Disaster recovery testing ensures that you're fully prepared in the event of an actual emergency or equipment outage. But informal DR testing will only get you so far.
- Improve the process. Correcting issues discovered during formal testing will improve the recovery timeframe. A formal DR test with user involvement allows the coordinator to fine-tune the process. Continually improving the process is necessary to ensure your company's 2010 requirements are properly met.
- Gain team experience. Companies that formally plan, test and communicate their DR procedure will be e prepared when an outage occurs. Allowing team members to practice and learn the process without any actual pressure can help to minimize stress in the event of an actual outage. This can lead to improved recovery times.
- Clearly define business needs. Allowing the different business areas to take ownership for their information helps to better define recovery and security needs. While the IT department is the guardian of information resources, input from business centers on what's important can ensure that the most critical applications are recovered first. Business professionals also gain DR training that's valuable during actual outages.
- DR testing becomes a priority. During difficult economic times, companies may skip DR testing favor of what are considered more critical business projects because it is considered expensive. Performing certain aspects of formal testing in a lab can be more cost effective.
- Meet regulatory requirements. HIPAA, SAS 70 and Sarbanes-Oxley require that data is protected and retained. External and internal auditors often review business contingency plans -- including a company's disaster recovery plan -- to ensure that it is properly protecting information.
Harry Waldron, CPCU has worked in the IT profession for over 35 years. A Microsoft MVP, he works as a senior developer for Fairfax Information Technology Services in Roanoke, VA, where he provides technical, business and leadership support on key development projects. He writes about security and best practices for several technical forums, including myITforum.com. He has earned 10 professional designations in technology, business, and insurance fields.
This was first published in April 2010