A disaster recovery plan is something every company should have but hope it never needs to actually execute. Nonetheless, the plan must be thorough in identifying all steps necessary for keeping critical systems functional during a disaster, it must consider all possible contingencies, and it must be tested. The backup generator failure at Olive View-UCLA Medical Center in Sylmar in mid-November, a result of wildfire ravaging the area, is a good reminder that even diligent DR planning and testing cannot always guarantee that DR plans will work as intended. Despite being tested as recently as three days before the fire, the hospital’s backup power plant failed because of a fuel pump problem, jeopardizing the care of more than 200 patients.
Key elements of a disaster recovery plan include the following:
- A definition of the loss of what service or specific systems constitutes a disaster.
- A prioritization of systems based on importance to the mission as well as target time frames for bringing the systems back online.
- A list of tasks for bringing systems back online, and the staff members responsible for each task.
- A plan for notifying members of the IT staff that a disaster has occurred, and an alternate facility to meet at to work on restoring services.
Once a company’s plan has been established, staff members should perform periodic tests of the plan and evaluate the success or failure of bringing disaster recovery systems online; these tests can be used to modify and refine the plan as needed. As new critical systems are added, the disaster recovery plan should be updated to include procedures for recovering the new systems.
Luckily no one died as a result of the Sylmar hospital power failure, but it is a stark reminder that disasters really do happen and therefore it’s critical to have a thorough – and tested – disaster recovery plan.
The NIST 800-34 Contingency Planning Guide is a great resource for more information on disaster and contingency planning: http://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdf
![[Slashdot]](/wp-content/plugins/slashdot.ico){kind=small}
![[Digg]](/wp-content/plugins/digg.ico){kind=small}
![[Reddit]](/wp-content/plugins/reddit.ico){kind=small}
![[del.icio.us]](/wp-content/plugins/delicious.gif){kind=small}
![[Technorati]](/wp-content/plugins/technorati.ico){kind=small}
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico){kind=small}
Leave a Comment