The Actual Disaster Recovery Plan

Part two of a Disaster Recovery process is the actual plan. You have to look at what could go wrong and either eliminate the possibility it would, or at least lower the impacts. So, if you failed to avoid the problem, you have to have a plan to meet it and deal with it.

There’s a lot of really good templates out there for plans, but realize that one plan doesn’t fit all instances. While it’s true that there’s only so many ways to restore an SQL database or an Active Directory setup, it’s also true that every company is different. Your plan should reflect the particularities of your company.

One of the best templates I’ve found can be accessed here. It provides you with some good insight into what you need.

If you leaf through the document, the first thing you’ll catch is a table that shows “Revision History”. A common mistake made is that most tend to think their IT disaster recovery plan is a finished product. Nothing could be further from the truth. IT is a dynamic field, and if your plan still addresses NT4, then you’ve got some serious catching-up to do. The revision page forces you to deal with the idea of change, and anytime you make a change to the plan (update phone numbers, or add a new how-to), then you need to document it. The table has space for name of revision, the date, and who did what.

Even if no changes have been made, you should be reviewing the document. How often? At an absolute minimum, every six months. And even if there were no changes, then you add to the Revision Page that the plan was reviewed and no changes made. Incidentally, your SOX or HIPAA auditors will probably ask about the plan, and the revision page is one of the first things they’ll want to look at.

Too often, people would leave it an electronic document, completely forgetting that if the system it lives on goes down or is destroyed, then you’re not going to access it. At the very least, the plan should be hard copied, and several need to be kept off site (possibly in the same place or along with your backups). And that’s one other thing you’ll want to ensure. The plan should say where the plans are, and you might even want to number them (“11 out of 17” for instance). This will make routine updates easier to do (“we got number 11, now to number 12”).

Richard is a freelance IT consultant, a blogger, and a teacher for Saisoft where he teaches VMware Administration, Citrix XenApp, Disaster Planning and Recovery for IT, and Comptia Server+
Improve your IT security posture by reducing your IT risks