"Writing and Selling the Plan"

Part 5 of the series on Disaster Recovery Planning

By Geoffrey C. Tritsch and Dr. Robert Kuhn
COMPASS CONSULTING INTERNATIONAL, INC.

Since we last met, you have of course gathered all the information on current spaces, systems, people, priorities, and procedures and are all ready to write your plan. (… What, you haven't?) A disaster preparedness plan consists largely of organizing that information and making it readily accessible to you and your various teams.

Before you get to the "meat," there are some organizational elements that it is best to state explicitly up-front. You need to define the place of the plan in the institution, i.e. set the scope by saying what is and is not covered and define the relationship to any more general business continuity planning for other institutional functions. For technology, you need to specify support for emergency services, public safety, public information, and so on.

Once your scope is defined, you can get down to business. One organizational principal comes from the NIST Contingency Planning Guide for Information Technology Systems: think in terms of the phases you must go through after an incident.

• First, you need to let the appropriate people know that an event has occurred (Notification/Activation Phase).
• Next you need to get the priority systems running with what is available, which may mean temporary locations or facilities (Recovery Phase).
• Finally, you need to restore to (a possibly new level of) normal operations (Reconstitution Phase).

The information you gathered is critical to each of these phases.

Another way of organizing the material is functionally: policies, procedures, people (internal and external), and systems (internal and external). This approach will only make sense for a highly integrated or converged operation. If your Telecom/IT operations are not unified, you may want to structure your plan primarily with sections for each unit: telecommunications, networking, administrative systems, academic systems… One disadvantage of this stovepipe structure applied to your disaster preparedness plan is that it can conceal opportunities for cooperation. If your academic systems are not physically co-located with the administrative ones, then you have the opportunity for redundant sites by sharing both of the spaces for both functions. If spare systems (or systems capacity) are pooled between administrative and academic systems, you will be more resilient to incidents and have a more flexible set of response strategies than if the resources are segregated. For a sample table of contents for a disaster response plan, email us at info@compassconsulting.com.

The data-gathering process discussed last time amounts to turning over all your rocks, and writing down what you found there. Inevitably there are going to be consequences:

• You are going to identify weak points where a simple loss could have disastrous consequences, e.g., data networks in a star topology, servers concentrated in a single location, all trunks in one cable. Either protecting those single points of failure or redesigning to create redundancy costs money without providing a concrete return on investment. So if you do nothing else, you must document those points so that you can address them later.
• The reasons you prioritized services are not going to be comforting for those whose functions get assigned a lower priority. When the music stops, they may be without a chair. Better to fight those battles now than during a disaster.

A disaster plan is a major project involving both one-time and ongoing commitment of resources. Data gathering, consensus building, and writing the plan are going to take resources and require an executive champion. So you will have to sell your plan to executive management and get buyin for political and financial support. Next month in the final installment of this series, A Living Disaster Plan (not Living with a Disastrous Plan), we will discuss the ongoing commitments of disaster preparedness.

Disaster Recovery Planning Series, Part
Previous | 1 | 2 | 3 | 4 | 5 |6 | Next

Geoffrey Tritsch, President of Compass Consulting, has been a technology consultant specializing in higher education since 1980. He is a frequent presenter at workshops and conferences and a contributor professional journals.

As Senior Consultant with Compass Consulting, Dr. Robert Kuhn focuses on assisting clients with management and planning for information technology. His core competencies extend deep into the fundamentals: systems and applications technologies and complex networking.

To Top of Page

Home About Principals References Clients Addresses Articles Consulting Services