The disaster recovery (DR)/ business continuity (BC) process encompasses many different activities. One of the most important areas to be addressed -- often as a secondary activity -- is disaster recovery documentation. Naturally, BC and DR plans,
A disaster recovery checklist for different types of plans
Many different types of plans are available as part of a DR/BC program. Besides disaster recovery and business continuity plans, additional plans may be part of your overall strategy for preparing for and responding to disruptions. In the following checklist, you may see plan types that seem outside your responsibility, but keep in mind that it's always good to be prepared. There may be a time where your team has to step in and cover for another group.
Disaster recovery lists
A considerable amount of information is needed when recovering from a disruptive event. Much of this will be developed during business impact analysis (BIA) and plan development activities. Compile these and other lists you deem appropriate, keep them updated and be sure to coordinate with your human resources organization.
The identification and storage of vital records may or may not be in your team's jurisdiction. Typically it's managed by a firm's IT organization. However, if possible, obtain current descriptions of the records, their physical and electronic location(s), rotation schedules, retention schedules and destruction schedules. Always keep these documents up to date, as they may provide a backup to the department that handles vital records management.
Visual information is essential to a successful recovery. Store visuals such as data center floor layouts, diagrams of equipment racks, how each rack is configured, network diagrams depicting circuits and connecting devices, and building floor diagrams and evacuation routes. Store both primary and backup copies of visual information in secure locations with access granted only to authorized users.
A key component of the business continuity/disaster recovery process is assessments, which can address a broad range of situations. Assessments provide important background and analytical information used to perform BIAs, develop strategies, produce plans and conduct exercises. Once each assessment is completed and approved, store it and the backup copies in secure locations with controlled access.
Business impact analyses
Threat and vulnerability assessments
Operational risk assessments
Single point of failure assessments
About this author: Paul F. Kirvan, FBCI, CBCP, CISSP, has more than 20 years experience in business continuity management as a consultant, author and educator. He is also secretary of the Business Continuity Institute USA Chapter.
For more disaster recovery checklists relating to governance and human resources in your DR program, go to part two in our series on disaster recovery checklists and documentation.
This was first published in March 2010