About Me

My photo
Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.

Tuesday, May 15, 2012

My Disaster Recovery Plan is GOLD

Disaster Recovery is always a great topic of discussion.  I had a colleague contact me recently and asked if I would look at their DR plan and poke holes in it.  So, naturally I said sure.

I spent the time looking through the plan and it looks good, very well thought out, and has some areas that need some attention.  It also has some major flaws - and it is not what is in the plan, it is what is not in the plan.  That is the plan itself.  So I called him up and said let me ask you some questions.

  1. If your data center goes down, where is your plan?  On SharePoint?  So you can't get to your plan then?  Right?  Where is your off site copy?
  2. Network is down, can't get to Outlook - where is your notification list - in Outlook?  Where is the off site copy?
  3. Where is your runbook copies?  Runbooks - those documents you need to ensure anyone can help you recover a system or application.  Don't forget the people aspects of your DR plan.  If you have a disaster that hit your data center, chances are some of your staff could be impacted. 
Find a cloud based solution to help you manage your disaster recovery documents.  You can get access to the Internet from a fast food place, hotel or a staff member home.  Don't have the only copies in your own data center that you just wrote your DR plan for. 

The other thing I recommended was to have a process for updating the plan as the infrastructure changes, applications put in production or retired, and testing the plan.  Do an actual test, not just go through a whiteboard session in a meeting room.  Make sure you can actually recover to your RPO and RTO agreements. 

One more important step I saw missing was a clear process and role responsibility for declaring a Disaster.  Don't have just 1 person with authority - have a few folks with the authority to declare a Disaster or a committee.  During your test, flush all these process(s) out.  Make sure you adjust and update your plans with lessons learned. 

So not Gold yet, but getting there.  Continuous improvement will get you to Gold my friend.

Keep it positive!

Scott Arnett
scott.arnett@charter.net
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)