Once you’ve located and understood the cache of disaster recovery standards – be they government mandates, industry regulations, international standards or credentialing organizations – it is up to you to determine how much of the material is applicable and useful to your organization.
You need to keep in mind that two types of information run through DR standards material. One is emergency-crisis-business continuity management information and advice, and the other is IT DR governance-process-security content. It may be that only one type of information is more applicable to your requirements, but you will still need to hunt and peck through all the material.
There are five questions that you should ask when examining the usefulness of DR standards as they apply to your organization:
1. Are you subject to regulation? If there is a relevant law, regulation or trade association directive driving your DR activities, you need to become extremely well-versed with these rules or regulations, because this is serious business. You may be subject to a regular external audit or random verification under these regulations, which will require you to provide proof of your compliance.
2. Are there any special requirements you face based on industry or jurisdiction? You may be in full compliance with DR standards in your own country, but in today’s global marketplace, companies are increasingly being asked to meet the DR requirements of the country where their products/services are destined, or in which their customers or other stakeholders are domicile. You may need to familiarize yourself with the DR standards of other jurisdictions or in supply chains in order to become fully compliant.
3. How much detail is required? Some disaster recovery standards are “generic” documents, outlining what needs to be done as opposed to spelling out how to do it. Others are industry specific and not applicable to your organization. Some reside in hefty guides or books that are 400 pages long, others are 20 double-spaced, bullet-pointed pages. The point is you will need to sift through a lot of material in order to find the information that is suitable for you.
4. Can you get additional guidance from the organizations that provide DR standards? The organizations that provide DR standards often promote and build eco-systems around them – a dedicated organization of members that share and can help provide additional guidance. Find out if they have templates, samples, tables of content and definitions that you can use, or even better, detailed DR methods or pre-written procedures that you can tailor for your own DR initiatives.
5. Can your DR standards search lead to applicable case studies? Find an organization in your sector that can provide real-life examples of a DR plan in action. Some of these examples are in the public domain (e.g. particularly for universities and government agencies) that can be found through a query on DR standards. Alternately, get whatever advice you can from IT service suppliers or consultants working in a similar organization to yours, so you can provide credible evidence to your stakeholders of a proven DR approach.
Asking these questions will help your organization leverage DR standards for more useful resources. As you conduct your search, establish a shopping list of your organizations needs – DR plan, DR procedure template, DR audit report, DR checklist, and so on – so that the results of the search can be more readily applied.
