For most companies, a force majeure, or total destruction of your systems or data center, is not the most likely disaster. Any number of the following situations could bring about a more likely disaster: application or hardware failure, a security breach, software that wasn't properly tested or even employee retention. While employee retention may seem out of place in this list, the unexpected departure of key employees could leave a company unprepared to continue operations -- even if all the systems are up and running. However, the most common disasters are more likely due to human error -- if your Active Directory administrator deleted an OU with 10,000 users, are you prepared to recover from that?
While each company has its unique potential for disasters, a successful disaster recovery plan identifies and mitigates the most likely disasters for your company. You can accomplish that with these three steps:
Establish your universe and ask the right questions
- Establish your universe.
- Create your plan.
- Integrate it into your daily work.
You don't have to be the CIO or vice president of IT to be responsible for a disaster recovery plan. Every IT manager or team lead should have his or her own individualized plan. You may not be asked for a formal plan, but if something goes wrong, you will get a phone call asking when it will be fixed.
In the first step, you must answer the following questions:
I have found that creating or using an organization chart is the best way to define the scope of your individual plan. As you see in Figure 1, you can take or create a simple organization chart and instead of putting names, complete it with the areas of responsibility.
- Who are you and what are you responsible for? In other words, what is your role as IT manager, development team lead, VP of IT infrastructure, systems administrator?
- Who are you responsible for and what do they do? For example: Storage team, responsible for nightly backups; Active Directory team, responsible for user and resource management.
- What does your boss think you are responsible for? Don't forget that there are often implied areas of responsibility that you will be asked to step in and resolve in a crunch.
- How does your area of responsibility support the business? Ask yourself: Am I responsible for all development of widgets and supporting them within the company? Do I support the phone systems for the call center?
By plotting out areas of responsibility at a company, the scope of any individualized plan can be established at any level -- from the CIO to the entry-level software engineer. With the scope established, the next steps are to create a plan of action and integrate that plan into your daily work activities.
Russell Olsen is the CIO of a Medical Data Mining company. He previously worked for a Big Four accounting firm. He co-authored the research paper "A comparison of Windows 2000 and RedHat as network service providers." Russell is an MCP and GSNA. He can be reached at email@example.com.