With the recent tragedies in Haiti, there will be a number of articles in the technology press about disaster planning and recovery. Over the next year there will be a lot of activity as businesses jump start third DR planning. And, unfortunately, many of these plans and programs will be put aside a year from now and, once again, American businesses will not have a recovery option.
This posting is not about developing a DR plan for organization. To develop a disaster plan, the business needs to commit both the time and the resources to the project. The business needs to commit more than just the IT team to the project because DR covers more than just IT. A good DR plan covers the entire organization, provides for business continuity.
Rather than going into a lengthy discussion of a DR plan, we're going to go through a list of items that should be in place today. Some items on the list should be self-explanatory while others are on the list based on my own experience.
Communications. Immediately after the disaster, management needs to assess the impact of the disaster or tragedy on the company. A key resource to any company is the workforce and after a tragedy there needs to be a plan or a process in place that facilitates inventory of that resource. Within the company, there should be a list, a telephone roster, which can be used to take inventory of your staff. An administrative staffer would start by calling key people on the list, department heads for example and they would in turn contact people underneath them keep track of who they were able to find and report this information back to the staffer who initiated the phone calls. These calls would also be used to pass on information to the workforce. Once management knows where everybody is they can get all of that the right people to reopen offices, relocate staff as needed or anything else that had to be gone.
Such a list needs to be distributed managers and maintained on a regular basis. It goes without saying that the list needs to be hard copy; chances are that when you need to access the list your computers will be down.
Documentation. Most of the documentation we work with on a daily basis is maintained on a computer, be it on the wiki, and intranet, or some other electronic means. In the event of an emergency situation, however, there are some items that you need to have a hard copy and in a safe place. My short list is as follows:
- Names and phone numbers of department heads
- Names and phone numbers of service and support organizations that I deal with regularly
- Names and phone numbers of corporate security staff
- Names and phone numbers of my primary vendors
- Because I have worked in IT for years, I would always include anup-to-date inventory of my data center. This includes the servers, network gear, telephony, storage, software licenses and any related hardware, software and reference material that I need to restore services.
Once again, in a disaster you might not have access to my computers so this data should either be on hard copy or on a CD.
The information that I've listed above needs to be kept current and available. My personal recommendation is that the data all be stored on the CD, copy to multiple CDs. Distribution as follows:
- One copy should be sent along with the off-site data storage
- One copy should be given to senior management, to be available to them should anything happen to the manager.
- One copy is stored at the manager’s house a small fireproof box.
- One copy is stored the home of the next senior person on the staff.
Finally, there is usually a list of key passwords and accounts (sys admin and other key administrative accounts) should be written down and given to a senior executive or legal counsel and stored in a safe place. Once again, this information could be needed to recover or re-create services and systems. Putting the data in the hands of the executive or the legal counsel, in the event that the manager was not able to participate in recovery, provides the organization with the information it needs to move forward.
I'm sure that there are those who would say there is no need to go through the steps, that redundant systems and well-designed infrastructure should withstand most disasters. Unfortunately, the tragedy of Katrina, Haiti and the World Trade Center have demonstrated the need for such preparation. It isn't enough for a manager to keep his department running on a day-to-day basis; the manager needs to look to the future and plan for uncertainty.
No comments:
Post a Comment