…cont’d from “How to Prepare a Disaster Recovery Plan (DRP) for your Business”
Gaining Board Approval
If the person compiling the DRP is not the owner of the business, then the owner’s approval and consent must be sought and gained. Whilst the IT professional will take into account all of the operational issues, things like cost budgeting and personnel, will have a fundamental impact as to what courses of action are seen as being viable. At this stage of the process, the DRP itself is not complete, but it will be in a format that allows comprehensive study and clarity of response.
Finalizing the DRP
Once your draft DRP has been approved, the next stage in the process is to build a log of the exact steps that need to be taken in terms of:
- Turning the threat combat strategy into reality
- Brining about the disaster recovery action
The benefit to be had from itemizing each individual step is that it is becomes easier to spot the key actions, and any long lead time items. For ease of reference these can be color coded to make them clearly stand out.
Essential Reading
When formulating an IT DRP, there are two other ISO documents that are essential reading. These are:
- ISO/IEC 24762 – Disaster recovery
- ISO/IEC 27035 – Incident response actions
These documents are all part of the ISO Global Standards for IT excellence and best practice, and are invaluable reference tools.
Personnel Awareness
Last, but by no means least, all personnel need to be made aware of the DRP and trained in order to familiarize themselves with any duties they may have to undertake as part of the process. There may also be things that employees should refrain from doing in the event that the plan is implemented. A training log should be created, and from time to time, refresher courses given, and duly noted in the log. A Learning Management System (LMS) on the intranet is an ideal solution to ensure that this and any other necessary employee training, is carried out effectively and without impacting the employee’s time too badly.
Updates and Confidentiality
A DRP should be frequently reviewed and updated to take into account any changes in technology or working practices.
Finally, ensure that the DRP remains confidential within the company and that it is stored in a safe location and of course, fully backed up at all times, as should all of the important data that your company generates.