Hi All. With the current chaos around the world, IT has had to reinvent the standard disaster recovery plan. Do you have any suggestions on what topics should be included in the "New" standardDR plan?
We STRUGGLED with a DR/BC (Business Continuity) plan for years. Our Corporate culture foght with it for years. It took money and 3-5 yars efforts to get ours to where it is now. It teook 2 disasters that we engineered into getting our plan sold to ownership.
It all started with an offsite tape backups on a nightly (7 days per week) routine that I had to personally go to the office, transport a tape to our DR site and exchange a daily set of tapes for years.
Then we had disaster that we could not get a specific part for 3 days pro. THen we implemented a "sister" system at 75% capacity with at least one spare for everything we had at home office. Then we moved towards virtulization and replication
Now we finally have the foundational equipment, communications etc to actually own a DR site.
A 10 year battle with many mini wars along the way.
Now we can spread out from IT only to full Business Continuity...... the joys never cease
Chief Information Officer
Furniture Mart USA
Practice .... I can't stress it enough. A document is just a "check the box" audit response unless you actually practice the plan. We were fortunate to have support from the top, as well as being in a highly regulated industry where proof is required.
Ours has not been without lessons learned, but it was not a firefight and that's mainly attributable to desktop exercises, testing 100% remote workforce early and often, and adjusting the BCP as required.
In this particular case, check your plan to include workforce re-entry to the office environment. In my conversations with other CIOs, we didn't have contemplated the cleaning or disinfecting of equipment used by quarantined team members. The Covid19 virus can be active for a few days on certain surfaces. Re-introducing the virus to a work environment is a possibility, if the proper measures are not in place.
We really recently did a IT DR exercise in preparation for the virus response. All buildings and facilities were fine, but pretty much inaccessible. We executed it early one evening, just within IT to see our success at contacting people. Then how well everyone was set up to handle not coming in. For example, I scored an "oops" because I left my laptop at work. We had everyone contacted execute how they would get into their desktop, servers, systems, network drives, etc. everything needed to continue to provide support as needed. There were some lessons learned that certain tools were not as executable in practice as they are in theory. So, when quickly put in effort to create better access solutions, fix others, reconfigure, etc. We also tracked our success rate at just ability to contact people.
I have one big point to make and that is that Disaster Recovery and Business Continuity are not just an IT thing. It's a business thing and as such needs to be driven and supported by the business. In my experience, executives first rush to IT at the moment of a disaster. I know we have a critical role as the backbone for network, systems and communications. But the business side rarely seems well prepared or practice for these events. I recall a US General being quoted once during a defense budget session that "The first time that you think you need a new Aircraft Carrier better not be the same time that you actually need it!".
I agree with Dave, without BC, you don't really have anything. We have been struggling to set up a group that refused to focus on BC for the last two years to be able to work from home. They are a bit of shadow IT and now they are wondering where they will put the desktops they require to run their department. I truly hope folks that have been reluctant to talk about BC are now very aware of the need.