In the not so glamorous but critical world of disaster recovery planning, Meta Group highlights an unsurprising disconnect between how fast a business thinks it can recover from a disaster and how long it actually takes to do so in a real scenario. Analyst Rob Schafer explains(client reg. req.):
Too often, we are finding a disturbing organizational conundrum concerning the realistic viability of disaster recovery (DR) plans. Organizations are driven by increasing compliance pressure, and our research indicates a disconnect between stated recovery time objectives (RTOs) and the reality of recovery in a real disaster scenario. Specifically, the business mandates the IT organization (ITO) deliver a documented, tested DR plan with a specific RTO (e.g., 48-hour recovery). Although technically compliant, the ITO is often aware of significant disconnects between the tested recovery plan and a real-world disaster (e.g., the regularly scheduled tests require weeks/months of preparation unavailable in a true disaster).
Bottom Line: Responsible ITOs must clearly communicate the true state of DR planning, documenting exposed risks and targeting unrehearsed, ad hoc "fire-drill" testing as the true measure of preparedness.
Concerned security professionals interested in closing this gap could benefit from the recently published Business Continuity Guideline from ASIS International. Weighing in at nearly 50 pages, the guide provides step-by-step preparation and activation guidance, including readiness, prevention, response, recovery/resumption, testing and training, and evaluation and maintenance. It also includes an easy-to-understand appendix entitled "Business Continuity Checklist."