30 Jan 2008
Despite our best intentions and investment in a range of preventive security controls, serious incidents and disasters may still interrupt IT systems and impact the business processes which they support. As some say, **it happens. Just when everything is running sweetly, something unanticipated occurs, revealing that Plan A is not quite so perfect after all.
Contingency planning (Plan B) puts us in a better position to survive any disaster by:
1) Managing the immediate crisis professionally and confidently;
2) Keeping the organization’s essential processes and systems running despite the event through resilience and continuity planning; and
3) Recovering non-essential processes and systems as soon as possible thereafter disaster recovery planning.
The time to plan for a disaster is now, when things are going well: planning during a disaster will be too late.
As always, this month’s NoticeBored module provides a range of high quality security awareness materials aimed at staff, managers and IT pro’s. We found it relatively easy to write a detailed 9-page white paper on Disaster Recovery for IT and a 5½-page management briefing on Plan B. Crunching the key facts into one page staff, management and technical briefings was harder, and doing so without losing the plot was quite tough. Our solution was to put the subject in context for each audience:
- We encourage ordinary employees to find out about their department’s contingency plans and draw up their own personal Plan B;
- For managers we point out their governance responsibilities and highlight the risk management advantages of thinking ahead and preparing for the worst;
- Technical aspects of high availability systems architecture and DR are of interest to IT people, and it doesn’t hurt to emphasize IT’s critical role in keeping the average corporation on the air.