Top 10 Reasons Why Recovery Processes Fail
Over 90% of all mid-sized to large enterprises have disaster recovery and business continuity plans in place -- that is not enough to avert disaster as only 40% of those plans have not major defects. . .
In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as they were when they were created. It is now time to revisit these plans. In doing this planners should keep in mind the top ten mistakes made in disaster recovery business continuity plans. They are:
- Backups do not work - It does not matter how good a Disaster Recovery and Business Continuity plan is if the data is out of date, is in a location also affected by the disaster, or has become corrupted. Perform backups at rigidly enforced, regular intervals to protect information integrity. Test and test again.
- Not identifying every potential event that can jeopardize the infrastructure and data that the enterprise depends - In addition to the security and network threats - viruses, Trojans, worms, etc. - planners need to identify any forces that are unique to their geography. Are their facilities on an earthquake fault, tornado alley, or in a flood zone? Does the region experience frequent power interruptions from storms or rolling blackouts?
- Forgetting or ignoring the cross-training of personnel in disaster recovery and business continuity - Often businesses create a Disaster Recovery and Business Continuity plan that depends on just a few people. Planners and DR/BC team leaders need to identify and cross-train a pool of employees that are capable of responding in an emergency. It helps if this pool of resources is geographically dispersed in case of a large environmental disaster that affects all local employees.
- Not including a communication processes which will work when your communication infrastructure is lost - If the power goes out in a facility and no one is there to report it, will your Disaster Recovery and Business Continuity staff be informed? Planners and DR/BC team leaders can arrange with a third-party service provider to monitor your facility and notify a pre-defined set of individuals that are trained to execute your disaster recovery business continuity plan.
- Not having sufficient backup power - both capacity and durations - If a facility is affected by a widespread environmental disruption, companies may find they are without power for an extended period. Plan to have sufficient fuel on hand to run the back-up generators for more than a week. In addition, purchase the longest-life, most uninterruptable power supply available.
- Having a recovery plan in place but not listing priorities of which resources need to be restored first - Which of an enterprise's IT applications need to be accessed first? Are there some that can wait a day or two without affecting the business? Planners need to be selective about the order in which applications and services are brought back online first after a disaster. For example, planners might choose to reactivate your company's e-mail application before they restore departmental file servers. There may be politics involved in this decision, so make sure planners get buy-in beforehand, to avoid the “me firsts!”
- No physical documentation of your Disaster Recovery and Business Continuity plan - After creating a plan, DR/BC managers need to be sure that they create detailed “physical” systematic instructions on how to execute the recovery plan. Ensure that every process is well documented. Describe the location of all system resources needed to accomplish the recovery. Be sure to store the documentation at multiple locations and verify that all key personnel have easy access to the manuals.
- Disaster Recovery and Business Continuity plan that has not been tested adequately - DR/BC managers need to make sure your recovery plan actually works in an emergency! They should regularly conduct data fire drills to test every possible scenario, from basic power failures to catastrophic events that could result in multiple months of devastation.
- Passwords are not available to the Disaster Recovery and Business Continuity team - Though password protection is a key goal for data security, DR/BC managers need to store system passwords in at least two geographically separate, secure locations. Make sure that more than one IT staff person has access to all passwords and codes. Change these passwords promptly if key personnel leave the company.
- Disaster Recovery and Business Continuity plan is not up to date - Planners should never stop updating the Disaster Recovery and Business Continuity plan. Once a plan is created, planners should revisit it at least on a quarterly basis. Establish and document a list of trigger points that should invoke changes to the plan, like personnel, equipment, location or application changes, to name a few.