What is it ?
• A strategic order of recovery plan
o Physical site recovery or replacement
o Re-deployment of essential skill base
o Recovery of IT infrastructure and services
• A tactical step-by-step recovery plan for each vital element
o Recovery sequence based on strategy and BIA
o Recovery of applications within RTO
o Recovery of data within RPO
• A verification of the DR Plan by full regular rehearsal and spot check
o Recovery performance based on the BIA requirement
o A test of recovery documentation not of recovery skill
o As close a simulation of a real disaster as business will allow
How does it work ?
• Retrieve DR documentation only from the DR Repository
• Run Rehearsal from DR documentation and update as required
• Independent DR-wise observers verify the process
Blunder points ?
• Skilled staff bypassing DR documentation or working beyond it
• DR system not up to date due to incomplete change management
• Failure to report on lessons learnt and update the DR Repository
What next ?
Proactive Cyber Defence