Why is it important to exercise disaster recovery procedures?
To ensure that all the disaster recovery procedures and activities specified in a DR plan work as intended, the plans should be validated by exercising them using a number of approaches. At a minimum a table-top exercise can provide a way to walk through all steps of a DR plan without dealing with an actual event. This technique brings all relevant players together to check that all DR procedures are correct, in the proper sequence, and that all team members understand their roles in the recovery.
To ensure that technology focused plans -- such as those recovering servers for example -- work properly a functional exercise is advised. In this exercise the server in question is taken off-line and backup/recovery sequences are activated using scripts or whatever technique is preferred. This exercise verifies that the scripts include the correct information, the sequence of steps is correct, and all designated employees are able to recover the failed server. After each exercise, be sure to conduct a review of the exercise to find out what worked, what didn’t work, and identify changes to the plan.
In addition to plan exercising, it’s essential to have a maintenance process for all plans. This includes regularly scheduled plan reviews and exercises, updates to risk assessments and BIAs, and updates to technical data and emergency contact lists. To further ensure that plans as well as the overall program are functioning smoothly, annual audits are recommended. Work with internal and/or external auditors to make sure they understand how to audit DR plans.
Dig Deeper on Disaster recovery planning - management
Related Q&A from Paul Kirvan
With ISO/TS 22330, the International Organization for Standardization covers the issues related to the people involved in BC/DR incident response. Continue Reading
Definitions for business continuity and resilience sometimes clash, but both processes help an organization stay on its feet. A new ISO standard ... Continue Reading
Emergency response planning needs to be specific and varied enough that it will enable an organization to recover in the event of many different ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.