After identifying a business’s assets, threats, and recovery solutions (read about it here), it is time to begin drafting an IT DRP. This article will focus on the last 4 steps included in the preparation and implementation of an IT DRP:
- Identifying Company Assets and Threats
- Identifying Recovery Solutions
- Drafting an IT DRP
- Assigning Team Roles
- Testing the IT DRP
- Refining your business’s plan
Drafting an IT DRP
A draft is developed based on the assets identified and how they should be protected. The draft should also highlight key processes included in the DRP, which includes assessing damage and ways to minimizing the damage. Part of preparing a DRP is identifying the location where the team will meet to execute the disaster recovery plan. The office or meeting location should be well equipped with all the tools and supplies needed by the team, to operate efficiently and effectively.
Assigning Team Roles
Assigning team roles and responsibilities to members is the fourth step in a DRP implementation. Part of assigning member responsibilities is identifying which team member communicates what and to who. For example, in case of system failure, who declares a disaster? Who communicates with the business’s customers? Who communicates with the shareholders? This also includes identifying which team member will focus on recovery operations, and which of them will be responsible for evaluating damage and identifying what can be recovered.
Once the teams have been formed and the roles have been assigned, it’s now time for training! It’s important that team members know how to perform their tasks and clearly understand the lines of communication and authority. If this is not the case, then you can be assured that the team will be useless during a disaster.
Testing the IT DRP
Having prepared a draft and assigned roles, it is time to test your plan. Before beginning with a DRP test, the team should carefully review every step of the plan, trying to identify missing requirements. Doing so, the team will be prepared, and the plan is ready to be tested.
By testing your DRP, team members will know exactly what to do when a disaster takes place, as well as you’ll be able to identify mistakes and gaps in your plan. Testing is critical to identifying problems, rather than being surprised by them during an actual disaster event.
A test should mimic a real event and the team should follow the steps set out in the DRP carefully. None of the individuals that were involved in preparing the DRP should take part in the testing, which should help in identifying gaps within the plan. Testing of an IT DRP should not be done once but rather be an annual task, due to regular changes in systems.
Refining your business’s plan
The last step involved in preparing and implementing an IT DRP is refining the plan. The first and initial testing would have shown gaps and weaknesses within the initial prepared plans. Based on your findings, the plan should be refined, re-tested, and documented in detail. Re-tests done will definitely be much easier to conduct than the first one, after which your team should be ready to face real life disasters, and to implement your disaster recovery plan.
Have you prepared an IT disaster recovery plan already? Is your data protected? Get in touch with one of our experts to discuss your business’s disaster recovery plan and more on [email protected] or click here.