In the world of baseball, hitting .300 is considered very good, and no batter since Ted Williams back in 1941 has...
even come close to .400 in a season. However, when creating a disaster recovery (DR) plan, if you don't at least consider hitting all of the following tips you just might find yourself in the minors.
Versioning and revision control
Is this the latest version of the DR plan? You will also need to decide who is authorized to update the master copy of the DR plan. The first page within the DR plan should clearly identify the revision history, who updated the document and why, as well as showing the date the document was updated along with the expected next revision date.
If the next revision date has passed, chances are you are holding an old version of the plan. And don't forget that each and every page of the plan should show which version it is. Some companies also find that a separate document tracking system is valuable for not only development specifications, but also their DR plans.
Too often DR plans forget about the area code when listing telephone numbers for staff, utilities or vendors. Also, do not neglect to include the ITU country codes if your plan is international in scope. During a crisis, the last thing you need to hear is "Your call can not be completed as dialed."
Additionally, account numbers or your customer number, licenses and other identifying codes such as software and maintenance licensing information should be listed along with the vendor and utility telephone numbers. The number listed for them should be a negotiated, direct line to someone ready to assist as no one needs to spend 15+ minutes listening to hold music while trying to recover their systems.
Be sure to include your alternate methods for contacting your staff. Telephone lines go down, cell phone networks become overloaded. Emergency notification methods can fill a whole article by themselves -- just be sure you include them.
Who does what when? This sounds simple in practice and during planning, but it can be very confusing during a disaster. The DR plan needs to take into account the roles and responsibilities necessary to execute the plan. Specific names are nice, but when that person is unavailable (e.g., on vacation) during the event, who is the designated alternate identified in the plan?
If your organization follows the Incident Command System (ICS) you will already have the framework for specific roles. If your plan is not this extensive, consider defining who can declare the call out and activation of the plan, who performs property assessments and who is responsible for the safety of those people within the event as well as all of the other roles identified in the plan (logistics coordinator, documentation recorder, accounting, operations, etc.).
Staff members that are unfamiliar with the plan and their duties will quickly become a liability in a live event. The plan should include a section on how it is to be used as a training tool and how a company will ensure that the right people know what is expected of them.
An argument can be made for listing the same information within multiple sections of your plan, yet it is this duplication which is often overlooked when updating the plan. For common, frequently updated materials, consider a single section that is referenced and easily found within the plan. Additionally, if a procedure is used during more than one type of task, consider including a cross reference to the similar situation to assist in finding this related information.
When a revision does occur, the first thing to do is ensure all previous versions and copies are destroyed after you have distributed the new version. Depending on the contents of your plan, this may require an outside firm to come in and shred the plan on site after recording that the copy has been returned. Who is responsible for getting the most current versions where they belong and ensuring that no outdated copies exist is critical in the event of an actual emergency. And when those new revisions arrive, does staff know that where they stored is secure and still accessible by those that need them?
Everyone should know where this site is, how to get there and access the facility, and where current copies of the DR plan are stored here.
You can't plan for everything, but a DR plan should anticipate the high probability items and provide guidelines for all other hazards. DR plans frequently focus on system failures, fire, flooding and perhaps sabotage. Risks come in many other forms such as a gas leak from a tanker driving past or even a forced evacuation due to a crisis at a neighboring building.
Cross-referencing these items to your plan won't ensure success, but it will certainly help you thoughtfully plan and prepare. Also, while plans are made to be followed, the reality of any given disaster requires that the recovery team be given the flexibility to deviate from the plan's tasks while remaining within the spirit and framework of the recovery objectives. How does your organization measure up? Batting "a thousand" is a much better feeling than striking out.
More on disaster recovery planning
- Workforce continuity and disaster recovery
- Risk management for disaster recovery planning
- Making the most of tape for disaster recovery
- Business continuity and disaster recovery outsourcing tutorial
About this author: Ken Koch is a recognized leader in contingency activities critical to mitigation, preparation, planning and recovery from manmade and natural threats. Mr. Koch is a frequently invited speaker at seminars and private events, industry topical writer, instructor/educator and business continuity consultant. Since founding his own firm in 1997, he has assisted both public and private sector clients with risk assessment, exercise planning and evaluations, and staff training along with declared disaster recovery situations.