Organizations can reduce costly downtime and improve IT resilience with the right disaster recovery testing program, says Info-Tech Research Group in new industry resource

Testing improves and validates organizations' disaster recovery capabilities and identifies required changes to planning documentation and procedures.

TORONTO - Many organizations have made significant investments in disaster recovery (DR) and technology resilience but are unaware whether this investment delivers the expected value. Info-Tech advises in a new research-backed blueprint that the best way to determine if existing DR processes meet business requirements and provide service continuity is by regularly testing recovery processes and systems. However, despite the value testing can offer, the real-world execution of DR testing can be challenging.

Stakeholder buy-in can be challenging to obtain when it comes to disaster recovery (DR) testing; monitoring, intrusion prevention, backups, training, and documentation all cost time and money. To secure buy-in, IT leaders should prioritize DR tests that are most valuable to their organizations. (CNW Group/Info-Tech Research Group)

In the just-released industry resource, which was designed to help IT leaders identify testing scenarios, create practical test plans, and obtain buy-in for regular DR testing from key stakeholders, the firm explains that testing is often an IT-driven initiative. This approach can result in difficulties securing business buy-in to redirect resources away from other urgent projects.

"More than just validation, regular disaster recovery testing helps IT deliver service continuity by finding and addressing gaps in existing processes and training staff on recovery procedures" says Andrew Sharp, research director in the Infrastructure & Operations practice at Info-Tech Research Group. "If testing is treated as a pass or fail exercise, the end goal of improving organizational resilience is not being met. Instead, IT leaders should focus on identifying gaps and risks so they can be addressed before a real disaster hits."

In the blueprint, Info-Tech highlights seven steps that IT leaders can follow to validate recovery capabilities and enhance service reliability, availability, and continuity. The steps are as follows:

1. Identify a working group. First, IT leaders must identify a group of participants who can inform the discussions around testing in this research. A single person could fill multiple roles and some roles could be filled by multiple people.
2. Answer the question: why test at all? Leaders need to determine the value of recovery testing for the organization. The firm advises that it is important to use language appropriate for a nontechnical audience, as not all working group members or stakeholders may be aware of IT-specific language.
3. Run a tabletop exercise. This exercise can be run with the working group using cue cards, sticky notes, or a whiteboard. Alternatively, many Info-Tech facilitators find building the workflow directly in flowchart software to be very effective.
4. Brainstorm and prioritize test ideas. In this stage, the working group will generate useful ideas for testing that might otherwise be missed as well as develop ideas on how and what to test. Once determined, these ideas should be prioritized into a list organized by highest value and lowest effort.
5. Build a test plan. A test plan helps the test run smoothly and can uncover issues with the underlying disaster recovery plan (DRP). Info-Tech's Disaster Recovery Test Plan Template can support the working group in developing a test plan.
6. Run an after-action review. Once the test plan has been built, the next step is to evaluate what went well and what could be improved upon for future testing exercises. Takeaways should be recorded alongside the test plan.
7. Create a test program summary. The final step is to create a summary document that identifies key takeaways and testing goals, presents key elements, outlines the testing cycle, lists expected milestones, identifies participants, and recommends next steps that IT leaders can refer to in the future. The firm also offers its Disaster Recovery Testing Program Summary Template to support this step.

Info-Tech's research insights show that more complex, risky, or costly tests, such as failover tests, can deliver significant value but that high-value, low-effort options are often the best place to start. The research also suggests that testing should get easier over time, but that if organizations are routinely and easily passing every test, it is a good indicator that IT leaders and the organization are ready to run more challenging tests.

To access the full resource, including research insights, tools, and templates to create a disaster recovery resilience testing program that meets business requirements and secures stakeholder buy-in, download Take a Realistic Approach to Disaster Recovery Testing.