Why is it important to exercise disaster recovery procedures?
To ensure that all the disaster recovery procedures and activities specified in a DR plan work as intended, the plans should be validated by exercising them using a number of approaches. At a minimum a table-top exercise can provide a way to walk through all steps of a DR plan without dealing with an actual event. This technique brings all relevant players together to check that all DR procedures are correct, in the proper sequence, and that all team members understand their roles in the recovery.
To ensure that technology focused plans -- such as those recovering servers for example -- work properly a functional exercise is advised. In this exercise the server in question is taken off-line and backup/recovery sequences are activated using scripts or whatever technique is preferred. This exercise verifies that the scripts include the correct information, the sequence of steps is correct, and all designated employees are able to recover the failed server. After each exercise, be sure to conduct a review of the exercise to find out what worked, what didn’t work, and identify changes to the plan.
In addition to plan exercising, it’s essential to have a maintenance process for all plans. This includes regularly scheduled plan reviews and exercises, updates to risk assessments and BIAs, and updates to technical data and emergency contact lists. To further ensure that plans as well as the overall program are functioning smoothly, annual audits are recommended. Work with internal and/or external auditors to make sure they understand how to audit DR plans.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
From mainframes to the cloud, the business continuity profession has seen a lot over the decades. How did we get to the business continuity process ...continue reading
Has your organization created a disaster recovery plan and left it on the shelf? You're not alone. Explore what you can do to improve your plan's ...continue reading
In conducting an IT risk assessment, are you asking the right questions to your staff? Are you talking to the right people? These elements are ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.