19 Apr

Personal Aspects of Recovery Testing

19 April 2012 by Peter Morgan

In the IT world, there is often large (and necessary) emphasis placed on recovery, after a system outage. What would happen if the whole IT solution fails? How can we ensure that the business carries on? Even a medium-sized enterprise will almost certainly fail if it’s significant IT systems (business controlling, e.g. invoicing, or CRM) are out of action for as little as 10 elapsed days. This is regardless of whether full IT capabilities (with all data) are subsequently restored. Is there a hot standby facility available? How quickly can this be operational, and has this been tested? The ‘unthinkable’ can happen, no matter how remote the possibility. It should be tested.

      

However, there are two additional levels of recovery testing to consider. These are personal corporate recovery, and personal recovery; neither is necessarily significant from a large-scale business continuity perspective, but both are very important for individuals.

      

Personal Corporate Recovery

      

Brett Gonzales once worked at a company where you could arrive at the office and find an orange ‘Post-It’ note on your desk-top computer. This was not just any ordinary ‘Post-It’, but an ORANGE one – with all the significance that entailed. No matter your position, an orange ‘Post-It’ note indicated that your PC was not to be used. It was as if it had been stolen overnight, and for the whole day you worked on a PC supplied from IT support – whatever was available.

      

Have this happen once, and you would learn the lesson: nothing of importance on the hard drive of your computer. All this was over 5 years ago, but not that far in the past. Roaming profiles were not as sophisticated then as we take for granted now. How would you manage if you had none of your usual desk-top icons, or internet browser list of favourites? Welcome to the world of personal corporate recovery. Consider what information you have that is linked to either a particular computer or network log-on. What would you do if your profile went missing – and you had to use a guest profile? Is information locked into your personal area of a shared drive, linked to your network log-in? Hmm – think about personal corporate recovery! It is ‘personal’ because recovery is down to the individual. If the whole shared drive is lost, then that is part of the overall IT recovery process – not individuals.

      

My own tips? Have a copy of your mapped network drives, desktop icons and browser favourites on your own named (but freely available, accessible by all) area of a shared drive. If at all possible, have this (and any work-related file of passwords) available outside of the company network – if corporate security policy allows this.

      

Personal Recovery

      

Earlier this year, with no notice, my personal laptop died. No problems, I have a data back-up. It may have been 4 weeks old (usually more recent than that), but not a disaster. My back-up routine was to prepare an archive folder on the lap-top (e-mail and parts of ‘My Documents’), and then copy this to a USB memory stick – two separate steps. When the USB memory stick was accessed, the backup-area was blank. An interrupted back-up had taken place, with the previous back-up removed from the USB memory stick, and the new one never created. Aaaaagh!!!!!

      

Fortunately for me, the story has a happy ending (data could be extracted from the hard drive of my dead laptop), and back-up procedures have now been amended to prevent re-occurrence. However, I want to present you with a little scenario. When logging onto your conceptual computer (a fictitious machine, being all computers you use), a message appears: “the system is broken – you have one file that you can save. Please choose”. This is all computers, including the internet and internet based data backups – ‘yes’, these could fail, be sabotaged or the firm go out of business. You can choose one file, a real file – not a zip file of all your important information. One file. What would you choose? I have four candidates (a little naughty of me: I asked for one file, but am myself proposing to keep four!)

Password.doc, a document that speaks for itself

Outlook address book

Accounts spreadsheet

Contacts spreadsheet

There are always two versions these files securely saved. If I had lost everything because my previous laptop had reached the end of its life, I would have had these four files – in multiple locations.

      

What single file of those you use would you select to keep? And have you got a safe, secure copy of this file? Think about it.

      

Finally

    

Professionally, ensuring that any firms we work for can continue after system outages is something that (some) testers should be involved in. We need to be asking big questions about how recovery could take place, and even whether there are business processes in place to cater for short-term outages, and IT processes in place to ensure that a switch over to a hot standby facility is smooth and controlled. Like all we are involved in, these situations should not be just ‘dry tested’, but ‘wet tested’. Similarly, we need to individually plan for personal corporate recovery and personal recovery. You may only get one shot at seeing whether your planning has worked – when the feared for (but hope-it-never-happens) situation occurs. This ‘test’ could be when some kind of real recovery is necessary!

       

Are you ready?

 

0 comment(s) for “Personal Aspects of Recovery Testing”

    Leave comment:

    Name:  
    Email:  
    Website:
    Comment: