When you’re trying to determine your IT DRP strategy, you can have many options open to you and you can’t just dismiss them without good reason. Identify the pros and cons of each solution and document them so you can see which option is best for you – or at least the top 3 solutions that work best for you and have the best bang for your buck.
When you have met with the various vendors or partners – this means meeting with internal and external sources depending on the solution, and determined everything from resources needed (physical and financial) and the details of each option (documented), it’s then time to take it up the ladders. You don’t just make the decisions on your own or with a small group of people; you’ve got to get approval from Senior Leadership, as ultimately, they are the ones who’ll be paying for everything. They need to understand the how’s and why’s of doing what you propose so they can make the right decision based on need. Remember, they might have other plans in the works that you aren’t privy too – yet – and might need to discuss amongst themselves and some of their team members which option is best based on information you may not have at your disposal.
Speaking of executives, they must know the risks associated with each IT DRP option you’ve determined and you – yes you, not them – must have a mitigation plan in place so they can balance options against those risks. These risks will also align with the risk of not doing anything at all; they align to the risks identified by Business units during their Business Impact Analysis (BIA) process. The IT DRP must address the BIA findings while at the same time, ensuring organizational compatibility and leadership expectations. Often, findings don’t align with what corporate leadership believes is most important to the organization (what they expect) and the IT DRP developed doesn’t meet their expectations and is developed and implemented without them even knowing what the solution is. Then you’ve the BIA findings saying one thing, the IT DRP addressing another and corporate leadership having a differing understanding of what would happen.
So be sure that as you put together the various aspects that will make up the IT DRP, including the aspects that feed the need for the IT DRP solution, that are all on the same page and everyone is in complete agreement and understanding. Otherwise, when something does occur you’re going to find complete pandemonium and confusion because no one is reading from the same book, let alone the same page.
© StoneRoad 2016
A.Alex Fullick has over 19 years’ experience working in Business Continuity and is the author of numerous books, including “Watch Your Step”, “BIA: Building the Foundation for a Strong Business Continuity Program.”and “Testing Disaster Recovery and Business Continuity Plans.”