Skip to content

Page329

The Disaster Recovery Process

Having discussed the importance of Business Continuity and Disaster Recovery Planning as well as examples of threats that justify this degree of planning, we will now focus on the fundamental steps involved in recovering from a disaster. By first covering the methodology of responding to a disaster event, a better understanding of the elements to be considered in the development of a BCP/DRP will be possible.

The general process of disaster recovery involves responding to the disruption; activation of the recovery team; ongoing tactical communication of the status of disaster and its associated recovery; further assessment of the damage caused by the disruptive event; and recovery of critical assets and processes in a manner consistent with the extent of the disaster. Different organizations and experts alike might disagree about the number or names of phases in the process, but, generally, the processes employed are much more similar than their names are divergent.

One point that can often be overlooked when focusing on disasters and their associated recovery is to ensure that personnel safety remains the top priority. The safety of an organization’s personnel should be guaranteed at the expense of efficient or even successful restoration of operations or recovery of data. Safety should always trump business concerns.

Respond

In order to begin the disaster recovery process, there must be an initial response that begins the process of assessing the damage. Speed is essential during this initial assessment. There will be time later, should the event warrant significant recovery initiatives, to more thoroughly assess the full scope of the disaster.

The initial assessment will determine if the event in question constitutes a disaster. Further, a quick assessment as to whether data and/or systems can be recovered quickly enough to avoid the use of an alternate processing facility would be useful, but is not always determinable at this point. If there is little doubt that an alternate facility will be necessary, then the sooner this fact can be communicated, the better for the recoverability of the systems. Again, the initial response team should also be mindful of assessing the facility’s safety for continued personnel usage, or seeking the counsel of those suitably trained for safety assessments of this nature.

Activate Team

If during the initial response to a disruptive event a disaster is declared, then the team that will be responsible for recovery needs to be activated. Depending on the scope of the disaster, this communication could prove extremely difficult. The use of calling trees, which will be discussed in the “Call Trees” section later in this chapter, can help to facilitate this process to ensure that members can be activated as smoothly as possible.

Communicate

After the successful activation of the disaster recovery team, it is likely that many individuals will be working in parallel on different aspects of the overall recovery process. One of the most difficult aspects of disaster recovery is ensuring that consistent timely status updates are communicated back to the central team managing the response and recovery process. This communication often must occur out-of-band, meaning that the typical communication method of leveraging an office phone will quite often not be a viable option. In addition to communication of internal status regarding the recovery activities, the organization must be prepared to provide external communications, which involves disseminating details regarding the organization’s recovery status with the public.