Maintaining and improving the DRP

Refer to IT Disaster Recovery Planning for Dummies – Page 233 Chapter

10

1
 Introduction
• By maintaining the plan on a regular basis, the organization will avoid the time
required to create a plan from scratch and it will be prepared whenever a disaster strikes.
• The most efficient method of maintaining the plan is to present parts of the plan to those
who assisted in creating the plan initially.
• Team members should be verified, procedures and tasks re-examined by team members,
and lists (staff, vendors, customers) updated.
• Any appendices such as communications schematics and computer equipment lists
should be updated.
• Even in very large organizations, the maintenance of the plan will require a week or two
of effort a year.

2
 Maintaining BC and DR Plans

• Events that necessitate review and modification of DRP and

BCP procedures:
i. Changes in business processes and procedures
ii. Changes to IT systems and applications
iii. Changes in IT architecture
iv. Additions to IT applications
v. Changes in service providers
vi. Changes in organizational structure
 The role of change in DRP maintenance
• Change in IT infrastructure, systems, and processes is the most common organizational
change and one that potentially has the biggest impact on the BC/DR plan.
• Changes in operations can also dramatically impact BC/DR plans.
• Some operational changes happen slowly over time and may go unnoticed until an audit
or plan test. Other changes may be more obvious.
• In either case, changes to operations should trigger change notifications or change
requests.
• Corporate mergers, acquisitions, spin-offs, and restructuring activities can also have a
significant impact on BC/DR plans.
• In many cases, these changes cannot be anticipated and the BC/DR team may simply
have to respond to changes as they occur.
• Changes in the legal, regulatory, or compliance arenas may trigger mandatory changes to
the organization or to the BC/DR plan.
• These changes should be flagged as required and their impact on the BC/DR plan should
be assessed. 4
 Summary
• Training, testing, IT auditing are three primary ways the BC/DR plan is updated
and maintained.
• Each of these activities may generate change requests that help modify the plan
in ways designed to improve the effectiveness of the plan.
• Together, training, testing, and auditing are the three fundamental plan
maintenance activities
• The BC/DR plan should be audited periodically to review it from a business
perspective.
• The purpose of a DRP audit is to review whether the plan meets a stated set of
criteria such as business practices, legal, or compliance requirements.

5
 Summary contd …

• Factors such as cost, feasibility, desirability, interaction with existing processes,

and risk impact should be assessed before changes are accepted.
• If a change is accepted, it should be incorporated into the plan, the plan should
be revised, and plan stakeholders should be notified the plan has been revised.

6
 Tutorial

• In groups develop a DRP for an organization of your choice using the template
below:
• https://www.precisely.com/blog/data-availability/3-real-world-disaster-recovery-
plan-examples