A disaster recovery may benefit with Incident Response management.
A disaster recovery plan may mean different things to different people: maybe it’s just retrieving those lost documents that are the basis for the biggest order yet placed with your company.
More likely, company owners place such a strategy as a top priority, as it surely relates to getting the company back up and running in a timely manner; this, because they implemented the approved steps signed-on by all the stakeholders in the organization.
The ‘plan’ should begin with taking a Risk Assessment (RA) to specifically ID all the services assigned to delivering all “critical business activities.” Some refer to this process as a Business Impact analysis.
Once established, it is crucial to set ‘recovery time objectives.’ Generally, this will involve an ‘incident manager’ who assesses the criticality of the situation; the subsequent steps involve the Emergency Management team, Disaster Recovery and then an eye to preserving Business Continuity.
A sample disaster recovery plan basics include, but not limited to…
A written plan should open with notes about general personnel logistics, from where people should gather, for example, to decision-maker contact information.
Introduction: When the ‘sky is falling’ with being files thrown to the abyss because of hardware failure, people need to know what the “scope of the plan” entails: includes links to related documents and steps—not to mention who has the authorization to implement it!
Who’s doing what-when: The plan needs to say who has what role among team members with all the contact details. More importantly, who has the go-ahead to spend the money if equipment needs to be purchased. Everyone should also be aware of one another’s range of authority.
The ‘incident response:’ Someone has to call it: an emergency situation has arisen due to certain alarms or equipment benchmarks being compromised. If the moment can’t be resolved, and it gets out of control, the next step is to notify all the key people in the company.
That all-important ‘appendixes:’ All the systems’ inventories, application overviews as well as network assets should be listed at the end of the plan; too, a list of service providers and their level of agreements, suppliers and contract information.