Disaster Recovery Planning
Process
By Geoffrey H.
Wold
Part
II of III
This is the second of a three-part series that
describes specific methods for organizing and writing a comprehensive disaster
recovery plan. The first part of this series described the process for
developing a thorough disaster recovery plan.
A well-organized disaster
recovery plan will directly affect the recovery capabilities of the
organization. The contents of the plan should follow a logical sequence and be
written in a standard and understandable format.
Effective documentation and
procedures are extremely important in a disaster recovery plan. Considerable
effort and time are necessary to develop a plan. However, most plans are
difficult to use and become outdated quickly. Poorly written procedures can be
extremely frustrating. Well-written plans reduce the time required to read and
understand the procedures and therefore, result in a better chance of success if
the plan has to be used. Well-written plans are also brief and to the
point.
Standard Format
A standard format for the procedures should
be developed to facilitate the consistency and conformity throughout the plan.
Standardization is especially important if several people write the procedures.
Two basic formats are used to write the plan: Background information and
instructional information.
Background information should be written using
indicative sentences while the imperative style should be used for writing
instructions. Indicative sentences have a direct subject-verb-predicate
structure, while imperative sentences start with a verb (the pronoun you is
assumed) and issue directions to be followed.
Recommended background
information includes:
Purpose of the procedure
Scope of the procedure
(e.g. location, equipment, personnel, and time associated with what the
procedure encompasses)
Reference materials (i.e., other manuals,
information, or materials that should be consulted)
Documentation
describing the applicable forms that must be used when performing the
procedures
Authorizations listing the specific approvals required
Particular policies applicable to the procedures
Instructions should be
developed on a preprinted form. A suggested format for instructional information
is to separate headings common to each page from details of procedures. Headings
should include:
Subject category number and description
Subject
subcategory number and description
Page number
Revision number
Superseded date
Writing Methods
Procedures should be clearly
written. Helpful methods for writing the detailed procedures include:
Be
specific. Write the plan with the assumption it will be implemented by personnel
completely unfamiliar with the function and operation.
Use short, direct
sentences, and keep them simple. Long sentences can overwhelm or confuse the
reader.
Use topic sentences to start each paragraph.
Use short
paragraphs. Long paragraphs can be detrimental to reader comprehension.
Present one idea at a time. Two thoughts normally require two sentences.
Use active voice verbs in present tense. Passive voice sentences can be lengthy
and may be misinterpreted.
Avoid jargon.
Use position titles (rather
than personal names of individuals) to reduce maintenance and revision
requirements.
Avoid gender nouns and pronouns that may cause unnecessary
revision requirements.
Develop uniformity in procedures to simplify the
training process and minimize exceptions to conditions and actions.
Identify events that occur in parallel and events that must occur
sequentially.
Use descriptive verbs. Nondescriptive verbs such as make
and take can cause procedures to be excessively wordy. Examples of descriptive
verbs are:
Acquire Count Log
Activate Create Move
Advise Declare
Pay
Answer Deliver Print
Assist Enter Record
Back Up Explain
Replace
Balance File Report
Compare Inform Review
Compile List
Store
Contact Locate Type
Scope
Although most disaster recovery
plans address only data processing related activities, a comprehensive plan will
also include areas of operation outside data processing.
The plan should have
a broad scope if it is to effectively address the many disaster scenarios that
could affect the organization.
A worst case scenario should be the basis
for developing the plan. The worst case scenario is the destruction of the main
or primary facility
Because the plan is written based on this premise, less
critical situations can be handled by using only the needed portions of the
plan, with minor ( if any) alterations required.
Planning
Assumptions
Every disaster recovery plan has a foundation of assumptions
on which the plan is based. The assumptions limit the circumstances that the
plan addresses.
The limits define the magnitude of the disaster the
organization is preparing to address. The assumptions can often be identified by
asking the following questions:
What equipment/facilities have been
destroyed?
What is the timing of the disruption?
What records, files
and materials were protected from destruction?
What resources are available
following the disaster:
Staffing?
Equipment?
Communications?
Transportation?
Hot site/alternate
site?
Following is a list of typical planning assumptions to be
considered in writing the disaster recovery plan:
The main facility of
the organization has been destroyed
Staff is available to perform critical
functions defined within the plan
Staff can be notified and can report to
the backup site(s) to perform critical processing, recovery and reconstruction
activities
Off-site storage facilities and materials survive
The
disaster recovery plan is current
Subsets of the overall plan can be used
to recover from minor interruptions
An alternate facility is available
An adequate supply of critical forms and supplies are stored off-site, either at
an alternate facility or off-site storage
A backup site is available for
processing the organizations work
The necessary long distance and local
communications lines are available to the organization
Surface
transportation in the local area is possible
Vendors will perform according
to their general commitments to support the organization in a
disaster
This list of assumptions is not all inclusive, but is intended
as a thought provoking process in the beginning stage of planning.
The
assumptions themselves will often dictate the makeup of the plan; therefore,
management should carefully review them for appropriateness.
Team
Approach
The structure of the contingency organization may not be the
same as the existing organization chart.
The team approach is used in
developing a plan as well as recovery from a disaster. The teams have specific
responsibilities and allow for a smooth recovery.
Within each team a manager
and an alternate should be designated. These persons provide the necessary
leadership and direction in developing the sections of the plan and carrying out
the responsibilities at the time of a disaster.
Potential teams
include:
Management team
Business recovery team
Departmental
recovery team
Computer recovery team
Damage assessment team
Security team
Facilities support team
Administrative support team
Logistics support team
User support team
Computer backup team
Off-site storage team
Software team
Communications team
Applications team
Computer restoration team
Human relations team
Marketing/Customer relations team
Other teams
Various combinations
of the above teams are possible depending on the size and requirements of the
organization. The number of members assigned to a specific team can also vary
depending on need.
Summary
The benefits of effective disaster
recovery procedures include:
Eliminating confusion and errors
Providing training materials for new employees
Reducing reliance on certain
key individuals and functions
In the next issue, the third part of this
series will describe specific methods and materials that can expedite the data
collection process.
Geoffrey H. Wold is the National Director of
Information Systems and Technology Consulting for the CPA/Consulting firm of
McGladrey & Pullen. He specializes in providing a wide range of planning,
operational and EDP related services .
This article adapted from Vol. 5
#2.
Disaster Recovery World© 1997, and Disaster Recovery Journal© 1997, are
copyrighted by Systems Support, Inc. All rights reserved. Reproduction in whole
or part is prohibited without the express written permission form Systems
Support, Inc.