Seven Ways to Avoid Disaster in Your Disaster Recovery Planning and Procedures.
What's
worse than a disaster? How about doubling your disaster with a
disastrous set of discovery plans, policies and procedures?
While
no plan can account for every contingency or be totally bullet-proof,
the following seven steps will help you avoid adding insult to injury
from self-inflicted disasters.
1. Determine Your Core Business, Really.
They call it business continuity for a reason. Everything flows from
accurately determining what your core business is, including
priorities, policies and procedures. Pay attention to what they focused
on for both the short term and long term. A common theme is enabling
fee-earners to return to generating fees for paying clients as quickly
as possible. It's easy to focus too intently on technology issues when
the big concern is generating cash flow to keep paying employees and
moving forward.
2. Use Scenario Planning. Wipe
out the executive committee in a scenario and see how you plan works.
Question your assumptions. Run your disaster plan under the Die Hard
scenario and see what happens.
3. Write the Plan As If You Will Have to Read it Someday. Imagine you are not there and someone untrained has to pull out the plan and use it. Can they?
4. Negotiate Great Agreements.
Firms are starting to look at outsourcing many aspects of disaster
planning. What are you third party providers obligated to do under the
contracts you have signed? Is it adequate or even helpful? If you do
not raise and negotiate issues, I guarantee you that the terms of any
contract you sign will be more favorable to the provider than they are
to you.
5. Adopt a Portfolio Approach. The
modern approach to financial investments emphasizes diversification and
mixing low-risk, low-return (“safe”) investments and high-risk,
high-return (“risky”) investments in a basket that reflects your risk
tolerance. The same concepts have recently migrated into the world of
IT planning. Diversify your risks, responses and procedures.
6. Focus on Failure and Redundancy.
Failures will happen and it becomes important to know what happens
after the failure. Look at various points in your processes and
procedures. Consider what happens when a failure occurs at each of
these points and the options that you may have. Can you set up some
“elegant failures?”
7. Test Rigorously and Repeatedly.
It's important to test your plan, practice your procedures and do so on
a regular basis. Lackadaisical practicing and testing guarantee poor
results when something bad actually happens.
Conclusion.
My best advice is to treat these matters as if they actually matter.
Make time for disaster recovery, be a pest at getting answers to your
questions, challenge assumptions, develop a thick skin for deal with
the ribbing you are likely to take for being “too serious,” and keep in
mind that we live in volatile and dangerous world.
[Note: This
post is an shortened version of an article I wrote for the handout
materials for my session on disaster recovery at the upcoming ABA TECHSHOW 2005.] [DennisKennedy.blog]