ITS 4350 - Disaster Recovery
Finishing the Course
This lesson is about chapter summing up. Objectives important to this
- Crisis definition and management
- Involvement of law enforcement
- Preparing for crises
- International standards
Why were we here?
first lesson to take from the second half of this class is to think.
To imagine what is too horrible to actually practice, and to prepare for
it anyway. No, we are not going to set the town on fire to practice a
fire drill, but we can gather data from our practice run, add computer
graphics to the video we capture, and make a point that scares people
into doing the right thing,
we have an IT problem, we have to have an incident response plan, a business
continuity plan, and a disaster recovery plan. They have to be related,
and they will probably overlap in execution.
Plan, measure, and adjust. Every lesson should teach us this.
Deming said to continue to plan, to do, to check, and
to act. Those who ask the difference between the do and act portions
are ignoring what we are supposed to learn when we check on what
we did. This relates to some wisdom that may have originated with Helmuth
Karl Bernhard von Moltke (portrait on the right), who observed that no plan
of battle ever survives first contact with the enemy. Remain flexible. Learn
from what happens, and plan what to do next.
We are cautioned to plan for disaster, to plan to operate in spite of
disaster, and to continue to function regardless of disaster. If we shut
down, we risk never reopening, so we go on without shutting down.
We search for the reasons for our troubles, and we find ways to not let
those same causes trouble us again.
We look for those responsible for troublesome events, and we find a way
to deal with them, if they are our own people. We caution our people who
are gullible to be less gullible. We require those who protect us to be
ever doubtful that our precautions are sufficient.
We should know the size of our organization, and the size of the
disasters that strike it. Knowing both things leads us to take
actions that are appropriate to the needs of the organization, especially
to the need to continue to function.
We should make plans, and store those plans in ways that they
can be accessed regardless of the disaster, regardless of the services
that my be out at the time of the disaster. If we cannot access
the plans, we cannot rely on them and we can only function from
our memories of them and from our best judgement.
We should establish chain of communication, and a chain of command with
succession built into our plans. This will help our organization to continue
with less stress than one that has no such elements in its plans.
We should remember that our organization is made of its people. Those
people need our leadership, but they also need our care. We must care
for our staff, our customers, our vendors, and anyone who has the potential
to belong to one of those groups.