Advice from a Failed Disaster Recovery Audit

Advice from a Failed Disaster Recovery Audit

As much as we may write or talk about Disaster Recovery Planning (DRP), without getting into details on real-world scenarios, this is just a grain of sand in the desert. Analyzing practical scenarios will help you examine both successes and failures in the best possible way to improve your business continuity solutions. For better understanding, let’s focus on a recent audit of a government office.

Several failures experienced after an audit of Michigan Department of Technology and Budget lead to a number of helpful tips for SMEs attempting to implement a secure disaster recovery plan. Note that one can legally be tied to maintain DRPs when the person is managing a government network or hosting certain types of data.

Frequent updates and tests

There was no plan to restore an essential piece of the office infrastructure. This is an obvious failure of the DRP since it did not include any steps to restore department’s intranet. A disaster such as this is a hindrance to the staff because even the basic of tasks cannot be completed during the plan.

Why the oversight? Since 2011, the disaster recovery plan had not been updated, which is a total of six years without expert review. And this in IT is compared to “decades” of missed creations and innovations. IT pros recommend revisions at least every year considering all the upgrades made within that calendar year. You should always account for all upgrades made, this will help you with your records and ensure success is achieved.

Store your DRP in an easy-to-find location

Apart from the outmoded way of keeping the critical business continuity plan in a binder, there are other solutions to keep your DRP. However, the Michigan Department of Technology and Budget is a witness that not all alternatives would work according plan. Auditors discovered that the department’s DRP was stored on the same network it was meant to restore. Meaning that in the case of a network failure, accessing the recovery plan would be impossible.

It is strongly recommended that you use more than a single network to store soft copies including keeping the plans as hard copies around and outside the office area.

Get Prepared for Doomsday!

Although the government office came up with suitable recovery plans for restoring the local network, no employee was allowed to work within the stipulated recovery time, which was 24 hours.

It is important for your organization to understand and be prepared for the possibility that at times it may be impossible to go back to the local network. Cloud technology is the best approach to go by. The cloud backups and software will help keep everything up and running in cases when the physical office is crushed to the ground.

Most people see the DRPs as an annoying legal obligation – which is not. You can call it the ultimate survival solution or the systems savior; the DRP is basically an insurance plan with the power to keep you in business when disaster strikes. Get in touch with us today and talk to our team of professionals who will serve you a cocktail of academic and real-world resources to make your recovery plan complete and secure whenever an auditor resurfaces.