How To Improve Disaster Recovery Preparedness

Most enterprises claim they fully exercise their disaster recovery plans at least once per year, however, evidence suggests that the majority of these exercises are not comprehensive and thorough; enterprises often just exercise a portion of the plan or a subset of applications. Here are10 best practices for updating and improving your current disaster recovery exercise program.

1 2 Page 2
Page 2 of 2

5. Run Joint Exercises With Business Continuity (BC) Teams

In our research, Forrester found that many BC and DR teams run all of their exercises separately and often fail even to communicate when they run exercises. However, you should aim to exercise the full enterprise BC and DR concurrently at least once per year. This is especially important if the data center is in the same location as corporate headquarters.

6. Vary Exercise Types From Technical Tests to Walk-Throughs

A common misconception in IT is that walk-throughs and tabletop exercises are not necessary for DR exercises. While it's true that these types of exercises won't test the technical capabilities of a failover, they are still critical for training, awareness, and preparedness. Interviewees told us that the majority of the time, exercises that didn't go as planned actually struggled most with communication and employees' understanding of their roles during the exercise. Non-technical exercises such as walk-throughs and tabletops will help make these processes go more smoothly.

7. Make Sure to Test All IT Infrastructure Concurrently at Least Once Per Year

Waiting longer than a year risks too much change in IT environments and personnel -- you need to bring new staff members throughout the organization up to speed on DR plans. The most advanced firms run full DR tests as often as four times per year. In between full tests, most firms conduct component tests that vary in frequency depending on the criticality of the systems and rate of change in the environment.

8. Identify Members for the Core DR Response Team

The stress of working under time and resource restraints for long hours, often during nights and weekends, is something people cope with in different manners. When picking a core response team to lead IT recovery, it's important to pick people who can work under extreme amounts of pressure (and sleep deprivation). During an exercise or test, identify those individuals who can remain calm and collected.

9. Learn From Your Mistakes

The point of running DR exercises is to find potential barriers to recovery while in a controlled environment. If you aren't encountering problems during your exercises and tests, it's more than likely you aren't looking hard enough, aren't testing thoroughly enough, or you have designed scenarios for recovery that are too simple. When you complete exercises and tests and you have identified problem areas, use what you have learned to update plans and create best practice documents.

10. Report Results to Stakeholders

If your organization has recently made significant investments in improving preparedness, most likely executives and other business stakeholders want to know what the return is on their investment -- how prepared are you? Reporting exercise and test results regularly and in a timely fashion gives executives and business leaders visibility into your DR program. Remember that the results are not pass/fail but should detail aspects of recovery that went well and areas for improvement.

Rachel Dines is an analyst at Forrester Research, where she serves Infrastructure & Operations professionals.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Security vs. innovation: IT's trickiest balancing act