Disaster Recovery are you thinking about it ? Are you planning for the worst? If not, you should be! Pt 1.

Lets look at hypothetical - Your organisation is based in Sydney and one of your interstate divisions requires a more central location to provide better customer service. You lease an office on the 6th level of a building located in central Melbourne for that purpose.

The division is provided with a high-speed internet connection which enables them to connect to supplier systems and centralised head office systems. Server infrastructure is in place for locally stored files and documents. This is replicated back to head office on a daily basis, no server backups occur.

A water pipe bursts in the basement flooding the main power switch board of the interstate division. Due to the occupational health and safety all tenants are to evacuate from the premises until the power is isolated, water leak fixed, and the main power switch board replace. The landlord advises this will take up to one month. At the time it is not known by ICT the end of day replication has been failing.

What would you do and why?

If you can’t answer that question or your DRP does not cater for this type of situation,it is time to think hard about your Disaster Recovery Plan!

So what would I do ?

Short-term

·       Check that all team members are safe and well with contact list from HR team

·       Can the team members work remotely on the central network? If not ensure this is facilitated ASAP.

·       Consult Disaster Recovery Plan for direction if available

·       Validate the relative importance of the documents on the local server by using / creating a quadrant or matrix based on business impact if the documents are lost.

·       Confirm the last date of a data replication – Identify the Delta (is this acceptable?)

·       Determine when it is possible to access the environment to remove the server

o  DECISION: Depending on last replication and when the server is accessible to power-up and check the business may make a call to:

1. Proceed with data as at last replication or;

2. Wait to see if all data can be retrieved.

·       Option 1 – Proceed with data as at last replication

o   Ensure this data is accessible to the affected team via a new or existing environment

·       Option 2 – Wait to see if data can be retrieved

o  Once safe to do so access the building and have the server removed and bench tested. If found to be working with no data corruption, then copy to new or existing environment on the central network.

o  If the server is corrupt revert to option 1.

Medium-term

·       Perform post-incident review with possible recommendations:

o  Review all local environments across the organisation with a view to centralising to the main network

o  Ensure back-up policies and procedures are in place for full and differential back-ups across all environments

o  Ensure policies and procedures are in place for monitoring of all servers including automated alerts where possible

o  Ensure Disaster Recovery (DR) plan is updated an alert strategy and with any learnings

o  Claim costs from landlord / Cyber Insurance if possible

Strategic

·       Move all operations to the cloud with managed backups and fail over (co-located) environment so only local devices (not storage systems) need to be replaced. Conduct regular fail over testing.

·       Institute Cyber Event and Data Protection Services and Insurances