Disaster recovery plan testing is still a weak area
- Published: Thursday, 03 December 2015 08:42
62 percent of companies surveyed in the UK and Germany say that they either test their disaster recovery plan either less than once a year, or do not test it at all, according to new research undertaken by Kroll Ontrack.
Despite multiple warnings about the consequences of failing to have a robust disaster recovery plan in place, the new study found that only 38 percent of respondents said that their enterprise tested its disaster recovery plan on a regular basis. Only nine percent of companies test their plan every one to five months and another 29 percent every six to 12 months.
Half the companies surveyed by Kroll Ontrack had not experienced an IT disaster in the previous three years, however more than a third had to invoke their disaster recovery plan. While the majority of these companies had to invoke their plan between one and five times, a small minority were forced to undertake disaster recovery measures more than 10 times in the last three years.
Another concern raised by Kroll Ontrack’s new study is that even though employees’ mobile devices are now an important element of corporate IT infrastructure, this hasn’t been accounted for by most companies’ disaster recovery plans. Almost half (48 percent) of respondents said that their plans do not cover mobile devices used by employees to access corporate systems.
Kroll Ontrack has developed a free data recovery plan template that businesses can use to build their own plan together with guidance on what needs to be included. It recommends that any plan should take into account the following:
- IT services: Which business processes are supported by which systems? What are the risks?
- People: Who are the stakeholders, on both the business and IT side, in a given DR process?
- Suppliers: Which external suppliers would you need to contact in the event of an IT outage? Your data recovery provider, for example.
- Locations: Where will you work if your normal premises are rendered inaccessible?
- Testing: How will you test the DR plan?
- Training: What training and documentation will be provided to end users?
The research study was conducted with 195 system administrators and business managers in Germany and the UK.