Having a disaster recovery (DR) plan is the first step IT managers need to take in order to avoid disasters, however, simply having a DR plan written down is often not enough when you are faced with an actual disaster. In this video presentation, Jon W. Toigo, CEO and Managing Principal of Toigo Partners International, explains the importance of disaster recovery testing and the steps you need to take in order to get a DR plan from paper to the real world.
According to Toigo, less than 50% of organizations have a DR plan, and less than 50% of those people actually test their plans. Many people don't test their disaster recovery plans because of budget restrictions, resource constraints, misunderstanding of testing, fear of results, the lack of management buy-in, or simply because people are too lazy to test them. However, Toigo stresses that an untested DR plan has no efficacy. If it's not tested, no one will know what to do during an emergency; people will lose familiarity with changing technology; and overall, this type of mentality delivers no business value.
Disaster recovery plan testing is a multi-step process. The preparation and execution of DR testing involves pre-planning, scenario building, scheduling personnel and facilities, pre-test reviews, finalization of the actual DR plan and lastly, making sure all of the resources you need are available to you when you test your disaster recovery plan.
Once your preparations are in place, and you've set up the necessary objectives, you then can execute your test. Execution of a disaster recovery test involves several steps, including the following: dissemination of the scenario; declaration of the disaster; implementation of mock recovery activity; monitoring of processes; documentation of the work performed and problems you encounter along the way; test progress management; and clear documentation of the results. IT managers should plan to test their disaster recovery plans on a regular schedule or when significant changes occur in their business or infrastructure. Also, you should be on the lookout for common execution mistakes such as surprise testing, deviating from the test plan, allowing bystanders to observe testing, failure to manage process and improper documentation.
Once the disaster recovery test has been planned and executed, IT managers then need analyze how the test went so they can see what worked and what didn't work. Once they have established re-testing requirements and identified amendments for the disaster recovery/business continuity plans, they can begin the preparation for the next DR test. And the cycle will continue again.