This is the second of a three-part series that describes specific methods for organizing and writing a comprehensive disaster recovery plan. The first part of this series described the process for developing a thorough disaster recovery plan.
A well-organized disaster recovery plan will directly affect the recovery capabilities of the organization. The contents of the plan should follow a logical sequence and be written in a standard and understandable format.
Effective documentation and procedures are extremely important in a disaster recovery plan. Considerable effort and time are necessary to develop a plan. However, most plans are difficult to use and become outdated quickly. Poorly written procedures can be extremely frustrating. Well-written plans reduce the time required to read and understand the procedures and therefore, result in a better chance of success if the plan has to be used. Well-written plans are also brief and to the point.
A standard format for the procedures should be developed to facilitate the consistency and conformity throughout the plan. Standardization is especially important if several people write the procedures. Two basic formats are used to write the plan: Background information and instructional information.
Background information should be written using indicative sentences while the imperative style should be used for writing instructions. Indicative sentences have a direct subject-verb-predicate structure, while imperative sentences start with a verb (the pronoun “you” is assumed) and issue directions to be followed.
Recommended background information includes:
- Purpose of the procedure
- Scope of the procedure (e.g. location, equipment, personnel, and time associated with what the procedure encompasses)
- Reference materials (i.e., other manuals, information, or materials that should be consulted)
- Documentation describing the applicable forms that must be used when performing the procedures
- Authorizations listing the specific approvals required
- Particular policies applicable to the procedures
Instructions should be developed on a preprinted form. A suggested format for instructional information is to separate headings common to each page from details of procedures. Headings should include:
- Subject category number and description
- Subject subcategory number and description
- Page number
- Revision number
- Superseded date
Procedures should be clearly written. Helpful methods for writing the detailed procedures include:
- Be specific. Write the plan with the assumption it will be implemented by personnel completely unfamiliar with the function and operation.
- Use short, direct sentences, and keep them simple. Long sentences can overwhelm or confuse the reader.
- Use topic sentences to start each paragraph.
- Use short paragraphs. Long paragraphs can be detrimental to reader comprehension.
- Present one idea at a time. Two thoughts normally require two sentences.
- Use active voice verbs in present tense. Passive voice sentences can be lengthy and may be misinterpreted.
- Avoid jargon.
- Use position titles (rather than personal names of individuals) to reduce maintenance and revision requirements.
- Avoid gender nouns and pronouns that may cause unnecessary revision requirements.
- Develop uniformity in procedures to simplify the training process and minimize exceptions to conditions and actions.
- Identify events that occur in parallel and events that must occur sequentially.
- Use descriptive verbs. Nondescriptive verbs such as “make” and “take” can cause procedures to be excessively wordy. Examples of descriptive verbs are:
Acquire Count Log
Activate Create Move
Advise Declare Pay
Answer Deliver Print
Assist Enter Record
Back Up Explain Replace
Balance File Report
Compare Inform Review
Compile List Store
Contact Locate Type
Although most disaster recovery plans address only data processing related activities, a comprehensive plan will also include areas of operation outside data processing.
The plan should have a broad scope if it is to effectively address the many disaster scenarios that could affect the organization.
A “worst case scenario” should be the basis for developing the plan. The worst case scenario is the destruction of the main or primary facility
Because the plan is written based on this premise, less critical situations can be handled by using only the needed portions of the plan, with minor ( if any) alterations required.
Every disaster recovery plan has a foundation of assumptions on which the plan is based. The assumptions limit the circumstances that the plan addresses.
The limits define the magnitude of the disaster the organization is preparing to address. The assumptions can often be identified by asking the following questions:
- What equipment/facilities have been destroyed?
- What is the timing of the disruption?
- What records, files and materials were protected from destruction?
- What resources are available following the disaster:
– Hot site/alternate site?
Following is a list of typical planning assumptions to be considered in writing the disaster recovery plan:
- The main facility of the organization has been destroyed
- Staff is available to perform critical functions defined within the plan
- Staff can be notified and can report to the backup site(s) to perform critical processing, recovery and reconstruction activities
- Off-site storage facilities and materials survive
- The disaster recovery plan is current
- Subsets of the overall plan can be used to recover from minor interruptions
- An alternate facility is available
- An adequate supply of critical forms and supplies are stored off-site, either at an alternate facility or off-site storage
- A backup site is available for processing the organization’s work
- The necessary long distance and local communications lines are available to the organization
- Surface transportation in the local area is possible
- Vendors will perform according to their general commitments to support the organization in a disaster
This list of assumptions is not all inclusive, but is intended as a thought provoking process in the beginning stage of planning.
The assumptions themselves will often dictate the makeup of the plan; therefore, management should carefully review them for appropriateness.
The structure of the contingency organization may not be the same as the existing organization chart.
The team approach is used in developing a plan as well as recovery from a disaster. The teams have specific responsibilities and allow for a smooth recovery.
Within each team a manager and an alternate should be designated. These persons provide the necessary leadership and direction in developing the sections of the plan and carrying out the responsibilities at the time of a disaster.
Potential teams include:
- Management team
- Business recovery team
- Departmental recovery team
- Computer recovery team
- Damage assessment team
- Security team
- Facilities support team
- Administrative support team
- Logistics support team
- User support team
- Computer backup team
- Off-site storage team
- Software team
- Communications team
- Applications team
- Computer restoration team
- Human relations team
- Marketing/Customer relations team
- Other teams
Various combinations of the above teams are possible depending on the size and requirements of the organization. The number of members assigned to a specific team can also vary depending on need.
The benefits of effective disaster recovery procedures include:
- Eliminating confusion and errors
- Providing training materials for new employees
- Reducing reliance on certain key individuals and functions
In the next issue, the third part of this series will describe specific methods and materials that can expedite the data collection process.
Geoffrey H. Wold is the National Director of Information Systems and Technology Consulting for the CPA/Consulting firm of McGladrey & Pullen. He specializes in providing a wide range of planning, operational and EDP related services .
This article adapted from Vol. 5 #2.