This White Paper, the third in our three-part set on disaster recovery planning, presents particular methods and materials that can expedite the data collection process. The first two papers deal with the disaster recovery planning process itself and with specific methods for organising and writing the plan.
Disaster recovery concerns all departments
Disaster recovery is a concern of the entire organisation, not just data processing. To develop an effective disaster recovery plan, all departments should be involved.
Within all departments the critical business continuity needs should be identified. Critical needs include all information and equipment needed in order to continue operations should a department be destroyed or become inaccessible.
Determining critical needs for disaster recovery
To determine the critical business continuity needs of the organisation, each department should document all the functions performed within that department. An analysis over a period of between two weeks and one month can indicate the principal functions performed inside and outside the department, and assist in identifying the necessary data requirements for the department to conduct its daily operations satisfactorily.
Diagnostic questions relating to business continuity
Here are some of the diagnostic questions that can be asked:
- If a disaster occurred, how long could the department function without the existing equipment and departmental organisation?
- What are the high priority tasks – including critical manual functions and processes – in the department? How often are these tasks performed, e.g. daily, weekly, monthly?
- What staffing, equipment, forms and supplies would be necessary to perform the high priority tasks?
- How would the critical equipment, forms and supplies be replaced in a disaster situation?
- Does any of the above information require long lead times for replacement?
- What reference manuals and operating procedure manuals are used in the department? How would these be replaced in the event of a disaster?
- Should any forms, supplies, equipment, procedure manuals or reference manuals from the department be stored in an off-site location?
- Identify the storage and security of original documents. How would this information be replaced in the event of a disaster? Should any of this information be in a more protected location?
- What are the current microcomputer backup procedures? Have the backups been restored? Should any critical backup copies be stored off-site?
- What would the temporary operating procedures be in the event of a disaster?
- How would other departments be affected by an interruption in the department?
- What effect would a disaster at the main computer have on the department?
- What outside services or vendors does the department rely on for normal operation?
- Would a disaster in the department jeopardise any legal requirements for reporting?
- Are job descriptions available and current for the department?
- Are department personnel cross-trained?
- Who would be responsible for maintaining the department's contingency plan?
- Are there other concerns related to planning for disaster recovery?
The critical needs can be obtained in a consistent manner by means of a user department questionnaire. The questionnaire should focus on documenting critical activities in each department and identifying related minimum requirements for staff, equipment, forms, supplies, documentation, facilities and other resources.
Setting priorities on processing and operations
Once the critical needs for business continuity have been documented, management can set priorities within departments for the overall recovery of the organisation. Activities of each department could be given priorities in the following manner:
- Essential activities: A disruption in service exceeding one day would seriously jeopardise the operation of the organisation.
- Recommended activities: A disruption of
service exceeding one week would seriously jeopardise the operation
of the organisation.
- Non-essential activities: This information would be convenient to have but would not detract seriously from the operating capabilities if it were missing.
Record retention guidelines
A systematic approach to records management is an important part of a comprehensive disaster recovery plan. Additional benefits include:
- reduced storage costs
- expedited customer service
- regulatory compliance.
Records are not only retained as proof of financial transactions, but also to verify compliance with legal and regulatory requirements. In addition, businesses must satisfy retention requirements as an organisation and employer. These records are used for independent examination and verification of sound business practices. Legal requirements for records retention must be analysed by each organisation individually. Each organisation should have its legal advisors approve its own retention schedule.
As well as retaining records, the organisation should be aware of the specific record salvage techniques and procedures to follow for different types of media – for example:
- paper
- digital
- image
- photographic.
Other data gathering techniques
Other information that can be compiled by using preformatted data gathering forms include:
- Equipment inventory to document all critical equipment required by the organisation. If the recovery lead time is longer than acceptable, a backup alternative should be considered.
- Master vendor list to identify vendors that provide critical goods and services.
- Office supply inventory to record the critical office supply inventory to facilitate replacement. If an item has a longer lead time than is acceptable, a larger quantity should be stored off-site.
- Forms inventory listing to document all forms used by the organisation to facilitate replacement. This list should include computer forms and non-computer forms.
- Documentation inventory listing to record inventory of critical documentation manuals and materials. It is important to determine whether backup copies of the critical documentation are available. They may be stored on disk, obtained from branch offices, or available from outside sources such as vendors.
- Critical telephone numbers to list critical telephone numbers, contact names, and specific services for organisations and vendors important to the disaster recovery process.
- Notification checklist to document responsibilities for notifying personnel, vendors and other parties. Each team should be assigned specific parties to contact.
- Master call list to document employee telephone numbers.
- Backup position listing to identify backup employees for each critical position within the organisation. Certain key personnel may not be available in a disaster situation; therefore, backups for each critical position should be identified.
- Specifications for off-site location to document the desired/required specifications of a possible alternative site for each existing location.
- Off-site storage location inventory to document all materials stored off-site.
- Hardware and software inventory listing to document the inventory of hardware and software.
- Telephone inventory listing to document existing telephone systems used by the organisation.
- Insurance policies listing to document insurance policies in force.
- Communications inventory listing to document all components of the communications network.
Computer-based disaster recovery planning systems
There are several PC-based disaster recovery planning systems that can be used to facilitate the data gathering process and to develop the plan. Typically, these systems emphasise either a database application or a word processing application. The most comprehensive systems use a combination of integrated applications.
Some PC-based systems include a sample plan that can be tailored to the unique requirements of each organisation. Other materials can include instructions that address the disaster recovery related issues that the organisation must consider during the planning process – for instance, disaster prevention, insurance analysis, record retention and backup strategies.
Specialised consulting may also be available with the system to provide on-site installation, training and consulting on various disaster recovery planning issues.
The benefits of using a PC-based system for developing a disaster recovery plan include:
- a systematic approach to the disaster recovery planning process
- predesigned methodologies
- an effective method for maintenance
- a significant reduction in time and effort in the planning and development process
- a proven technique.
Recently, other PC-based tools have been developed to assist with the process, including disaster recovery planning tutorial systems and software to facilitate the testing process.
Summary
Disaster recovery planning involves more than off-site storage or backup processing. Organisations should also develop written, comprehensive disaster recovery plans that address all the critical operations and functions of the business. The plan should include documented and tested procedures that, if followed, will ensure the ongoing availability of critical resources and continuity of operations.
The benefits of developing a comprehensive disaster recovery plan include:
- minimising potential economic loss
- decreasing potential exposures
- reducing the probability of occurrence
- reducing disruptions to operations
- ensuring organisational stability
- providing an orderly recovery
- minimising insurance premiums
- reducing reliance on certain key individuals
- protecting the assets of the organisation
- ensuring the safety of personnel and customers
- minimising decision making during a disastrous event
- minimising legal liability.
For more information on disaster recovery planning please see our related White Papers, Developing a disaster recovery plan and Writing a disaster recovery plan.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.