In networking, there is nothing more critical than having a solid disaster recovery plan, so I recommend making April "Test Your Disaster Recovery Plan Month." Every enterprise should take time during this month to either create a plan or review and revise a plan they already have in place. It should be a companywide effort that closely examines every possible scenario from simple power outages to ravaging storms that result in weeks and months of devastation.
Here are some suggestions for developing a comprehensive disaster recovery plan:
1. Make a list of all the possible problems you could encounter that would jeopardize your network. Take into account if you are in a hurricane zone, a flood region or a mudslide area. Also, consider other seasonal problems that interrupt power in various parts of the country such as rolling blackouts or blizzards. Take into account the local environment you are in, such as a high-construction area that might be vulnerable to backhoe incidents. Nothing is too outrageous to consider and plan for.
2. Think of all the people that you would need in a disaster. Too often, companies put the burden of disaster recovery on a single person. What if that person's family is in jeopardy and they must help them? You need to have a team approach to getting your company back on its feet after a disaster. And don't just think of IT personnel. You can take this opportunity to cross-train other employees to be responsive in a disaster.
3. Narrow down who will need access to data during and after a disaster. In a true crisis situation, you must limit who has access to the network. Trying to get everyone back online at their normal work levels is unrealistic. Instead, you should prioritize who in the organization must be reinstated on the network. For instance, your CFO and HR personnel would need access, but maybe not the company receptionist. The pool of people that needs immediate access should be limited. Otherwise, you'll spend more time supporting them than working on the bigger issues you are faced with.
4. Narrow down the applications and data silos that will need to be accessed. In the event of an emergency, chances are you will have to be selective about what devices you choose to bring back online. You'll probably have a limited amount of generator capacity so make sure you prioritize ahead of time. For instance, you'll probably want to power up e-mail access before you restore the marketing team's file server.
5. Know your remote access strategy. If you are barred access from your data center, you need to have remote access strategy that can be implemented quickly. Again, don't rely on a single person to bring the network up remotely from their laptop. Have a backup location where people can gather to review your disaster recovery plan and put it into action.
6. Keys to the kingdom. A few years ago, I read a story about a company that tried to carry out its disaster recovery plan after a storm only to find that they had lost the keys to their facility. Make sure that several trusted people can gain entrance to your recovery location. The last thing you want to do is lose valuable time because one person lost or forgot his keys.
7. Have a doomsday plan. What if none of your staff at headquarters was able to recover the network because they had perished or were unable to reach the location? What would you do? You need to include your remote staff in your recovery plan. Deputize employees at branches so that if you are unable to take the helm of the disaster effort, they can step in and get the business back up and running. This means including them in your training efforts. Don't assume this can't happen. Unfortunately, we've seen too many instances where it can such as Hurricane Katrina and Sept. 11.
8. Protect your data. Make sure that whatever your disaster recovery plan entails, your data is highly protected and stored in more than one location -- preferably in different geographic regions. If you are relying on branch offices to bring the network back online, do drills with them that simulate how they would access critical data.
Important in all of this is the promotion of your plan. Have a day where you explain to employees what will happen in the event of an emergency. For instance, if they are not mandatory personnel, they should not expect to have full network access in the wake of a disaster. Detail what steps will be taken to bring the company back online without divulging security information. The more educated your users are, the less time you will have to spend answering questions during the crisis.
If you test all of these facets of disaster recovery, you are well on your way to having a solid plan in place. And remember, enjoy your new holiday month.