Making !T Work

Data → Information → Knowledge → Wisdom

Disaster Recovery Framework

This pandemic has forced many organizations to rethink their business resiliency plans.   Many of us realized our approach was not equal to the challenge.  

As someone who has been in the game too long to admit how long, I can assure you the rules of proper business resilience planning has NOT changed.   The demands on the plan have clearly changed but not the need to have and maintain a plan.   The traditional method of write it once, put it on a shelf and check it once a year are long gone.   Today to meet the demands of the issues facing your business the plan must be fluid and more importantly actionable.

For those who know me, I am a framework and patterns person.   I see business challenges as repeatable patterns.   To address this, I am a firm believer in building frameworks to address these patterns in an effective manner that can be actioned.  See a Problem, Fix a Problem is my mantra.

Business resiliency is more than just a buzz word.   Look at the sheer number of organizations today under tremendous stress for they did not have an adequate plan to execute.   Covid may be unique as a pandemic, but it is very similar in pattern to being denied access to your buildings from mold, vandalism, structural stress etc.   This is NOT to make light of how serious COVID is.   It is real, please wear a mask and adhere to public health guidelines.  

For many years I have followed a methodology for business continuity.   Over the years I have tuned it and tweaked it to meet the needs of the organizations I was engaged to assist.   What I had found was if a framework was deployed and leveraged, responses to incidents become less stressed, more focused and with a much higher rate of success.   The post-mortems become, truly lessons learned and not “witch hunts”. 

During any crisis, proper crisis management should be leveraged and that is a topic for another post.   We as business leaders forget at times that to resolve a problem, we need to engage our staff. Our staff are humans that must be cared for and protected as such during a crisis.   The mitigation of the issue becomes the focal point, then after it is resolved proper remediation needs to be engaged to improve the next response to an incident.

 

 

Now on to the framework.   Refer to the graphic above as a guide.

Business Continuity Plan

The Business Continuity Plan is responsible for the business interests as a whole entity.

The Business Continuity Plan is the overarching plan to support the business interest.   It covers elements of staff, buildings, communications, and stakeholders. The components of the BCP include.

  • approach
  • team compositions
  • classification of business services
  • physical addresses
  • contact trees
  • stakeholders
  • communication plan

Before you declare a disaster, you refer to the BCP to ensure the executive team is engaged and an appropriate level of approval has been obtained.   It can be as quick as a phone call or it may involve calling in financial and legal teams to confirm the severity of the declaration along with appropriate messaging.

The Business Continuity Plan also refers to business internal and external stakeholders.

Disaster Recovery Framework

The Disaster Recovery Framework is guided by the Business Continuity Plan and is the actual process to follow.

The Disaster Recovery Framework becomes the execution model for specific Disaster Recover Plans.   It is a structured approach to defining the scenarios in both terms of impacted areas, and execution plans but also the definition of completion.  

By allowing for a structured approach to recovery, your organization is well positioned to have a consistent, measurable, and successful recovery from the many different types of technical disaster recovery declarations.

The goal of the Disaster Recovery Framework is to confirm what type of scenario has occurred.  A scenario could be one or more of the following.

  • Cyberattack
  • Pandemic
  • Weather/Environmental
  • Fire
  • No access to business
  • Systems failure

<h1Scenarios

As part of the Disaster Recovery Framework, scenarios become the structured approach to a specific Disaster Recovery Plan.

The format of each scenario is consistent to provide for improved success while executing the specific plans.

The major areas of each scenario are;

  • Description - A brief description of the event
  • Scope – The definition of what is in and potentially out of scope for the event. This allows for containment for the recovery plans.
  • Impacted areas – This is a comprehensive list of all applications and/or components involved in the scenario. Similar to scope but specific to applications and components.
  • Impacted clients – Who are the stakeholders, action item holders, consulted with groups, informed groups both at the business and technical areas.
  • Resources – Who are the resources both internal and external required to complete the plan.
  • Recovery Overview – This is the high-level description of the major checkpoints during a recovery plan.
  • Major recovery stages (Project Plan) – This is a breakdown of phases with associated tasks to be completed by the plan. It may or may not refer to technical recovery plans.
  • Recovery success determination – What is the definition of success as it relates to the recovery.

Disaster Recovery Plans

The Disaster Recovery Plan is the actual plan to follow wrapped in a specific communications plan.

Typically, this is a formal document, but it can also be a digital tool that lays out the plan to be executed along with a communication plan to keep all stakeholders informed and engaged.   I am firm believer the plan should be digital and in the cloud.   That way it is always current and accessible and more importantly it can be audited.

The contents of a plan may look like the following.

  • Control
  • Introduction
  • Systems and applications
  • Execution Plan
    • Milestones
    • Work Instruction(s) to be followed
  • Contact List
  • Teams
  • Results and Findings

Work Instructions

Work Instructions are very detailed instructions on the actual recovery steps for a specific application and/or component.   This is the knowledgebase to recovery from a component element all the way up to larger application functions.  They may be a small or a very large document that is to be followed.

The instructions should be very complete and NOT rely on internal undocumented knowledge.   These Work Instructions are reusable across many Disaster Recovery Plans for they are specific to applications and components.  By leveraging a consistent method for these technical instructions, fewer errors are encountered, and a higher level of repeatable success is observed.

The work instructions are potentially used frequently by operations outside of a recovery process.   These instructions need to be complete so the individual using the instructions has all they need to complete the task.  

Recovery Flow

The recovery flow is as follows.

 

Conclusion

Plan the work and then work the plan.   Your plan is the guide to follow.   The plan will likely need to change during the execution but not the need to have one.   The Disaster Recovery Framework provides a process to follow to ensure all the needs of the business and its stakeholders are accounted for during a recovery event.

Making !T Work   

Copyright © 2019. JAAT Solutions All Rights Reserved.