Doing a disaster-recovery audit
While dry runs are indispensable for testing a disaster recovery plan, by their nature they are not comprehensive because they do not exercise every contingency in the plan. A disaster recovery audit, by contrast, attempts to check all the contingencies. An audit doesn't have the training value of a disaster recovery exercise, but it should provide a broader check of the plan's workability and value. This is particularly important when you have a SAN in the picture, because you want to make sure the SAN is properly backed up and secured.
Disaster recovery audits can be done either internally or by outside consultants. A number of companies, such as Fred Cohen Associates now offer disaster recovery auditing services and several companies, such as, the Disaster Recovery Shop, now sell software and checklists that can be customized for an organization is important. Customization is important because every enterprise is different and there is no one-size-fits-all approach to creating or auditing a disaster recovery plan. There are also books on the subject, such as Jan Rothstein's "Disaster Recovery Testing: Exercising Your Continency Plan."
The Fred Cohen Associates' web site also includes an outline of a disaster recovery plan audit at http://www.all.net/books/audit/kits/bkrecpgm.html, as well as a number of other security-related checklists.
Rick Cook has been writing about mass storage since the days when the term meant an 80K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last twenty years he has been a freelance writer specializing in storage and other computer issues.Editor's note: The mention of products or services in this tip is for example only, and does not imply that such products or services listed are an all-inclusive list. Moreover, the mention of such products of services does not imply endorsement of them by SearchStorage.com.