Do you understand your data and your data flows? – If you have a disaster, it may be necessary to put your systems and procedures back together. If you don’t understand how the data worked, what it does and how it flowed, then you will experience a lot of difficulty in getting it working again. If possible, you should document your data structures and data flows, and keep that data off site and up-to-date.
Do you have adequate backups? – You must make sure that all of your critical systems (at the least) are backed up regularly. Once a day is the minimum period, and for some systems more often may be required.
Are your procedures working? – Backups that are not checked regularly are suspect (at best). You must, repeat must, test your backups regularly (I test the backups of each system at least once per quarter). How do you test? You restore files and data from those tapes and ensure the data is valid.
Are your backups stored off site? – You MUST store your backup tapes outside of your site. All kinds of things can happen. Your building could burn down, an earthquake can destroy the computer center or a police investigation could close down the place. If your backups are stored elsewhere than you have a much better chance (unless it’s a very serious disaster) of restoring your data.
Are you using mirroring on the disks of all of your critical systems? – Disk mirroring can prevent problems in many different types of situations. The intention is to protect your data from disk failures. Now this is important: a mirror will NOT protect from database errors, application issues and software errors. It is intended to protect against hardware failures. That’s one reason why you also need backups.
Do you have backup communications? – One of the most vulnerable pieces of the infrastructure is the telephone and communications systems. Always make sure you have backup lines installed for all vital systems, and if possible, use different telephone companies for those lines.
Do you have a backup location? – Before a disaster, make sure you have a backup location set up and ready to go. You can do this through a third-party company or you ca do it yourself. This location must include enough hardware and the necessary communications and network to run your critical operations if the main computer center is destroyed.
Do you have a disaster recovery plan? – Do you know what to do in a disaster? Have you allocation resources and set up duplicate systems? Do you understand what kind of disasters can occur? Ensure you have a plan, a written plan, which describes what a disaster is, what to do when it happens and how to continue operations. Make sure you have all of the necessary resources (hardware, software, vendors and so on) in place BEFORE A DISASTER.
Does you staff know what to do? – If you had a disaster today, would your operational staff know what to do? Do they know where to go? Do they understand the plan, the data flow and the authorities they will have in a disaster? The best way to check this out is to rehearse your disaster plan. Do it regularly to be sure everyone knows what to do when and if a disaster occurs.
Is the infrastructure handled? – Do you have a generator and a means to keep it fueled? Are your systems protected by a UPS? Is the communications backed up? If you had a disaster, does your staff have a place to work? Do they have desks, computers and other necessities?
Do you have disaster plans coordinated with vendors? – Your vendors should be briefed on their role in a disaster. This includes both your computer operations vendors (phone company, hardware vendors, and so on) as well as your other vendors (warehouses, shippers and so on). For example, your hardware vendor could be instructed that your operation staff (who normally need approval to spend large amounts of money) can execute major purchases if a disaster is declared. Your warehouses and shippers might have standard orders to use if, for some reason, you cannot order product due to an emergency.