IT disaster recovery (DR) plans are mighty and complex by nature. As elements of the overall risk management, which is demanded by regulators and laws, they deliver more than tricky technology. So how can IT build a business continuity (BC) plan that is fit for purpose?
Identify the person tasked with managing the programme
To effectively mitigate the risk of being hit by a disaster, somebody must be tasked with managing the DR programme. Within every department and location, peers must be assigned to support this individual. Peers must help to assess the impact of an incident and co-ordinate recovery efforts at a local level. There also has to be a group to co-ordinate things at the company level. All these people will typically have operational roles not directly linked to DR, so the membership of this group needs to be documented in detail and communicated well.
Don’t let IT dominate the BC plan
Design and operation of DR plans are meant to reduce risks. As such, it is necessary to assess and evaluate the impact of different events on the business. This business impact assessment can only be done with co-operation between the operational unit and IT - nobody but the business process owners can judge the effect of the process being broken. So, a DR plan that has been developed without the direct interaction with the business is likely to fail.
Establish the financial value of business processes
A business continuity plan should be based in part on a cyclic evaluation
of the financial value of business processes. The results of this analysis should be used in conjunction with risk assessments to work out just how much time, money and effort should be devoted to disaster recovery initiatives.
Continually re-evaluate risk
Risk management is a continuous process. Every change in your business activity, as well as changes in supporting environments, can cause new risks or change existing risks. Enterprise risk management should always be the umbrella under which IT risk management happens and you should mandate a periodical re-assessment of your situation. The result of this should be not just a detailed risk register, but also reports about how risks are mitigated, the effort for this mitigation and the accepted residual risks.
Rehearse your disaster recovery plans
A DR plan is a collection of sometimes difficult operational procedures, paired with processes that are exceptional. This scenario is highly prone to error. To minimise the risk of failure, the plan needs to be rehearsed at regular intervals.
Disaster recovery best practices
By Rudiger Krojnewski on Nov 26, 2008 6:29AM