What you need in a disaster recovery (DR) plan

Here's my list of items that companies often discover missing in their disaster recovery plans, policies, procedures and documentation:

1. Authentication and validation tools: All too often, the IT staff discovers that copies of crucial SSL certificates and important account passwords or physical access devices are missing when recovery is already underway.

   The solution: arrange for secure offsite storage of physical devices and for secure online storage of passwords and certificates with a third party. Practice their retrieval and use as part of your DR/BC drills, exercises and mockups.

2. Personnel contacts, info and methods: In a surprising number of cases, staff members discover that they can't reach the contacts identified in the disaster recovery or business continuity plan and plans too often fail to list a sufficient number of staff members to guarantee that a valid contact is available. Likewise, personnel notifications too often rely on somebody to manually initiate such contact by phone, email or other means.

   The solution: make sure a sufficient number of contacts is included to protect recovery point objectives (RPOs) and recovery time objectives (RTOs). Email and pager notification of key staff members should be arranged through a secure email account offsite. Some well-known providers include Yahoo, Gmail or MSN, where you email passwords encrypted using a tool like this password applet [http://angel.net/~nic/passwd.sha1.1a.html], and make the account and password available to all responsible parties on the recovery plan staff list.

3. Geographical risks and factors: Companies operate in earthquake zones, floodplains, fire hazard areas and occasionally even in war zones without adequately planning for natural or manmade disasters. Check your situation carefully, and model the most likely disasters as accurately as you can when conducting practice drills. Make sure offsite or distant alternatives are identified in personnel information in case local staff is unavailable.
4. Recovery of individual computing: During recovery, individuals and corporate IT assets such as servers and storage farms (SANs ...
   
   To continue reading for free, register below or login

   Requires Membership to View

   To gain access to this and all member only content, please provide the following information:

   Email Address:
   
   
   

   By joining SearchDisasterRecovery.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   To read more you must become a member of SearchDisasterRecovery.com

   As an existing member of the TechTarget network please activate your SearchDisasterRecovery.com account 

   By joining SearchDisasterRecovery.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   
   
   

   Digg This!     StumbleUpon     Del.icio.us

   
   
   
   

   RELATED CONTENT Disaster recovery tips How to prepare and plan for a pandemic disaster Disaster recovery plan basics: Updating and reviewing DR plans Metrics for measuring business continuity management performance IT disaster recovery and business continuity planning for non-catastrophic disasters Is your disaster recovery (DR) plan out of date? The pros and cons of network-based data replication The importance of workforce continuity in a disaster recovery plan Twelve tips for business continuity management in a recession Disaster recovery planning fundamentals: DR testing basics Microsoft SharePoint disaster recovery strategies Disaster Recovery Planning/Management Exploring Microsoft Windows clustering and high-availability tools in disaster recovery How to prepare and plan for a pandemic disaster Disaster recovery plan basics: Updating and reviewing DR plans Disaster recovery news briefs: SteelEye supports disaster recovery and business continuity for Windows Server 2008 R2 Metrics for measuring business continuity management performance Iowa Health System uses 'cloud' for disaster recovery to survive flood Disaster recovery and business continuity planning strategies for natural disasters Easy ways for SMBs to improve their disaster recovery and pandemic plans Disaster recovery news briefs: Riverbed updates Riverbed Optimization System software IT disaster recovery (DR) plan template: A free download and sample plan

   RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

   
   
   or NAS servers), need to get back to work. Make sure disaster practice addresses issues involved in providing desktop or notebook access to key staff members during recovery, and to important staff members during the return to operational status.

5. Procure sufficient backup power and facilities: Many companies discover that they can't draw on adequate power or facilities when they go into recovery mode. Practice sessions will quickly identify and help suggest remedies to such problems, but they can stymie recovery or continuity as surely as the lack of other important resources. Lack of sufficient power and facilities will show up during practice drills when and as drill teams try and fail to bring systems up because of power- or facilities-related issues or problems.
6. Identify priority order for resource recovery: If servers need access to a storage server or farm before they can deliver access to key services or information, those resources must be ready before or as the servers come online. In general, most network resources will be unavailable until directory services are up, so they should be brought up first. Identify key dependencies and take them into account when documenting and describing recovery processes and procedures.
7. Provide adequate documentation and instructions for recovery: Beyond addressing essential dependency issues covered in the preceding item, many companies discover during recovery that some aspects of their processes and procedures are missing, insufficiently detailed or lacking important information. Creating "The Book" and going by that book during practice drills helps highlight oversights and omissions and see them addressed before genuine disaster or business interruption strikes.
8. Exercise DR/BC plans regularly and rigorously: At least yearly, companies must work their way through DR/BC plans completely and thoroughly and dispassionately record all issues, oversights, omissions and errors for quick follow-up remediation. There is no substitute for practice and thorough testing in this arena.
9. Keep your DR/BC plans current and corrected: It's essential to put processes in place that require staff to report regularly on plan status, and enact change management to keep plans in synch with organizational and technical realities on the ground. It's also important to perform regular audits to check how well plans and reality match.
10. Regular attention and involvement: Executives, IT staff, key department heads and other staffers must remain aware and tuned into disaster recovery and business continuity needs, priorities and information. Some companies go so far as to make recovery drill participation mandatory, and a checkbox item for annual or periodic performance and salary reviews (tying participation to raises seems to be a powerful motivator). Ultimately, that's the only way to make sure that DR/BC plans completely address the return to business as usual even when disaster strikes.

Ed Tittel is a long-time freelance writer and trainer who specializes in topics related to networking, information security, and markup languages. He writes for numerous TechTarget.com Web sites, and recently finished the 4th edition of The CISSP Study Guide for Sybex/Wiley (ISBN-13: 978-0470276886).

Do you have comments on this tip? Let us know. Please let others know how useful this tip was via the rating scale below.

Do you know a helpful storage tip, timesaver or workaround? Email the editors to talk about writing for SearchDisasterRecovery.com.

Rate this Tip To rate tips, you must be a member of SearchDisasterRecovery.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.