Disasters can range from a single application, server, or network failure to a regional or national event that severely impacts the availability of technology that maintains key business functions. Preparing for IT disaster recovery means that the company is preparing for the recovery or resumption of the technology infrastructure and capabilities that support critical business processes.
What does the IT disaster recovery lifecycle look like?
So, how can an organization prepare for IT disaster recovery? It starts with identifying the critical application and component dependencies. Following this, the organization should conduct an application impact analysis and a business impact analysis. Then, the organization can design and develop an IT disaster recovery strategy based on the agreed business requirements. Moving on to the execution, the organization is now able to implement the strategy that was created through careful analysis. Finally, the organization will measure and validate recovery procedures, analyze results, maintain plans, and report on the strategy.
Sequence simulation and sequence planning
A key concept of information risk management is running simulations. The idea of a simulation is simple – the organization goes through a simulated disaster to determine whether emergency response plans are adequate. Through a recovery sequence simulation, the organization identifies the flow of recovery and what type of technology is required for the recovery plan. So, what does this look like? The organization would first establish the simulation team and collect the sequence and component information. This technical team must understand the organization’s environment and be able to articulate how the puzzle pieces of the business fit together.
The second stage is the discovery phase, where the team will consider the organization’s infrastructure, business applications, as well as the key business functions and services. Then, the simulation team develops a sequence draft or a document that includes the steps and flow of the disaster recovery plan. The fourth stage of a recovery sequence simulation is validating the overall sequence and spotting any missing items or single points of failure. Then, the organization can finalize the sequence flow.
The sequence flow can be used to verify recovery requirements, identify predecessors and dependencies, determine what plans are needed (as well as their owners), discover document recovery time expectations, and identify milestones (both functional milestones and communication-related milestones). The bottom line is that a sequence flow improves the ability to execute recovery and your overall status communication capability.
The key parts of the simulation lifecycle and how Fusion can help
- Business Continuity Planning – During the planning stage, the simulation lifecycle team will define the scenario and the success criteria. They will also document the scope of the exercise as well as the criteria of the simulation itself and obtain exercise approval from relevant stakeholders. The planning stage includes scheduling the resources needed for initiating the pre-test plan reviews.
- Event Facilitation – The second stage is the simulation itself, in which the team orchestrates and facilitates the scenario. During this stage, the team executes recovery activities, communication plans, manages resources, and documents any issues, actions, or tasks that were identified during the event.
- Post-Event Management – This stage is where the team develops and shares executive communication and generates an after-action report that is distributed to all relevant employees. Post-event, the simulation team also assigns actions to plans and owners and reports key takeaways from the exercise.
Fusion clients can find support within the Fusion platform for all stages of the simulation. Starting from the planning stage, Fusion offers assistance when it comes to the setup of incident simulation, pre-exercise report supporting approvals and resource scheduling, and any related pre-exercise plans. During the event, within the Incident Manager, Fusion clients can orchestrate, manage, and monitor event-related actions, reconcile dependencies, facilitate communications in real time, and document relevant notes, actions, and issues. When it comes to post-event management, within the platform, users can generate an after-action report that supports executive communication and includes future actions. There is also a post-exercise dashboard, reports, and workflow reminders outlining actions and relevant remediations.