Make Disaster Recovery Actionable Keep your DRP from

Make Disaster Recovery Actionable Keep your DRP from becoming expensive shelfware Info-Tech Research Group 1

Introduction Operationalize your Disaster Recovery (DR) efforts by establishing a dedicated team and testing your DR plan frequently to provide adequate preparation for the real thing. Why you should read this solution set: This solution set is designed for: ü This research streamlines the process of determining ü CIOs, IT Directors, and IT leaders responsible for how to staff and test your DR plan by providing guidance and supplementing it with tools to capture skills requirements, and define testing schedules to ensure the enterprise is always ready to respond. ü A DR protocol will be put forward to make your recovery efforts intuitive. ü At the end of the day, business failure is the end point on the grief spectrum. This research will show the steps that enterprises can take to reduce the likelihood of the enterprise hitting the point of no return. Info-Tech Research Group ensuring the enterprise is prepared to deal with a disaster. ü IT professionals responsible for responding to disasters to ensure recovery and post-disaster availability of critical IT resources. ü Business continuity professionals, who are looking to better integrate the enterprise's DR plan into the overall business continuity plan. 2

Executive Summary Build the Disaster Recovery Team • A Disaster Recovery (DR) Team is essential to effectively restore operations in a disaster situation. Determine the appropriate number of members for your DR Team to balance technical skills with response speed. • Have a dedicated DR Coordinator to manage the recovery efforts, coordinate resources, and communicate with stakeholders in senior management or other impacted units. The DR Coordinator should be someone with the experience necessary to properly prioritize the recovery effort and shield the DR Team from any external influences. • Clearly define the roles and responsibilities of the DR Team roles and over-provision the requisite skills to minimize the potential for recover efforts to be impacted by lack of personnel. Test the Disaster Recovery Capability • Organizations that test their DR plan are substantially more successful at recovery than those that do not. Reframe the conversation from fiscal constraints to enterprise survival to prioritize DR plan testing as a strategic issue rather than a budgetary one. • Leverage the full spectrum of DR exercises (tabletop, simulations, parallel, and full-scale) when testing your DR plan to identify gaps in the plan and enhance the skills of your DR Team. Responding to and Recovering from Disaster • In a disaster situation, begin by notifying key stakeholders, and making an initial impact assessment of the damage. Follow by activating the DR plan, implementing your documented recovery procedures and determining if recovery will be shortterm or an ongoing operation. Finally, evaluate the damage at the primary site, analyze the potential need to rebuild any infrastructure and begin repatriation. • Following a DR situation, conduct a post-mortem review of the event to determine shortcomings in the plan, communication gaps or shortcomings. Address observations in the DR plan in preparation for the next disaster. Info-Tech Research Group 3

The following information assumes you have a DR plan in place, but if you don’t, leverage these resources to get up to speed Lack of DR preparedness costs your enterprise hard dollars and that makes no sense. • Disasters are expensive: SMBs indicated a median cost of $12, 500 per day for disaster-related downtime. • Size matters: the median cost of downtime for small businesses is $3, 000 per day and $23, 000 per day for medium businesses. • Outages impact your customers: customers indicated that outages by their service provider cost them $10, 000 per day. • Downtime matters too: 54% of SMB customers indicated they had switched vendors due to unreliable or inoperable computing systems. • Have a DR plan if you want to keep the shop open: 44% of SMB customers indicated their vendor had shut down following a disaster. “Symantec 2011 SMB Disaster Preparedness Survey” (January 2011) Set the right scope. Right-Size Enterprise Disaster Recovery Plans. DR is not a onesize-fits-all endeavor; match spending with enterprise needs. Know you’re backed up. Select Enterprise Backup Software. Meet your Recovery Time Objectives by using the right backup product. Consider virtualization. Leverage Server Virtualization for DR Affordability and Agility. Save time and money by virtualizing your restoration environment. Have a sound DR plan. Document the Disaster Recovery Plan Now. Without a plan your future is up in the air. Get your head out of the ground. You can’t control events around you. If you value your company, invest in an insurance plan [a DR plan] and make sure it works. Norman Weiner, Sr. VP of Technology, Kaizen Info. Source LLC Info-Tech Research Group 4

Approach DR plan development as an ongoing process aimed at enhancing your organization’s DR capabilities The biggest myth in Disaster Recovery planning is that once a plan is designed, the process is over, while in actuality the process is cyclical. pla n that requires the amalgamation of various stakeholder perspectives. pla n ate e. D R pla n Info-Tech DR plan Development Cycle st th th Te e DR pl a n Info-Tech Research Group DR lop must be performed to determine how they can be corrected. If the error or omission is significant, redesign may be required. he ve • Once tests have identified problems, an evaluation nt De problems within DR plans and these are best identified and corrected via thorough and consistent testing. Ev alu • Errors and omissions are the most likely cause of sig DR • Initial design, however, can appear simple when compared to the on-going task of plan refinement and enhancement. De ga ps • Designing the DR plan can be a lengthy process 5

Building the Disaster Recovery Team What’s in this section: • Have a dedicated DR Coordinator in place to manage recovery efforts. • • • Establish the appropriate number of DR Team roles. Sections: Build the Disaster Recovery Team Test the Disaster Recovery Capability Make your DR Team out of both A and B players. Responding to and Recovering from Disaster Focus on defining DR roles for maximum impact. Summary Don’t be person-dependant: over provision. Appendix Make DR response crystal clear with objective trigger points. Info-Tech Research Group 6

Have a dedicated DR Coordinator in place to manage recovery efforts, organize personnel, and synchronize relief efforts Your DR efforts will be greatly enhanced by designating an experienced project manager as the DR Coordinator. • The DR Coordinator must know their role. The primary responsibilities of the DR Coordinator during the disaster are to manage the DR effort, act as a central point of contact, and shield the DR Team from an external influences during recovery. In many enterprises the IT manager fulfills this role. • Think fast and act decisively. Changing circumstances require the DR Coordinator to modify the recovery process to respond to the specific needs of the organization. S/he must act decisively in tense situations and exhibit confidence and grace under pressure to reinforce the strength of your team. • Liaise with external groups. The DR Coordinator must manage all external communications with emergency services, vendors, consultants or key stakeholders. • Shield the DR Team from external influences during recovery. The DR Coordinator protects the Team from externalities, which may deviate them from the recovery efforts. Don’t let the unprepared factions of the organization impact recovery efforts. Info-Tech Research Group Its not the team itself… they will do fine. They have been through multiple tests with me, and I have confidence in them. What I can’t test is our management. My real fear is not the team, but the outside influences, and how they might react during the crisis. What we really need is hands-off and let us work our plan. Robert Pierce, Director of IT Security, Carolina Health Care 7

Establish the appropriate number of Disaster Recovery roles to optimize the organization’s DR response Tailor the plan to the organization by delegating DR roles throughout the organization and having roles clearly defined. • Use your recovery objectives to determine how many recovery roles your organization is going to need. • DR teams will look different in different sized organizations. Large organizations will need multiple, technically-specific recovery teams while smaller organizations often field only a single inter-disciplinary recovery team. • A balanced team allows for controlled and coordinated actions with each member of the team understanding their role in relations to others. • Run regular recovery control meetings to maintain the DR plan as an organizational priority, and to ensure each member of the DR Team has a clear understanding of their role and its associated tasks. Use the DRP Team Build Worksheet to develop your recovery team. Info-Tech Research Group Recovery Team Roles Facilities General Responsibility Hardware Replacement and restoration of all servers and desktops. Applications/Data Obtaining backups, restoring data, loading software images. Network Firewall, routers, cabling, equipment to make data available. External Services Restoring power, Internet, phone. Engineering Ensuring that the environment is safe and suitable for work. Finance Provide approval for spending, documentation for insurance. Human Resources Contact people to report /not report, provide support. Media Relations Contact media, coordinate information to public. Management Liaise with boards, make critical decisions, remove obstacles. 8

Organizations that have a dedicated DR team are more successful at restoring operations The DR team is your first response unit; make sure you have one in place and that it is appropriately resourced. Operations Leader IT Applications IT Storage Facilities DR Fast Action Response Team DR Coordinator Finance IT Infrastructure Production Leader Accounting Leader HR Leader Co mm u Ch nica ann tion el Business Liaison DR Coordinator CIO Management Stakeholder Group • Your DR Fast Action Response Team is first on site. It is essential that this team is appropriately scoped, sized and staffed. Optimize the balance between size and skill by drawing from logical subsets of the organization, but ensure the size of the unit does not become a hindrance to overall effectiveness. • Use the DR Coordinator as the point of contact between DR Fast Action Response Team and the Management Stakeholder Group to streamline communications and ensure the onsite assets receive a consistent message. • Don’t funnel overall organization-wide communication through one or two key people. Delegate communication/coordination responsibilities to team leaders across the organization and have a single Business Liaison interact with management to allow for efficient multi-team, real-time operational information. • Draw resources from across the organization to share DR plan ownership and balance tasks. Info-Tech Research Group 9

Info-Tech Research Group Helps IT Professionals To: ü ü ü Quickly get up to speed with new technologies ü Manage business expectations ü Justify IT spending and prove the value of IT ü Train IT staff and effectively manage an IT department Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Sign up for free trial membership to get practical solutions for your IT challenges • “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co. , LP Toll Free: 1 -888 -670 -8889 Info-Tech Research Group www. infotech. com 10