Summary: CIO's and IT leaders have many responsibilities; however, one of the greater challenges is in developing an effective disaster recovery plan. In this episode I share some thoughts on how to get a solid plan in place. What is a disaster? - Pandemic - Access to the building - Fire - Water - Power outage - A regional event - Power outage - Weather (hurricane, snow, ice, and earthquake) - Terrorism - Systems - Catastrophic bug - Security breach Start with system ownership - Business owner: Ownership is important from the business side in determining priorities for recovery and checking systems - IT owner: Ownership is important from the IT side for knowledge base. This translate to ensuring applications are up to date and patched on a regular basis to ensure ability to recover Application tier for recovery priority - Tier 1: 4 hour - Tier 2: 8 hour - Etc. Integrated environment: understand cross dependencies Documentation was in the wiki but the Intranet was tier 4 so no way to recover because instructions were not there Move toward redundancy and resiliency Don’t build your own data centers anymore Just a machine room with telecommunication and end points Cloud services - Primary Servers - Burst capacity - Disaster recovery Business continuity - Used to be an office facility kept dark - Now a shared office space - Or through virtualization any Internet connection will do How should you be testing? - The straight answer that is most commonly done is to certify the applications prior to rolling into production generally done by the development teams and often without actually testing them - Scenarios should be thought out and then tested through “table top” exercises - Once a year a complete disaster recovery exercise should be conducted Certification before each system rolls into production
