Disaster Recovery Testing - The Sandy Effect

Most organizations that we do business with have disaster recovery policies and/or business continuity policies, but in the weeks leading up to and following Hurricane Sandy, we started to wonder how many of these policies are tested on a regular basis.

As Adaptive prepared for the possible effects of Hurricane Sandy, we went back and evaluated our recently updated Disaster Recovery Policy.  It was important to ensure we had incorporated our new remote office and new systems that are integral to our business operations.  Even though Adaptive’s policy was updated within the past year, it was imperative to re-evaluate our procedure if disaster struck.  We had consistently performed the paper testing of the policies in prior years, but when faced with an actual event that could cause outages, we found that we should still adjust the intervals in which we update our policies and procedures.

In the weeks following Hurricane Sandy, we asked some of our clients if they execute DR/BCP tests on a regular basis.  Most said no, and some said never.  When we followed up asking when they had last updated their Disaster Recovery policy, a scary reality began to set in.  Some of the organizations had policies and procedures that were so out of date that the notification alert system listed employees that no longer worked at their company and contained procedures that no longer existed.

It’s reasonable to believe that these organizations are asked if they have a DR/BCP plan every year, and they can honestly say they do.  Yet, how effective are these policies, plans, and procedures that are currently in place?  With the availability of cloud based solutions and storage, we are able to simplify some of our plans and lower the cost of proper planning resources.  Once the new DR/BCP policy is securely in place, the only task that remains is continually keeping these policies up to date with the most relevant company information.