Also, identify by name the critical people charged with responding to a crisis, says John Iannarelli, a security consultant and speaker and former member of the FBI Cyber Division. Make sure you have their email, cell and home numbers. Make it clear who will be called in to work during a crisis. Know who you’ll call for help, such as law enforcement, and if possible, establish a relationship with authorities before a disaster strikes. And decide in advance who will speak for your company to the victims, clients and employees in the event of a disaster. “Know what you plan to say, how much you plan to reveal, and how you’ll reassure those who might be nervous of continuing business with your company,” he adds.
Another big mistake organizations make is not updating their disaster recovery plans after changes are made to their internal systems, such as major software updates, notes Mark Jaggers, a Gartner research director focused on IT infrastructure strategies. Your plan isn’t complete unless it takes into account all the technologies, systems and applications currently in use.
Plus, there may be new technologies or offerings to come along since you made your DR plans. DR plans are based on assumptions about the processes and tools available at the time the plans are finalized. “But those assumptions can change significantly, as technology evolution is quicker than ever before and innovations spring from unlikely places,” notes Milind Kulkarni, VP of product management for network resilience company Veriflow.
“Advances in computer science, predictive algorithms and the availability of huge compute capacity at a reasonable price-point allow the emergence of new approaches and solutions to guarantee IT systems' resilience, uptime, availability and disaster recovery,” Kulkarni adds.
For example, with services such as Amazon’s AWS Snowball, organizations can transfer petabytes of business data to a dedicated, secure appliance on site. Once the transfer is finished, you ship the appliance to the AWS center of your choice, where your data is transferred into the cloud. AWS Snowball and others like it give organizations innovative, affordable new ways to ensure data redundancy, Kulkarni says—which is a foundation of any DR plan.
“Identify what’s most important,” recommends Iannarelli. “Not everything in your business is worth saving or needs to be protected. Your proprietary information, of course, is. But any info that is for public release is not as important. Think of it as if your house were on fire. What would you grab as you run out the door?”
6. Regular practice drills
“Just having a DR plan isn’t enough,” warns Kulkarni. “The plan needs to be regularly tested, and people need to practice procedures, just like a school prepares its students for fire and emergency drills on a regular basis. If not regularly practiced, the plan is ineffective.”
Sign up for CIO Asia eNewsletters.