Make a review schedule. Depending on the nature of your environment, you may need to do a disaster recovery review every few weeks, quarterly, or annually. As cyberthreats become more complex, several regulatory agencies want confirmation of ongoing testing. Create a formal process for reviewing your disaster recovery plans and executing repair work as needed.
In addition to monthly reviews, organizations should conduct annual disaster recovery reviews. During these sessions, you will want to make sure that all of your backup strategies are effective and that any changes to your plan don't negatively affect your ability to recover from a disaster.
If your organization has not conducted a disaster recovery review in some time, start with a full inventory of your resources to see what needs to be repaired or replaced. Then, create a plan to address those issues before it becomes necessary to execute the plan. Last, schedule a review session with your team to confirm that your plan is still valid and can be executed effectively.
The frequency of your disaster recovery review depends on the size of your organization, but it's important to have a plan in place for any situation. Without knowing it, your company could be putting itself at risk of failure if an emergency occurs.
Good luck with your next disaster recovery review!
Start the review with an inventory of systems and data, followed by a discussion of successes, challenges, and future plans.
It's important to have a way to track progress that is not only objective but also meaningful to your organization. For example, if you are working to get back to normal business operations within two days of a disaster, then you might want to set a goal of completing one review cycle in one week. This would be more than adequate to stay ahead of any major issues that might arise.
While it's good practice to have periodic reviews, they don't have to be done regularly. You can start the process immediately after a disaster has been resolved if you wish. The key thing is that you keep moving forward even during non-disaster times so that you aren't left behind when something does go wrong.
Overall, planning for these reviews is easier said than done. However, by making sure that you at least have discussions about successes/challenges/future plans, you're taking the first step toward ensuring that your disaster recovery program continues to be effective.
To update your disaster recovery strategy, the best first step is to plan for it. Consider setting up a regular time each year when you review your strategy with your team. This will help ensure that any changes that may have been made since the last review are identified and implemented.
Start small, with weekly reviews. If you're just getting started with disaster recovery planning, start with a daily review of your strategy. For example, if your policy includes testing a site in a read-only mode once a week, test this scenario out with one of your testers before implementing it in production. As you get more experience preparing for disasters, you can increase the frequency of your reviews. For example, if a major outage affects half of your sites each month, you might want to set up a monthly review of your strategy to make sure it remains effective.
Keep improving. Just as with any other part of your infrastructure, your disaster recovery strategy needs to be reviewed and improved over time too. New technologies may become available that could improve your ability to recover from disasters, such as cloud-based data storage or virtual machine replication. If possible, consider incorporating some of these new tools into your strategy.