Offsite data storage can range from the low
end (an employee is responsible for taking the
daily backup tapes to a secure offsite location)
to the high end (sufficient network bandwidth
is available to allow for real-time data replication to offsite storage). Internet-based backup
and recovery systems can serve a dual purpose,
providing regular backup and recovery services
along with a reliable and secure offsite location
for mission-critical corporate data.
Test and Implement the
Disaster-Recovery Plan
You've decided what aspects of your business to
protect and how you're going to protect them.
Now you're ready to test and implement the
DRP. This means documenting each DRP task,
outlining the order in which the tasks should be
carried out, designating the person responsible
for seeing each task is completed, specifying
who manages the entire DRP operation, and
testing the entire DRP.
After you roll out any additional hardware or
software, you'll want to walk through the entire
DRP, making sure that the planning documentation matches the actual recovery process. This is
the time to make necessary changes to the plan
or to the technology. Remember, as you make
changes, you'll want to re-confirm previous steps to make sure that they still apply. Having a
DRP is not a one-time event: You need to keep
working through the DRP until you achieve
repeatable, consistent results.
When you're certain that the DRP works
and that the documentation accurately reflects
the process, you're ready to have the DRP team
approve the final version of the DRP. Then,
you're ready to distribute the plan as appropriate, in whole or in part, to all affected parties.
Also, be sure you have secure offsite storage for
printed copies of the detailed DRP.
The Ongoing DRP Process
Even though you now have a DRP in place,
you've only just begun the disaster-recovery
process. Very few businesses are static, so as
business changes, your DRP will also change.
As with any business-critical activity, testing and
maintaining your DRP is an ongoing process.
As you add technology to your business, you
must determine how the new technology affects
the DRP, then change the DRP and associated
processes as necessary. Changes in the way you
do business can also affect the DRP, so be sure
that you alter the DRP to reflect any changes
to business workflow. Regularly evaluate your
plan—how often you evaluate depends on
how fast and how often the business changes.
Simply documenting changes is unlikely to be
sufficient. Your DRP should be tightly integrated
into your business model—any changes to the
business also mean that the DRP will change
and need to be updated and re-tested.
The job of the DRP planning team continues as well. The composition of the team may
change somewhat after a functional DRP is in
place, but the DRP team still needs to organize
the management and maintenance of the DRP.
Regularly scheduled DRP team meetings can
give multiple departments the chance to interact and the opportunity to provide recommendations for current and future updates of the
DRP and its processes. Continuing involvement
with the DRP team also helps remind business
staff of the ongoing importance of having an
up-to-date disaster-recovery plan.
Various analysts studying disaster recovery
have noted that nearly 50 percent of all large
companies lack any sort of comprehensive DRP,
with that number climbing closer to 80 percent
when small businesses are included in the
calculation (for more information, see http://www.gartner.com/1_researchanalysis/focus/aftermath.html). Every business, regardless of size, can benefit from having a DRP. Defining
what needs to happen in the event of an emergency lets you gain some control over a crisis
that might otherwise put you out of business. Implementing a DRP, even on a small scale, can
make the difference between business survival
and failure.
Register
