Why do some companies fail their disaster recovery plan (DPR) audit?

Why do some companies fail their disaster recovery plan (DPR) audit? Perhaps because they did not get the right information for it. They say experience is the best teacher; thus, nothing beats what you can learn from real-world case studies. See what you can learn from the following case.

Hosting certain types of data and managing a government network legally bind you to maintain DRPs. After an audit of the Michigan Department of Technology and Budget, several failures led to a trove of helpful tips for small- and medium-sized businesses attempting to create a bulletproof disaster recovery plan.

  1. Update and test your plan frequently.
    What was one of the first and most obvious failures of the department’s DRP? It didn’t include plans to restore an essential piece of their infrastructure — the department’s intranet. Without it, the employees are unable to complete even the most basic of tasks.

The reason for the oversight? The last time the plan was updated was in 2011, leaving out more than six years of IT advancements. If annual revisions sound like too much work, just consider all of the IT upgrades and improvements you’ve made in this year alone. If they’re not accounted for in your plan, you’re destined to fail.

  1. Keep your DRP in an easy-to-find location
    It may seem a bit ironic that the best way to store your top-of-the-line business continuity solution is in a binder, but the Michigan Department of Technology and Budget learned the hard way that the alternatives don’t work. Auditors found the DRP stored on the same network it was meant to restore. Which means if something had happened to the network, the plan would be totally inaccessible.

Your company would do well to store electronic copies on more than one network in addition to physical copies around the office and off-site.

  1. Always prepare for a doomsday scenario
    The government office made suitable plans for restoring the local area network (LAN), but beyond that, there was no way for employees to get back to work within the 24-hour recovery time objective.

Your organization needs to be prepared for the possibility that there may not be a LAN to go back to. Cloud backups and software are the best way to keep everything up and running when your office is flooded or crushed beneath a pile of rubble. For more information on the benefits of the cloud go to www.nsa-nv.com/cloudservice.

 

Your DRP is more than just a pesky legal requirement. It’s the insurance plan that will keep you in business when disaster strikes. Network Security Associates professionals know the importance of combining both academic and real-world resources to make your plan airtight when either auditors or blizzards strike. Contact us today at www.nsa-com or 702-547-9800.