CMS Security Handbook by Tom Canavan

Author:Tom Canavan
Language: eng
Format: epub, pdf
Publisher: Wiley
Published: 2011-03-22T16:00:00+00:00

Incorporate these things into your plan, and schedule a disaster drill soon after to ensure that the plan has successfully been updated.

The post-test review is where you formulate your After Action Report. Chances are good that if you have convinced the senior management team to spend the money on developing a disaster recovery plan, they're going to want to know the results. If the test doesn't go well, the impression might be that it was a waste of money and time. It's only a waste, however, if no improvements are made as a result of the tests.

As part of your test, you should have a trusted and neutral person monitor and observe. That person's role will be to gauge reactions, check on progress, and, basically, just see how the test goes.

After the test is done, schedule a follow-up for just the leadership within a few days. Ask the person monitoring for a candid review of the leadership's performance. You may hear some things you don't want to hear, but your finding them out now is better than finding them out in a real emergency. Gather feedback on the staff's performance—good, bad, and ugly. You can use this information to improve performance on all fronts.

Technical glitches that are found should be brought up in a staff meeting dedicated to gathering impressions, facts, ideas, and changes. If you trust your staff, then trust their impressions. Update your materials and redistribute the changes to the plan.

What you may find is that some procedures that were documented don't actually work. For example, in one a real-life situation the documentation from a hardware manufacturer was inaccurate for a large uninterruptable power supply (UPS). This huge piece of equipment had a particular stop and startup procedure. The documentation was wrong, and the test discovered it. Had this discovery been made during an active disaster, the company's time to recover would have been much longer.

You should consider retesting your plan within 90 to 120 days.

Anticipating the Unexpected

You should always expect to find the unexpected, whether that be during a test or during any real disaster. Do not expect your well-oiled plans to work every time. Expect failures. Expect resistance from the websites and technologies. Because disasters are typically chaotic moments, expect some of that chaos to rub off on your process. The phenomenon touches people, processes, technology, missed shipments, and more. These are simply part of the event.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.