Sunday, June 09, 2013

Time for some controversy

I haven't written anything controversial in a long time.   (OK, long time to me means a couple of weeks.)  Shall we see how controversial the following topic is?
Your disaster recovery plan is not finished.  Indeed, it is never complete.
Whether you are looking at a disaster recovery plan for a department, the IT shop, the ministry or even the city, your disaster recovery plan (DRP) is probably incomplete or missing huge chunks of material.  I mean, let's face it, the DRP is based on a couple of assumptions (maybe a dozen or more) that need to line up perfectly in order for the plan to work.  It is far, far easier to put a plan in place to deal with a complete disaster than it is to deal with  a minor disaster.  And, as our environments are constantly changing and our processes constantly evolving, the DRP may be out of date by the time the last person has reviewed it.  Everything done is based on a point in time.  Is that mentioned in the DRP?

While people concentrate on what steps need to be accomplished to restore services, I'm wondering if we are approaching this whole idea from the wrong direction.  While knowing that to restore service to application xxx it is important that server yyy be recovered as well as database zzz is important, perhaps the most important piece is how the organization continues to function in the event that certain people in certain roles are lost.  You could spend a lot of time getting application xxx up and running, but if there are no users of the application then what is the point? 

If your organization is set up so that all decisions go through one or two people, what if those people aren't there?  If a sinkhole opened up and swallowed <insert building of your choice here> would you be able to function?  In the event of a disaster what additional authority is suddenly pushed down/up in order for thing to continue to function?  Sure, a Business Continuity Plan has some of this in it, but is there enough?

To be honest, even if there were no disaster recovery plans in place for any of our applications, we could get things up and running.  The DRP documents for the applications allow us to do it faster, but still depend on the structure of the organization to exist.  If that structure did not exist?  Well, if the people still existed then we could still bring all of the applications back.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)