There are a number of action steps to be taken in designing an efficient disaster recovery plan that will facilitate the quick restoration of normal business operations and the resumption of activity at the main business location. These action steps include:
- Prioritizing business units
- Crisis management
- Emergency communications
- Actual recovery process (This recovery phase could include features such as cold sites, warm sites or hot sites.)
Emergency Response Plan
The disaster recovery plan should outline the protocol key personnel should follow upon the discovery that a disaster is unfolding or is imminent. The protocol will depend on the type of disaster that strikes, the personnel responding to the emergency, and the window of time for facilities to be evacuated and/or equipment to be shut down. These procedures will likely be performed in the midst of an unfolding crisis. Therefore, a checklist should include tasks arranged in order of priority with the most critical tasks first on the checklist.
The disaster recovery plan should include a list of personnel to be contacted in the event of a disaster. Normally, this will include essential members of the DRP team as well as those personnel who are responsible for critical disaster recovery tasks throughout the organization. The PN list should have an alternate means of contact for each member and a backup person if the primary contact person is unreachable or can’t make it to the recovery site. This checklist should be distributed to all personnel who might respond to a disaster, which will assist in prompt notification of key personnel.
Business Unit Priorities
To efficiently stabilize the ongoing processes of an organization when a disaster occurs, a recovery plan should identify those business units with the highest priority. These units should be reinstated first. It’s important for the DRP team to identify those business units and reach consensus on order of prioritization. This is similar to the prioritization task the BCP team performed during the Business Impact Assessment (BIA) and could be based on the resulting documentation of the BIA prioritization task.
In addition to listing units in prioritized order, a breakdown of processes for each business unit should also be drafted, also in order of priority. This breakdown will clarify which processes merit highest priority as not every function performed by the highest-priority business unit qualifies as top priority. In this case it might be prudent to restore the highest-priority unit to 50 percent capacity and then move on to lower-priority units to reinstate some minimum operating capacity across the organization before attempting complete recovery.
Crisis Management for Disaster Recovery
An efficient disaster recovery plan should help assuage the panic that will set in once a disaster strikes. Those employees who are most likely to be at ground zero, such as security guards, technical personnel, etc., should be trained in the disaster recovery procedures and know the proper notification procedures and immediate response mechanisms.
Also, ongoing training on disaster recovery responsibilities should be done. Crisis training should also be provided if the budget permits. This extra measure will ensure some personnel will know disaster protocol and can offer guidance to other employees who didn’t receive comprehensive training.
Emergency Communications for Disaster Recovery
Communication is critical in the disaster recovery process. An organization should be able to communicate both internally and externally when a disaster strikes. It is assumed a disaster of significance would receive attention within the local community. Therefore, if an organization is unable to inform persons outside the organization of its recovery status, the public could assume that the organization is unable to recover.
It is critical internal communications are sustained internally during a disaster so employees know what is expected of them. If an incident such as a tornado destroys communication lines, it’s important to determine other means of communicating both internally and externally.
Alternate Recovery Sites
Alternate recovery sites are significant to the disaster recovery plan as they give organizations a backup to maintain operations and minimize downtime (or no downtime at all) in the event of a disaster. An organization may require temporary facilities where data can be restored to servers, and business functions can resume. Without this type of facility, the organization would be forced to relocate and replace equipment before normal operations could resume. This can demand extensive use of resources, including labor, time and finance, and could result in the organization no longer being an economically viable entity.
With the availability of an alternate recovery site, an organization can restart its business operations when the primary site is rendered unsound by the disaster. There are many options for alternative recovery sites, but the four most commonly used in disaster recovery planning are: cold sites, warm sites, hot sites, and mobile sites. When determining the appropriate location for these sites, it’s important they’re located in a different area. If the alternate site is within close proximity of the primary site, it’s vulnerable to the same disaster.
Documentation for the Disaster Recovery Plan
The disaster recovery plan should be fully documented and proper training should be given to all members who will be involved in the disaster recovery effort. When developing a training plan, the DRP team should think about orientation training for new employees, training for members taking on a new role in the disaster recovery plan, occasional reviews of the plan for all team members, and refresher training for all other employees.
Testing and Maintenance for the Disaster Recovery Plan
The disaster recovery plan should also be tested on occasion to check for any flaws and make sure that the plan’s applications are sound and in step with the evolving needs of the organization. The types of tests that can be run will vary according to the level of recovery facility (cold, warm, etc.) available to the organization. The five main tests that should be conducted are the following:
- The checklist test is the delivery of copies of the disaster recovery checklists to the DRP team, and also key personnel for review. This ensures that key personnel are informed of their responsibilities and review the information on a periodic basis. It also allows for spot checking of any erroneous or obsolete information, and revise items that require updating due to changes within the organization. It allows for the identification of situations in which key personnel have left the organization and need to be replaced. In these situations, the disaster recovery responsibilities assigned to those employees should be reassigned.
- The structured walk-through involves role-play by the DRP team of a disaster scenario. The test moderator tests a specific scenario and presents the details to the team at the time of the test. The DRP team members then review copies of the disaster recovery plan and discuss the appropriate responses or any problematic areas with that particular type of disaster.
- The simulation test is similar to the structured walk-through. Here the DRP team members are given a test scenario and asked to come up with an appropriate response. These response methods are then tested for efficiency. This may involve the scheduling around non-critical business activities and the use of some operational personnel.
- The parallel test entails relocation of key personnel to the alternate recovery site and the activation of site activation procedures. During this test, the operations at the main facility are not interrupted.
- The full-interruption test is similar to parallel tests, but operations at the primary site are shut down and transferred to the recovery site.