Do you have a data disaster recovery (DR) plan?
Have you conducted a disaster recovery drill to make sure your DR plan is effective?
Whether it is a natural disaster that shuts down all the power and your computer systems with it, or even a cybercrime such as ransomware that can lock you out of your hard drive and computer files, being prepared for the inevitable emergency or crisis is of paramount importance.
In part one of this blog series, we described the processes for building an effective disaster recovery and business continuity (BC) plan in order to set the recovery time objectives (RTOs) and recovery point objectives (RPO) objectives. The RTO and RPO will help your organization to access critical data as quickly as possible in times of crisis.
In part two, we will describe the process of DR drills.
According to DataPrivacyMonitor, DR drills should be scheduled regularly: Practice, practice and practice! Most organizations perform yearly fire drills and disaster simulations, but sometimes overlook the much more likely possibility of a significant security breach. Incorporate security breach training and preparation throughout the entire organization…
The Fundamentals of DR Drills:
Just like the Chargers would never head into Sunday without practicing first, your first responders can’t be expected to manage IT failures in an emergency without stepping through a simulation or plan. While a disaster recovery drill can never completely recreate the thing scheduling drills will help ensure that those on the front lines understand their responsibilities as well as how to access critical systems — before the crisis occurs.
According to Georgetown University, DR drill objectives include identifying weaknesses and shortcomings, verifying recovery objectives and procedures, validating global efficiency of plans… identify systems and procedures that may fail, and rectify them…
3 Steps to a Solid DR Drill:
Review Your Data Disaster Recovery/Business Continuity Plans:
A good first step is to conduct what Georgetown University calls a table-top exercise with key stake-holders including the IT department/solution provider, department managers, communication team and vendors.
During the tabletop plan review, the following can be determined:
- The roles and responsibilities of all emergency team personnel during a crisis.
- Ensure regular drills and trainings for managers, supervisors and key personnel are scheduled.
- The efficacy of an emergency response team call list including employees, managers, third-party vendors.
- How the front-line team can be contacted during an emergency including texting, phone, email and VoIP.
Testing Your IT Systems/Infrastructures:
During a DR drill, the following should be tested:
- All procedures and processes included in DR plans including back-up systems, servers, applications and more.
- During this test phase, ensure that all business data is being backed up at regular intervals so that important information is accessible after a crisis.
- Create lists of equipment/applications and other critical systems that fail to work during the drill.
- Assess system capacity when in DR mode. For example, if you have DR site that you fail over to during a disaster, it may have limited computing power and apps available on it. Make sure there is a documented understanding of the limitations while in this mode.
Upgrade/Fix Equipment/Applications and More:
During the drill, you will probably notice that certain systems are not operating at full capacity and might have some discrepancies. In addition, it will also be important to discover more effective means for accessing critical systems during an emergency. This is an opportunity to work with your IT team/solution provider to fix, upgrade and modernize your existing IT infrastructure.
An emergency or crisis leaving critical services down can occur at any time. At DiamondIT, we have the professional staff to help your organization create and execute disaster recovery plans and drills. Get an IT Security Assessment today.