TMC's Advisor

The Advisor is published by TMC

DR Questions for Your Executive

Often, IT Managers make all of the decisions about their IT disaster recovery strategy and disaster recovery site. We know many organizations where this is the case and when disaster strikes, senior management is sometimes shocked to learn that the IT DR Plan didn’t deliver what they expected. Work with your Executive—ask them these questions to keep that from happening.

By Ellen Koskinen-Dodgson

Ellen Koskinen-Dodgson is an IT and Telecommunications Management Consultant, electrical engineer, author, speaker, media resource and Expert Witness. She is the President and Managing Partner of TMC IT and Telecom Consulting Inc.

No Surprises

We recommend that you offer senior management a presentation of your current IT disaster recovery capabilities. Walk them through what would happen to your operations if you were cyberattacked or underwent a different disaster today.

Explain how different stakeholders would experience the disaster. Walk senior management through how you would discover the problem and the process that you would follow to get back up and running after the attack. Do this for both the best case, where your backups were clean and in the worst case where they were unusable.

Even in the best case there would be a service outage, data loss and serious operational impact for all departments.

Identify the likelihood that your backups could be compromised and the process by which this could happen.

Let them digest what you’ve told them, then come back on another day to facilitate a DR strategy workshop.

DR Strategy Workshop

The goal of a strategy workshop is for senior management to gain a high-level understanding of IT risk mitigation and disaster recovery so as to determine the balance of what they need and what they can afford.

As part of the discussion, include high level tutorial material to help them understand:

Six Questions

Ask your senior management the following questions as part of the process to find that balance between protection and cost. These questions would focus on the worst case data corruption or loss.

  1. Should we have categories of data that will have different levels of protection from cyberattack or other disaster? As the likely answer is yes, this will lead to a data classification project and a plan to provide different levels of protection.
  2. What criteria should we use to assign data categories?
  3. For the most important data, how many minutes of transactions are we willing to lose completely?
  4. What level of protection should we offer to lower categories of data? For example, some categories of data must be privacy protected but changes quite infrequently.
  5. How long are we willing to be out of commission while we restore data for operational use? This might be at our current site in the case of a cyberattack or at a temporary offsite location in case of a fire or other disaster.
  6. What level of DR site are they willing to fund?

This process will likely require a few iterative sessions.

If you’d like to explore these ideas further or comment on this article, contact me at .

This article was published in the September 2023 edition of The TMC Advisor
- ISSN 2369-663X Volume:10 Issue:5

©2023 TMC Consulting