Developing a Contingency Plan - Recovery strategies
(Page 3 of 4 )
Recovery strategies enable operations to be rapidly normalized in the event of disruption. Strategies should be based on the data gathered in the impact assessment, in order to ensure that they are appropriate to the organization's core requirements. They should also take into account the full range of possible incidents and disruptions.
Among the specific strategies that should be considered are:
Backup strategy. This will specify the frequency and type of backups, the data sets to be backed up, file naming policy, backup storage locations, procedures for transport to off-site locations, etc. It will also specify the type or types of backup media and the frequency of rotation and renewal, based on the volume of data, and its integrity and availability requirements.
Alternate sites. In extreme circumstances it may be desirable or necessary to transfer operations in whole or in part to an alternate location. The contingency plan should identify such locations, which must be capable of supporting the operations they may be required to accommodate. The plan should also specify the circumstances under which relocation is to be undertaken, and address the logistical considerations of such a move.
Equipment renewal. In the event of major damage or theft, it may be necessary to replace items of IT infrastructure at short notice. If the planning architect considers it necessary, the contingency plan should specify emergency arrangements for the procurement, delivery and commissioning of replacement hardware. This may involve arrangements with suppliers to supply equipment at short notice, the advance purchase and off-site storage of critical items of equipment, and plans for the contingency use of suitable equipment already owned by the organization.
Roles and responsibilities. The plan should specify teams and individuals and the areas for which they are responsible in an emergency situation. The people involved must understand their roles and the expectations that these roles place upon them, and they must be fully prepared to implement their responsibilities at short notice when required.
Build the plan
The plan development phase involves pulling together all the information gathered in the previous steps into clear and precise outlines of the actions to be taken under various emergency conditions. The plan should be laid out in a simple and straightforward manner, to assist people to locate relevant information quickly and easily. An emergency is not the time for individuals to have to wade through thousands of words trying to find the bits that matter to them. The plan should also be simple to execute under emergency conditions.
A useful approach to laying out the plan is to structure it according to the various emergency circumstances that have been envisaged. Within these sections, step by step work flows, and checklists targeted at individuals or teams help make it easy for people to know what they are supposed to be doing.
It is typical to specify three phases of response for each identified emergency situation. The first of these is the activation phase, and consists of the procedures for communicating the existence of the emergency, assessing the damage and activating the plan. The second phase is the recovery phase, during which the recovery procedures are initiated and carried out. This is followed by the reconstitution phase when the original infrastructure is restored and tested, and the emergency procedures wound up.
Next: Test, train and maintain >>
More Server Administration Articles
More By Bruce Coker
