A solid DR plan can help you recover systems and fix technical problems in a crisis. But you should also be ready to deal with nontechnical issues—like panic, misinformation, and damaging rumors.
Disaster recovery plans test systems performance and recovery—but there is no scientific way to test the resilience of employees (or yourself) under disastrous conditions. This can leave your company exposed to human error, risks of danger, and miscommunication. Here are 10 questions managers should ask to make sure they're addressing the nontechnical side of DR.
1: Is everyone physically all right?
I once worked for a company that experienced an earthquake, and all the C-level executives were standing out in the parking lot and away from the building. Meanwhile, half the staff was still inside the building. As a C-level exec on this team, I was embarrassed. "What are we doing out here?" I asked. "We should be helping these employees." Your employees look to the C-team for guidance, especially in a disaster. C-level execs need to be part of the solution.
2: Are key contributors emotionally stable?
You might have the most capable employees in the world, but if they are not emotionally able to do their jobs, you have to take other steps. This happened to one company during Hurricane Katrina. Its database administrator was fine, but he had just learned that his family was missing in the hurricane and he couldn't get word from them. The anxiety made it difficult for him to concentrate on the recovery effort, so a second in command had to be called in.
3: Are you remaining calm?
In times of disaster, staff takes cues from how their management is doing. There is no more important time for managers to remain calm and in control than in a critical disaster. You might not feel at ease, but you've got to project confidence and calm to your people or they could panic.
4: Who takes over for a top performer?
I know managers who have lost key people in disasters and suddenly discovered that they have no one else on staff who can step in. If you don't have a second person who can take over a critical function in a pinch, your disaster recovery plan should include a list of several consultants who could be called in to do what is needed.
5: Are you keeping your CEO informed?
Many organizations bury the CIO or the DR manager under several layers of management, so they seldom interact directly with the CEO. But when a major disaster strikes, most of these reporting formalities are dispensed with. If the disaster is IT-oriented, make sure that you have a direct line to the CEO and that you keep him/her constantly informed throughout the crisis. Questions will be coming in from customers, shareholders, business partners, and the investment community, and the CEO needs to know how to answer them.
6: Does everyone understand the communication tree?
Most companies have "communication trees" in their disaster recovery plans. These communication trees inform employees where (and to whom) they are to take information during a disaster, Typically, it directs employees to report disaster-related information to their direct supervisors, who report to business unit managers, who report to C-level executives, the public relations department (responsible for communications to the outside world), and to the CEO. This communication protocol should be reviewed with employees at least quarterly. If you don't do this, employees will fall back on their usual communication habits, which could spread misinformation.
7: Who in IT talks to whom?
Working directly with your IT staff on disaster communication protocol goes hand in hand with the rule set of the communication tree. In a disaster, staff has a tendency to be nervous, so it's natural for a staffer in the accounting department to just call a junior staff member in IT networking he has lunch with to "get the latest." This is where rumors start that can be damaging to the company, both internally and externally.
8: Are you ready for the outside world?
During a disaster recovery, you must make sure that people and facilities are safe and that systems get back online quickly. But you also have to deal with incoming phone calls from newspapers, television, and radio. Always know how you're going to respond to anticipated questions—and which questions you will decline to answer. This is also a good place to use your administrative staff for handling the calls while you focus your efforts on the disaster.
9: What didn't you think of?
Most IT groups are pretty good at reviewing their technology plans after a disaster so they can tighten them up for anything that didn't work as documented. DR managers should also review the human side of disasters to determine which activities didn't run smoothly and then make the necessary corrections.
10: How often do you review your plan?
A corporate disaster recovery plan should be reviewed and revised annually—at a minimum. Threats, operations, and systems continuously change. So if you don't review your plan regularly (and many organizations don't), you will find that it no longer matches the reality of your business or your IT when disaster strikes.
- 10 areas of IT risk you could be overlooking
- C-level execs: Disaster recovery is more than just an IT problem
- 10 projects IT should stop putting off
- Resource and Data Recovery Policy (Tech Pro Research)
- High-performance IT demands a robust succession plan (Tech Pro Research)
What suggestions would you add to this list? Share your advice with fellow TechRepublic members.