Download the authoritative guide: Cloud Computing 2019: Using the Cloud for Competitive AdvantageIn Part 1, we began a checklist to help key individuals in your organization prepare a recovery plan in case of earthquake, significant power outage, or other disaster. The objective is to restore all critical business functions, rather than just such disparate functions as the data center.
Part 1 focused on gathering information in advance, including organizing the project and conducting business impact analysis and risk assessment, developing a strategic outline for recovery, reviewing back-up procedures, and selecting an alternate facility. Part 2 concludes the list with a look at developing and testing your strategy.
Plan Development and Testing
Develop Recovery Plan
This document defines the resources, actions, tasks and data required to manage the recovery in the event of an interruption. The plan is designed to assist in restoring the business process within the stated recovery goals. The disaster recovery coordinator should perform these steps assisted by the disaster planning committee as needed.
- Objective -- This may have been documented in the Information Gathering phase. Establish information for each business unit
- Plan Assumptions
- Criteria for invoking the plan:
- Document emergency response procedures to occur during and after an emergency is declared for that business unit, and after the emergency check the building before allowing individuals to enter.
- Document procedures for assessment and declaring a state of emergency.
- Document notification procedures for alerting unit all senior management executives, disaster recovery team members, and business unit executives.
- Document notification procedures for alerting business unit's personnel of alternate location.
- Identify disaster recovery team and business unit personnel.
- Recovery team description and charge
- Recovery team staffing
- Transportation schedules for media and teams
- Process descriptions
- Minimum processing requirements
- Determine categories for vital records
- Identify location of vital records
- Identify forms requirements
- Document critical forms
- Establish equipment descriptions
- Document equipment -- in the recovery site and in the business unit
- Software descriptions
- Software used in recovery and in production
- Produce logical drawings of communication and data networks in the business unit
- Produce logical drawings of communication and data networks during recovery
- Vendor list
- Review vendor restrictions
- Miscellaneous inventory
- Communications needs -- production and in the recovery site
- Document testing data
- Complete disaster/disruption scenarios
- Develop action plans for each scenario
- Document maintenance review schedule (yearly, quarterly, etc.)
- Maintenance review action plans
- Maintenance review recovery teams
- Maintenance review team activities
- Maintenance review/revise tasks
- Maintenance review/revise documentation
- Inventory and report forms
- Maintenance forms
- Hardware lists and serial numbers
- Software lists and license numbers
- Contact list for vendors
- Contact list for all staff with telephone numbers for home, work numbers, cell phone, and pager
- Network schematic diagrams
- Equipment room floor grid diagrams
- Contract and maintenance agreements
- Special operating instructions for sensitive equipment
- Cellular telephone inventory and agreement
Test the Plan
Testing the plan enables the disaster recovery planning team to see how their recovery plan and procedures work in practice. It enables everyone to get a reasonable assurance that a plan will make the grade when it really counts -- in an actual disaster.
- Develop test strategy.
- Develop test plans.
- Conduct tests.
- Modify the plan as necessary.
Maintain the Plan
Disaster recovery plans can have a shelf life between six and 12 months depending on the changes in the organization's procedures, systems, and personnel. Having a program in place to maintain the plan will ensure that everyone, especially the disaster recovery planning team, will be ready if a real emergency occurs.
The senior management executive responsible for disaster recovery assisted by the disaster recovery coordinator should oversee this step:
- Review changes in the environment, technology, and procedures.
- Develop maintenance triggers and procedures.
- Submit changes for systems development procedures.
- Modify unit change management procedures.
- Produce plan updates and distribute.
- Establish period review and update procedures.