What IS surprising? Why such mature elements, like IT disaster recovery and business continuity, that are so critical to the continuity of business operations and revenues – and in some instances the overall survival of the business – are in such a sorry state? There are not volumes written on these topics which you can find at your fingertips and take matured professional courses and achieve certifications at the master’s level. All while billions are spent defining, planning, designing, implementing, and testing solutions in pursuit of success.
What If They Taught Us All Wrong?
What if the approach and established consulting methodology and process that we have all been taught is wrong? “Blasphemy!” some of the franchised establishment will say to my ideas – but hear me out if you are tired of doing the same thing and expecting different results. As that is just plain insane!
Most companies follow a very linear progression (and yes early on in my career I had bought into that, preached that, and then eventually saw the effects of that) whereby a Risk Assessment, Business Impact Analysis (BIA), DR/BC Strategy, Technology Resources Acquired, and Plans Developed – IT and Business Departments and eventually a year or so later comes the DR/BC Exercise… and then KAPOW nothing seems to work like it was “planned” when tested. For God’s sakes why not! After all that planning and meticulous process why don’t the DR Exercises go well? Why! Why! Why!
If Only We Started With The End Outcome (DR Exercise) In Mind!
What I usually see is no one is truly focused on the details from the outcomes of the user experience and reverse engineered to vet a solution and strategy that mirrors your desired outcome. This is a shared responsibility between the Business Leadership and the IT Leadership to define the outcomes early – in terms of the IT disaster recovery experience. Before ever buying one piece of enabling technology or service – the employee/partner/customer experience at time of a Disaster or outage has to be defined and then determined how that will be mimicked in a DR Exercise. What will need to be tested? Who from the business operations has volunteered to create the user/partner test scripts or requirements? How many times will they want to test annually and how much time will they provide to prove the investments provide “preparedness?”
If you have these IT Disaster Recovery Exercise test “answers,” before you go and revamp your DR/BC for the 3.0 or 4.0 version of your program, then ladies and gentlemen you shall be armed with what you need to do to have a successful test. And knowing the answers is not cheating – it’s collaborating with the business and holding each other accountable to define what a successful DR Exercise will be.
And these terms are not some mysterious RTO/RPO letters, but defined in the terms of their business operations and user experience during a recovery and how to prove it during the mock exercise. And, it is also a lot easier and appreciated when IT and Business Departments can focus on defining the business requirements in terms of the business functional recovery first, then let IT go back and figure out how they will meet those objectives using their people, technology, process and partners. Before you bang your head against the wall [again], why not try a different approach in defining outcome requirements for DR Exercises with your business operations colleagues in their own terms as to what the customer/employee/partner experience should be and how they would want to test it. Then you will have the answers my friends! And you will spend a lot less energy trying to hit an otherwise undefined and moving target.
As part of the DR/BC/Availability/Resiliency Special Interest Group (SIG) I chair for the Technology Executives Club, we recently discussed a deep-dive into the topic of IT Disaster Recovery Exercises. Check out the link to the notes and findings we discussed at that event which you may find beneficial as you start with the end in mind!