastructure
- Modifying recovery technology and replacing hardware
- Upgrading network services and appliances
- Patching and updating server software
- Changing employee & service provider roles
Significant DR failures are often a result of weaknesses within the “smaller” parts of the system. Testing these smaller parts on a frequent basis means that the failures to entire recovery processes are less likely to happen. It is also important that employees know how to respond in a time of crisis and have practice exercising their roles and responsibilities. Testing elements or the entire DR plan on a regular basis ensures that employees will react instinctively to a disaster situation.
Failure to conduct DR testing runs the risk of the organization not being able to function during a disaster. The consequences of which could result in major losses in data, revenue, profit or reputation. Regular testing identifies “soft spots” in the plan that can be remedied prior to a disaster situation. DR testing can be as simple as verifying that a user can access a secondary webmail application or it can be as complex as a complete re-routing of all users, on all applications to a recovery site. The bottom line is that a disaster cannot be the first time that a DR plan is “tested for leaks”.
