Disaster recovery planning has long been a hot topic on IT Business Edge, with the main focus on systems and service continuity, customer service and data preservation. But what is often glossed over is that, alongside the infrastructure/DR team, the risk management officer or team should be involved from the beginning planning stages. Unfortunately, DR sometimes tends to be handed off to IT, as if it can be planned and carried out in isolation, and the rest of the company needn’t worry as long as they’ve got the IT on-call number when everything blows up. The good news is that the end result will be stronger if the larger IT group doesn’t try to carry the entire load alone.
It’s true that disaster recovery planning is a complex balancing act of priorities for IT. What your risk management team adds is a larger vision of cross-departmental priorities, as well as knowledge of how well those non-IT departments are educated and prepared to function when the disaster hits. A DR plan that ensures five nines of uptime and uninterrupted mission-critical system access is going to be a failure if line-of-business managers and staff are physically unsafe or isolated, or unaware of the alternate means of access.
Ideally, the risk management team will be a part of the initial disaster recovery planning process, and will then be well-positioned to assist the IT department with
- Gathering business requirements for the planning process
- Drafting procedures and instructions for all departments and updating these documents at prescribed intervals
- Testing plans and procedures
- Training departmental managers on disaster recovery, who will then train their groups on DR procedures
- Communicating procedural or staffing changes in non-IT departments to the IT group, when those changes create the need for updates to the plan