I had the opportunity to work with one of our clients on a Disaster Recovery tabletop exercise last week. This practice, like Business Continuity, is easy to just shelve with other dusty procedures…but when you need it, you NEED it - and there is no time to make it up as you go along. Here are a few things to keep in mind as you revisit your DR plan, and hopefully, test it.
Protecting life comes first, no exceptions. Ensure everyone has been evacuated from a dangerous situation. Sometimes (especially a Mother Nature-induced incident), you may not have all your resources available – they need to focus on their families. Maybe you do too. Plan for a reduction in knowledgeable staff and ensure your procedures allow others to step in and perform. Testing the processes and training the bench accordingly is a great growth opportunity to identify future leaders.
If you can’t communicate, you can’t respond. Focus on ensuring that the team knows how to come together. Have a primary and secondary muster point, both physical and virtual especially if your team is dispersed. Make sure that everyone knows where to go and what to do just to make contact. If people are responsible for activating a team, don’t assume that in a crisis moment it’s going to be second nature. Make sure they know what to do, how to do it and they’ve drilled it with their teams.
IT leadership will likely be stretched thin. There may be company-wide disaster team, local emergency operations, or business continuity efforts requiring their time. If there are operational level decisions to make find out if you are empowered to make them. If not, make sure someone can.
Rely on leadership, PR and other corporate departments to do their job. As an IT professional, it’s rarely your role to talk to the press, to identify losses to insurers, or to apologize to customers. Refer out what you need to – and advise your team to do the same. If it is your job, make sure you allocate time and that you know what you should and should not say.
While you can’t plan for every contingency, you can identify decision points. Don’t go down the rabbit hole of creating contingencies for every possibility. Identify where in your DR process there are circumstances that might require new input. Capture those and identify who you’d need to consult.
Don’t overlook the obvious. Finally, I’d like to talk about one component of a DR response that is often overlooked but truly missed if it doesn’t exist. Identify a coordinator for your D/R effort that has no technical or management role in the response, but that can stay neutral and level-headed. They will need to find facilities, set up conference lines, ensure priorities are recognized, and make sure communications happen upstream and downstream. Arguably this is one of the most important people on your crisis team. It’s natural for us to focus on the portion of the response we are responsible for; we need to be both informed and kept in check. Where would you find that role? Look to your administrative staff, paralegals, project managers…those that make you successful every day.
For more information on Disaster Recovery, see our first two installments of this TRUE series– Quick and Dirty Disaster Recovery Guide Part I and Part II.
To speak with someone about reviewing or creating a DR plan for your organization, please reach out to us at: