How often do companies, and organizations, conduct an actual Disaster Recovery (DR) exercise? Monthly? Annually?
Most companies, according to Forrester Research, say they run their DR plan once-a-year. But, a post on the CIO website offers a different conclusion: business are not running regular DR programs; consequently, their chances are bleak when it comes time to respond.
Some of the common obstacles that are keeping IT services, and stakeholders, from running DR exercises include:
- Minimal support from the C-level folks
- Unwillingness to disrupt business for DR exercises.
- Lack of personnel
Developing a working DR plan requires input from all departments with an emphasis on the following elements:
Clear goals are expressed…
That means making sure the objectives of the plan are clearly lined out, showing the steps that will be followed during the exercise.
Will the focus be centered on recovering specific software, or components? How will key staff—administration?—become involved during the exercise?
Give other staff rotating responsibilities…
The DR plan does not rely on one individual. In fact, the person who developed the plan should not be the leader when actual disaster hits. Cross-train with other staff, even though they may lack certain knowledge germane to the recovery. The result will provide continuity to the plan.
‘Risk’ settings?
A lot of companies simply go through a random exercise where the idea is to quickly spot the problem areas—referred to as the “smoking hole.”
But if specific parameters are laid down during for the exercise, then the setting should be more realistic. By mixing up the IT ‘what-ifs,’ teams will be required to use different skill sets throughout.
In short, a well-written plan with clear objectives, signed-off on by stakeholders, is the best way to develop a Disaster Recovery plan.