Testing your disaster recovery plans: A best practice guide
When is the right time to test your disaster recovery plans (DRP)?
You should test your DRP in line with any changes to your business. The plan should be updated and changed when new personnel, tech or operational systems are introduced so that it reflects the current state of your company. Whether this is once a month or once a year, the DRP should be an ever-changing document that takes into account any major business alterations as and when they occur.
One way of ensuring your DRP is regularly reviewed is by including it in your managed recovery program and organising a testing schedule around this. It is advised that businesses make time for at least one full scale test a year.
Getting ready to test your DRP
Preparing for a DRP test is important as it ensures your business can get the most out of the results. One of the key things to remember is that there should be no way that a single person can be a point of failure. This means making sure all procedures can be carried out by at least two people and that the team are not relying on any input from the DRP creators to perform a task. This means that if any member of the team is away when a disaster occurs whether due to sickness, vacation time or that they no longer work at the company, there is always a backup in place.
You should also prepare to fully detail and review the test so that your business has a complete record of any changes that need to be made or problems that need investigating. To do this you will need a copy of the DRP and an observer who has a good understanding of the document to take notes during the procedures and to time how long the test takes to complete. Both strengths and weaknesses should be recorded as well as any unexpected results. If possible, it is also helpful to measure the impact on the business of staff and systems being unavailable, as this can have an effect on how much time you allow for DR.
How to test your DRP
A full scale test of your DRP can be a huge drain on money and resources so it is understandable that a lot of businesses put off this kind of test to avoid disruption. However, it is possible to maintain an up to date DRP in other ways that are less disruptive to your business.
1. DRP review: In a plan review, DR planners should meet with management to review the existing DRP and identify any changes or updates that need to be made to reflect the current state of business. New procedures should respond to changes in the company and any major adjustments made to the DRP during a review should be flagged up for a tabletop or full scale test to ensure that they work.
2. Tabletop test: In a tabletop test, all team members should be involved and talk through the steps taken to achieve a set objective in a disaster scenario. Each step should be described in detail; with the responsible team members describing what actions they would take to complete each procedure. This is a good chance to identify any gaps in personnel knowledge that require extra training, and to rehearse the DRP in a more realistic setting.
3. Full scale test: A full scale test is the best way to validate your DRP and should be made to be as realistic as possible. Spend some time and money simulating a disaster scenario and lay out objectives for your team to respond to, even keeping the fact that the exercise is a drill secret from them. Implement all recovery and backup systems and fully restart networks if necessary. By creating a realistic disaster zone, you will best be able to see how the team and systems will hold up in the event of a true catastrophe and this is hugely beneficial. Use the information gathered from a full scale test to really identify areas of weakness in your DRP and target your resources towards resolving these issues effectively so that your business is fully prepared if disaster strikes.
Problems with the DRP
Faults and setbacks that come to light during a DR test can be distressing but by testing your DRP you will identify these issues before they become a problem and have the opportunity to fix them.
Record any incidents carefully and make time to fully investigate the cause behind each one so that the DR team can suggest a solution that stops it from happening again. Once the issues are resolved you will need to repeat a full scale test to ensure that the solutions work effectively and are compatible with the rest of the DRP. You may need to do this a few times to get the right result so make sure all changes are properly recorded.
By making disaster recovery planning a priority and testing your procedures regularly, your business will be fully prepared for any setbacks. Find out if your company’s DRP will hold up by speaking to IT service providers and consultants before putting them in place.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » How leveraging APIs will help to enable comprehensive cloud security
- » How to improve supply chains with machine learning: 10 proven ways
- » Cloud providers are under attack - and sabotaged services will freeze operations
- » How augmented analytics is turning big data into smart data
- » Companies' cloud security getting better - but slowly, argues SANS Institute