Disaster Recovery plans may use a Risk Assessment analysis; ‘incident response manager’ may be needed.
A lot of business owners have different ideas about what a disaster recovery plan is all about. To some, it’s backing up to a tape, external drive, or hosting service.
Regardless, behind most any recovery strategy is the notion of getting the company back up and running in an efficient manner. Usually, this is successful when stakeholders have approved certain steps that should be taken when disaster happens.
Some companies follow a Risk Assessment plan identifies all of the location of critical services within the company, and is often referred to as a Business Impact study.
Once everyone is signed-off on this assessment study, then it’s important that everyone knows what the expectations are for “recovery times.” To help this process, some IT staff assign an “incident manager” who steps in to make an assessment of just how critical the “disaster” might be: the objective is not only Disaster Recovery, but also how best to maintain “continuity” within the organization’s business processes.
Generally, the written plan for Disaster Recovery will note what is expected from certain personnel, as well as full contact information on company decision-makers. Such a plan might include:
Introduction: When disaster strikes, and files are disappearing into the ‘abyss’ because of on-premise hardware failure, it is paramount for the right people to know the entire “scope” of the plan…and who can step in to implement it.
Who should be doing what?… What roles will people play during recovery, and who has the authorization, for example, to order new equipment. More importantly, it’s vital that all the players know the range of authority each has in such situations.
Make a list…At the end of the written plan, it is important to make a system’s inventory: assessments on applications, lists of vendors and the level of agreements, and contracts, that spell out their range of expected services.