Planning of an effective disaster recovery and providing the trainings are more critical than the incident itself. It is vital important for corporate sustainability to have a strong plan along with policies and standard operating procedures.
Generally, disaster recovery concept is expressed as corporate information security needed in IT and system backup technologies. Besides protection of critical corporate information, it should be planned to run a backup server and discs.
For example, in case of a disaster, how internal and external communication will be achieved? How the security of corporate staff that exists in the incident scene will be secured? Actually, disaster recovery plan designed for IT is a tiny part of entire business continuity plan, continuity operation plan and emergency response plan.
Therefore, the process for efficient business continuity plan is more important than the incident itself.
Every corporate face with electricity outage, data center problems or more serious disasters such as fire and earthquake. In order to define an efficient response for such cases, there are some key processes that must be implemented within the corporate.
Disaster Procedures
A set of procedures must be developed for each disaster scenario. Some questions must be asked for that: What is the organizational structure of the company? What is the building evacuation plan for necessary cases? What is the recovery procedure of the company? If communication sources cannot be accessed completely, what are the actions to be taken without management authorization? What are the automatic triggers for the event?
Each procedure should contain following items:
Contact information and communication methods. More than one access method should be defined for each corporate communication information.
Chain of command should be defined during the incident.
Authorization should be designed during disaster.
Alternative working areas where fundamental operations/services will be provided should be determined.
Data backup: How the data will be backed up (daily, weekly etc.) and how these backups will be reached in case of an emergency and how they will be used; they are all should be clearly defined. In addition, a list should be defined for the items to be backed up in case of an emergency.
What are the essential devices in the company to execute the necessary jobs, where are they supplied from? What are the core business and critical functions of the company? They are all should be well defined.
Disaster Plan
A corporate plan should contain departments, programs and shareholders. There should be appointed personnel for each activity in order to operate the operational procedures once the plan is activated. Backup personnel should be also provided within the plan. For instance, more than one personnel should be assigned for internal communication and communication with customers. While developing the plan, corporate assets, locations and security threats are also included. In addition, disaster plan should include the following items:
Back up: It is high critical item for data centers. Backup means that system backup is provided and alternative communication channels are established.
Evacuation plans: The most important source for the corporates is corporate employees and the information they have. It is important to evacuate everybody safely and to provide safe working environment. How will be the staffs that work with critical business functions moved and where and how will they work? These questions should be answered.
How will be made possible that personnel continues to work? In case of a disaster, how will the staff access to information and services? This answer should be included in the disaster recovery plan.
Communication: The main element of each disaster/continuity plan is communication. In case of an extraordinary event, it is important to sustain communication between customers, business partners and suppliers and the company; to inform them about what happened to the company, reason of the event and to notify them when the company will be able to be online again. A communication portal where corporate staff access and make notifications can be also designed. The information that whether the staff will make the reporting or not, new working address or remote access information can be notified via communication portal.
Test and Trial
The first stage of readiness is having a defined plan before any extraordinary event happens. The plan should be tested in order to ensure that it works properly during the event.
Test should be repeated if the plan, system, personnel or corporate changes exist. An effective test program should be performed at least every six months. Moreover, corporate staff will be motivated by these effective tested against extraordinary events. It is recommended to add real life scenarios and trainings and communication program into the test program. The program should not be considered as internal sanction but it should be considered as activities which make the personnel gather by giving a break.
Besides system tests, rehearsals or role-changing scenarios should be also a part of the program. Disaster scenarios which have not been announced to the personnel should be tested in order to see how the personnel solve unexpected events. The purpose here is to identify improvement areas of the plan so pre-announced test scenarios do not show instantaneous gaps. Personnel will stick to the plan in the announced scenarios therefore instantaneous physical, emotional and psychological reactions of the assigned personnel cannot be measured.
Disaster planning is an integrated process which should be implemented internally rather than disaster recovery technologies. Disaster recovery plan represents a general framework. It should be kept in mind that every scenario cannot be realized. It is not possible to give training for each disaster. In addition, a basic plan and policies will be a guideline for business continuity and disaster response. Disaster plan does not tell you what to do, it shows a way that how you perform your work under time pressure and stress and with restricted source.
Disaster Recovery Services Are Not Only A Plan But Also A Process
Planning of an effective disaster recovery and providing the trainings are more critical than the incident itself. It is vital important for corporate sustainability to have a strong plan along with policies and standard operating procedures.
Generally, disaster recovery concept is expressed as corporate information security needed in IT and system backup technologies. Besides protection of critical corporate information, it should be planned to run a backup server and discs.
For example, in case of a disaster, how internal and external communication will be achieved? How the security of corporate staff that exists in the incident scene will be secured? Actually, disaster recovery plan designed for IT is a tiny part of entire business continuity plan, continuity operation plan and emergency response plan.
Therefore, the process for efficient business continuity plan is more important than the incident itself.
Every corporate face with electricity outage, data center problems or more serious disasters such as fire and earthquake. In order to define an efficient response for such cases, there are some key processes that must be implemented within the corporate.
Disaster Procedures
A set of procedures must be developed for each disaster scenario. Some questions must be asked for that: What is the organizational structure of the company? What is the building evacuation plan for necessary cases? What is the recovery procedure of the company? If communication sources cannot be accessed completely, what are the actions to be taken without management authorization? What are the automatic triggers for the event?
Each procedure should contain following items:
Disaster Plan
A corporate plan should contain departments, programs and shareholders. There should be appointed personnel for each activity in order to operate the operational procedures once the plan is activated. Backup personnel should be also provided within the plan. For instance, more than one personnel should be assigned for internal communication and communication with customers. While developing the plan, corporate assets, locations and security threats are also included. In addition, disaster plan should include the following items:
Test and Trial
The first stage of readiness is having a defined plan before any extraordinary event happens. The plan should be tested in order to ensure that it works properly during the event.
Test should be repeated if the plan, system, personnel or corporate changes exist. An effective test program should be performed at least every six months. Moreover, corporate staff will be motivated by these effective tested against extraordinary events. It is recommended to add real life scenarios and trainings and communication program into the test program. The program should not be considered as internal sanction but it should be considered as activities which make the personnel gather by giving a break.
Besides system tests, rehearsals or role-changing scenarios should be also a part of the program. Disaster scenarios which have not been announced to the personnel should be tested in order to see how the personnel solve unexpected events. The purpose here is to identify improvement areas of the plan so pre-announced test scenarios do not show instantaneous gaps. Personnel will stick to the plan in the announced scenarios therefore instantaneous physical, emotional and psychological reactions of the assigned personnel cannot be measured.
Disaster planning is an integrated process which should be implemented internally rather than disaster recovery technologies. Disaster recovery plan represents a general framework. It should be kept in mind that every scenario cannot be realized. It is not possible to give training for each disaster. In addition, a basic plan and policies will be a guideline for business continuity and disaster response. Disaster plan does not tell you what to do, it shows a way that how you perform your work under time pressure and stress and with restricted source.