SMB: Do I need to have someone audit my firm's DR Test?

Submitted by admin on Mon, 12/27/2010 - 10:21

First off every firm should have an IT Disaster Recovery (DR) plan. No ifs, ands, or buts. Even if you are a small accounting or legal firm your records or data must be stored somewhere off-site and access to that data, aka thru the applications used by your firm, must be available in a timely manner. Your DR plan may be quite complex or very simplistic, but it must match your risk tolerance and your unique situation. If your firm does not have a documented IT Disaster Recovery Plan you need to a) put this on your Q1/2011 To Do list as a high priority and b) contact us at Zombie Dat for a FREE initial consultation - we can help walk you thru the process of developing a suitable Disaster Recovery plan for your company. But that process is a topic for another Blog entry.

Second, every so often, either semi-annually or annually or however often to make your feel comfortable, a test of your IT Disaster Recovery plan should be run. If you don't test your plan, how do you know it will work? This usually means a couple of weeks are dedicated to reviewing the 'plan' and determining segments that need testing. If you haven't done this for a while, a couple of years or more, than I suggest you begin with the belief that you need to test it all. If you have been testing regularly then perhaps there are systems that you KNOW are rock solid and that their DR plan is good. I still suggest you cycle test everything on a periodic basis but how often is dependent upon your own risk tolerance.

Once the scope of the test is determined, a schedule for the test is needed. This may be as quick as a night or two, a weekend is very common, and in some cases the DR Test lasts a week or more with the DR systems running actual user load for a period of time. In one case I know of a client who cycles between his three (3) datacenter locations, yes I said three, on a quarterly basis. First quarter site A is primary, sites B & C are DR, second quarter site B is primary with sites A & C as DR, etc. Now this is extreme for most companies and requires a very high level of coordination when it comes to deploying any type of software upgrades, security changes and the like but for their situation is was the right solution.

OK so your firm has a DR plan and performs a periodic DR Test - why should I have someone outside the firm audit our DR Test Cycle? The answer is simple - to give oversight to the test teams, to identify areas of weakness in their DR plans, to give suggestions to tighten things up and make them more simple and concise. We in IT refer to it as the KISS principle - Keep it Simple S*****! The less steps and moving parts to your DR plan the less chance of something going wrong in the process. Now sometimes you can't get past the fact that more complex applications may need a more complex recovery plan.

If your firm did not run a test of you Disaster Recovery Plan in 2010 then please contact us. Let us assist you with auditing your 2011 DR Test and reviewing our results with you. I believe we can assist with strengthening your DR plan so if a disaster should occur it doesn't mean you have lost your IT systems.

Rob Vorbroker
Zombie Data
#in

admin's blog
Login to post comments

Zombie Data

Tweet's from @ZombieData

Lester, Art & Cindy are three class individuals. I am honored to have made their acquaintence thru the IIUG and proud…http://t.co/lDH2LWR0 — 5 weeks 6 days ago
Off to Buffalo via Detroit. Mock conversion weekend. — 9 weeks 3 days ago
Traveling to Buffalo, NY Monday-Wednesday next week. — 16 weeks 4 days ago
Off to Buffalo this week working with First Niagara Financial Group — 24 weeks 6 days ago
@corpzombie Alex I'll take Quotes from Princess Bride for $1000 — 50 weeks 1 day ago