Disaster Recovery Planning
By Geoffrey H. Wold
Part II of III
This is the second of a three-part series that describes specific methods for organizing and writing a comprehensive disaster recovery plan. The first part of this series described the process for developing a thorough disaster recovery plan.
A well-organized disaster recovery plan will directly affect the recovery capabilities of the organization. The contents of the plan should follow a logical sequence and be written in a standard and understandable format.
Effective documentation and procedures are extremely important in a disaster recovery plan. Considerable effort and time are necessary to develop a plan. However, most plans are difficult to use and become outdated quickly. Poorly written procedures can be extremely frustrating. Well-written plans reduce the time required to read and understand the procedures and therefore, result in a better chance of success if the plan has to be used. Well-written plans are also brief and to the point.
A standard format for the procedures should be developed to facilitate the consistency and conformity throughout the plan. Standardization is especially important if several people write the procedures. Two basic formats are used to write the plan: Background information and instructional information.
Background information should be written using indicative sentences while the imperative style should be used for writing instructions. Indicative sentences have a direct subject-verb-predicate structure, while imperative sentences start with a verb (the pronoun you is assumed) and issue directions to be followed.
Recommended background information includes:
Purpose of the procedure
Scope of the procedure (e.g. location, equipment, personnel, and time associated with what the procedure encompasses)
Reference materials (i.e., other manuals, information, or materials that should be consulted)
Documentation describing the applicable forms that must be used when performing the procedures
Authorizations listing the specific approvals required
Particular policies applicable to the procedures
Instructions should be developed on a preprinted form. A suggested format for instructional information is to separate headings common to each page from details of procedures. Headings should include:
Subject category number and description
Subject subcategory number and description
Procedures should be clearly written. Helpful methods for writing the detailed procedures include:
Be specific. Write the plan with the assumption it will be implemented by personnel completely unfamiliar with the function and operation.
Use short, direct sentences, and keep them simple. Long sentences can overwhelm or confuse the reader.
Use topic sentences to start each paragraph.
Use short paragraphs. Long paragraphs can be detrimental to reader comprehension.
Present one idea at a time. Two thoughts normally require two sentences.
Use active voice verbs in present tense. Passive voice sentences can be lengthy and may be misinterpreted.
Use position titles (rather than personal names of individuals) to reduce maintenance and revision requirements.
Avoid gender nouns and pronouns that may cause unnecessary revision requirements.
Develop uniformity in procedures to simplify the training process and minimize exceptions to conditions and actions.
Identify events that occur in parallel and events that must occur sequentially.
Use descriptive verbs. Nondescriptive verbs such as make and take can cause procedures to be excessively wordy. Examples of descriptive verbs are:
Acquire Count Log
Activate Create Move
Advise Declare Pay
Answer Deliver Print
Assist Enter Record
Back Up Explain Replace
Balance File Report
Compare Inform Review
Compile List Store
Contact Locate Type
Although most disaster recovery plans address only data processing related activities, a comprehensive plan will also include areas of operation outside data processing.
The plan should have a broad scope if it is to effectively address the many disaster scenarios that could affect the organization.
A worst case scenario should be the basis for developing the plan. The worst case scenario is the destruction of the main or primary facility
Because the plan is written based on this premise, less critical situations can be handled by using only the needed portions of the plan, with minor ( if any) alterations required.
Every disaster recovery plan has a foundation of assumptions on which the plan is based. The assumptions limit the circumstances that the plan addresses.
The limits define the magnitude of the disaster the organization is preparing to address. The assumptions can often be identified by asking the following questions:
What equipment/facilities have been destroyed?
What is the timing of the disruption?
What records, files and materials were protected from destruction?
What resources are available following the disaster:
Hot site/alternate site?
Following is a list of typical planning assumptions to be considered in writing the disaster recovery plan:
The main facility of the organization has been destroyed
Staff is available to perform critical functions defined within the plan
Staff can be notified and can report to the backup site(s) to perform critical processing, recovery and reconstruction activities
Off-site storage facilities and materials survive
The disaster recovery plan is current
Subsets of the overall plan can be used to recover from minor interruptions
An alternate facility is available
An adequate supply of critical forms and supplies are stored off-site, either at an alternate facility or off-site storage
A backup site is available for processing the organizations work
The necessary long distance and local communications lines are available to the organization
Surface transportation in the local area is possible
Vendors will perform according to their general commitments to support the organization in a disaster
This list of assumptions is not all inclusive, but is intended as a thought provoking process in the beginning stage of planning.
The assumptions themselves will often dictate the makeup of the plan; therefore, management should carefully review them for appropriateness.
The structure of the contingency organization may not be the same as the existing organization chart.
The team approach is used in developing a plan as well as recovery from a disaster. The teams have specific responsibilities and allow for a smooth recovery.
Within each team a manager and an alternate should be designated. These persons provide the necessary leadership and direction in developing the sections of the plan and carrying out the responsibilities at the time of a disaster.
Potential teams include:
Business recovery team
Departmental recovery team
Computer recovery team
Damage assessment team
Facilities support team
Administrative support team
Logistics support team
User support team
Computer backup team
Off-site storage team
Computer restoration team
Human relations team
Marketing/Customer relations team
Various combinations of the above teams are possible depending on the size and requirements of the organization. The number of members assigned to a specific team can also vary depending on need.
The benefits of effective disaster recovery procedures include:
Eliminating confusion and errors
Providing training materials for new employees
Reducing reliance on certain key individuals and functions
In the next issue, the third part of this series will describe specific methods and materials that can expedite the data collection process.
Geoffrey H. Wold is the National Director of
Information Systems and Technology Consulting for the CPA/Consulting firm of
McGladrey & Pullen. He specializes in providing a wide range of planning,
operational and EDP related services .
This article adapted from Vol. 5 #2.
Disaster Recovery World© 1997, and Disaster Recovery Journal© 1997, are
copyrighted by Systems Support, Inc. All rights reserved. Reproduction in whole
or part is prohibited without the express written permission form Systems