Scheduling DR Exercises
So you’ve planned out your disaster recovery process. You’ve mapped your network and you understand how each piece interacts with and affects the rest of the environment. It’s now time to schedule a disaster recovery exercise and test your plan. Needless to say, lessons will be learned as you create your processes and map out your network environment. However, exercises are where you really discover weaknesses and areas that can be modified or replaced to make your disaster recovery more timely and effective.
The great thing about disaster recovery exercises is that they give you a chance to “practice your process.” There are many different definitions for the term process depending on the context that it is used. For purposes of our discussion, I found a great definition that really gets to the heart of what disaster recovery exercises are all about. According to Quality Assurance Project (qaproject.org), a healthcare and workforce improvement website, the term process is defined as, “A series of actions (or activities) that transforms inputs (or resources) into a desired product, service, or outcome.” As stated in Part 2, the desired outcome of disaster recovery is to correct issues and restore your network to a normal operating state as quickly and efficiently as possible, with the least amount of impact on the business. The disaster recovery exercise is your test phase, a practice run if you will, that gives you the opportunity to observe and react to real-life scenarios. Having a plan down on paper is great but translating that into action is a different thing altogether.
An important thing to remember when running your exercises is to change the complexity and severity of the disaster on each run. You want to explore every possible combination of potential disasters so that when a real one occurs, you’re not caught off guard. This is your chance to be creative because when anything can happen, anything will. The actual scheduling of exercises should be done in a manner that does not impact normal business operations. Common sense is the rule of thumb. After hours or weekend exercises would be the wisest choice.
Thorough documentation is critical at the completion of exercises. This is when you should analyze your current plan and make the appropriate modifications to your processes, upgrade components, and make any type of change that will plug security holes or strengthen weak areas. The frequency of exercises is really up to you and your business but be consistent. Major hardware and software upgrades warrant the execution of a disaster recovery exercise to make sure the upgrade(s) haven’t created a security problem or weakness. Keep these fundamentals in mind and your disaster recovery planning will be an invaluable safeguard for your small business.
This post is part of the series: Disaster Recovery
Recovering from a disaster (whether it be natural or otherwise) can be a daunting task when it comes to a computer network. Disaster recovery is a type of “battle plan” that defines how you will return your network to an operational state. This is an important step in ensuring system security.