The best plans direct not only the Who, What, When and Where of the response, but also the How, Why and Why Not across all plans, all teams and all sites.
First and foremost, plans must be action oriented. The action tasks must contain only information that is needed at the time of event. It must be concise and direct the sequence and execution of recovery tasks, but not be so voluminous that it becomes overwhelming. Phrases like “The plan has the following objectives” and “This plan assumes that no two sites will be impacted at the same time…” are good clues that you might not have an action oriented plan.
Plans must address all seven stages of recovery. Stage 1 is React to the Event during which the incident is first reported, life safety issues are addressed, disaster impact is assessed, recovery teams are notified, personnel is mobilized and deployed and the recovery plan is officially activated. Stage 2 is Respond to the Situation during which the organization mounts its planned response to the damage and impact caused by the event. Stage 3 is Recover the IT and Work Applications during which basic hardware and software, file systems and data, and business and communications infrastructure is restored at the alternate sites. Stage 4 addresses Restoration of Applications and data and databases to a synchronized point in time. Stage 5 then deals with Resumption of Business processing by coordinating with departmental business resumption plans to re-enter lost data and to input bridging transactions as the foundation to resumed business processing at the alternate site. Stage 6 addresses the complexities involved with the Return to the Impacted Site which effectively reverses all of the activities of the first five stages to reclaim the home site. Stage 7 Renormalizes Operations to return to pre-event operating levels.