Doing a disaster-recovery audit
While dry runs are indispensable for testing a disaster recovery plan, by their nature they are not comprehensive because they do not exercise every contingency in the plan. A disaster recovery audit, by contrast, attempts to check all the contingencies. An audit doesn't have the training value of a disaster recovery exercise, but it should provide a broader check of the plan's workability and value. This is particularly important when you have a SAN in the picture, because you want to make sure the SAN is properly backed up and secured.
Disaster recovery audits can be done either internally or by outside consultants. A number of companies, such as
The Fred Cohen Associates' web site also includes an outline of a disaster recovery plan audit at http://www.all.net/books/audit/kits/bkrecpgm.html, as well as a number of other security-related checklists.
Rick Cook has been writing about mass storage since the days when the term meant an 80K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last twenty years he has been a freelance writer specializing in storage and other computer issues.Editor's note: The mention of products or services in this tip is for example only, and does not imply that such products or services listed are an all-inclusive list. Moreover, the mention of such products of services does not imply endorsement of them by SearchStorage.com.
This was first published in February 2002