Chief Technology Officer/CISO
Regardless of industry, when an unexpected event takes place and brings day-to-day operations to a halt, your organization needs to recover as quickly as possible and continue to provide services to its clients.
From data security breaches to system disruptions to natural disasters, no business is immune to risk. Not having a disaster recovery plan in place can expose the organization to high financial implications, reputation loss and even greater risks for its clients and customers. According to Gartner, the average cost of IT downtime is $5,600 per minute – $300,000 per hour on average, and as much as $540,000 per hour at the higher end.
| “Recovery speed and recovery reliability top the priorities
of IT leadership according to Enterprise Strategy Group (ESG)”
Not surprisingly, recovery speed and recovery reliability top the priorities of IT leadership according to Enterprise Strategy Group (ESG). Unfortunately, less than half of organizations that have a plan in place regularly test their preparedness. To make matters worse, studies suggest there is little difference between not having a Disaster Recovery plan and having one you never test.
To keep your business secure against unforeseen emergencies and disasters, you should have a plan in place AND test its capabilities regularly. Here are a few ways to determine if you’re Disaster Recovery plan is up to snuff:
This method only focuses on a specific situation or threat scenario. Tabletop exercises are performed to check the readiness of your Disaster Recovery plan during natural disasters such as floods, cyclones, wildfire and tornadoes, but are also effective for testing the capabilities of your plan during other events. Response and recovery activity for a particular situation is discussed in this method. Perform tabletop exercise quarterly.
If testing your plan should not interfere with your business operations, simulation is the best option for you. A Disaster Recovery manager can test the capability of the system by passing it through different situations in a controlled environment. Application and business users are given an alternative system to conduct functional testing over it. It is a good idea to perform simulation testing twice a year.
The major stakeholders of the business should collaborate on the structure of the plan. Some experts do not consider this a viable mode of testing as it does not validate your capabilities, but it is effective in getting all stakeholders on the same page and understanding their role and responsibilities when it comes to the Disaster Recovery plan. It is recommended that you conduct walkthroughs once every quarter.
A full test conducted by IT professionals on your IT systems will check the functional capabilities of your systems. If you want to know the real capability of your recovery plan, experts suggest you should perform a full test. There is risk involved because it can affect your productivity, especially if the cutover in either direction fails. You will also have to fall back once the test is completed. Full tests should be conducted once every year.
As you examine your organizations’ Disaster Recovery plan, ensure it has the following features:
- Automatically identify the disaster
- Automate application recovery
- Guarantee data availability and little to no downtime
- Fully leverage the Disaster Recovery site
- Evaluate and test the recovery plan at a regular cadence