Part two examines a few more of the worst practices that will virtually doom any backup and disaster recovery plan. Unfortunately, these practices exist at far too many companies. What follows are more worst practices that can render a company's backup and recovery plan useless.
No plan for backup power. Failing to plan for backup power in the event of a blackout or any other situation where power fails is a critical lapse. Lacking such a plan -- whether that means having sufficient capacity in uninterruptible power supply (UPS) systems to handle the load short term, or having a backup generator or other solution for longer outages -- incurs the possibility of going without power for an extended period of time.
No alternate facility. Not identifying an alternate site, and not making preparations for relocating to it in the event of a catastrophe, can mean not having a home for a while. Events like Hurricane Katrina demonstrate that it is important to not only have a backup facility in mind, but that you also make sure the backup facility is far enough away so as not to be affected by the same catastrophe.
No plan for communications. Not planning to have multiple methods of communicating with critical personnel is a worst practice for disaster recovery. If your plan calls for sending email to a distribution list and the email server crashes, there must be a Plan B in place. Similarly, if you plan to reach personnel by phone and the phone lines are down, you will need another way to reach them. As the 9/11 terrorist attacks demonstrated, cell phones can be unreliable, too.
Not having the required computer and networking devices. Nothing will derail a backup and disaster recovery plan faster than not having the required computer and network equipment. Don't forget to identify standby equipment or another source that can provide or expedite the necessary servers, hard drives or other equipment if you need them.
No dry run. One of the most heinous practices is failing to test the plan. It may all look good on paper, but without a practice drill or dry run to validate each step of the plan, critical issues and contingencies may not get identified until it is too late.
Tony Bradley is a consultant and writer who focuses on network security, antivirus and incident response. As the About.com Guide for Internet/Network Security, he provides security tips, advice, reviews and information. He also contributes frequently to other industry publications; a complete list of his freelance contributions can be found at Essential Computer Security.
This was first published in January 2006