Overall, in the last five years, disaster recovery and business continuity planning have become easier and less costly because of the availability of automated electronic storage processes for critical data.
Even so, there are hurdles to overcome in developing and implementing a disaster recovery plan and process. Some of the main obstacles include the difficulty of obtaining management support for disaster recovery goals and identifying and obtaining support for roles for individuals to perform in executing the plan.
For the typical manager, disaster recovery planning is important, but not as important as the day-to-day operations. Gaining support for continuity plans by linking them to specific high-priority missions of the company or agency. For example, assessing the business impact of the loss of specific types of data can show the effect on the agency mission if the data were to be lost or unavailable.
I believe there are seven tiers of disaster recovery. In the lowest tiers, there is a loss of data, little or no backup and limited recovery. In the middle tiers, there is manual or automated backup of data. In the upper tiers, there is fully automated backup of data and of applications.
One of the most important first steps in planning is accurately classifying the data by its importance.
The next step is drawing up a plan and identifying roles. Too often, people may be identified for a role without being knowledgeable or committed to performing the role. Those are issues that will be worked out through discussion and exercises.
A simple strategy that can be executed effectively is more worthwhile than a complicated strategy for which managers and IT employees are not fully on board.
The pitfalls of a disaster recovery plan are too much detail, too much information, and people don’t ‘own’ their roles.
