Why is it important to exercise disaster recovery procedures?
To ensure that all the disaster recovery procedures and activities specified in a DR plan work as intended, the plans should be validated by exercising them using a number of approaches. At a minimum a table-top exercise can provide a way to walk through all steps of a DR plan without dealing with an actual event. This technique brings all relevant players together to check that all DR procedures are correct, in the proper sequence, and that all team members understand their roles in the recovery.
To ensure that technology focused plans -- such as those recovering servers for example -- work properly a functional exercise is advised. In this exercise the server in question is taken off-line and backup/recovery sequences are activated using scripts or whatever technique is preferred. This exercise verifies that the scripts include the correct information, the sequence of steps is correct, and all designated employees are able to recover the failed server. After each exercise, be sure to conduct a review of the exercise to find out what worked, what didn’t work, and identify changes to the plan.
In addition to plan exercising, it’s essential to have a maintenance process for all plans. This includes regularly scheduled plan reviews and exercises, updates to risk assessments and BIAs, and updates to technical data and emergency contact lists. To further ensure that plans as well as the overall program are functioning smoothly, annual audits are recommended. Work with internal and/or external auditors to make sure they understand how to audit DR plans.
This was first published in March 2012