Disaster Recovery (DR) testing helps to ensure that a company can recover data, infrastructure systems, restore business critical applications and continue business operations after an interruption or downtime of critical services. This may be from acts of god, terrorism or a serious problem with the IT equipment causing mission critical systems to be impacted and disaster recovery steps to be actioned.
The main reason to perform a DR test is to fully evaluate an organisation’s business continuity and disaster recovery plan, check that it works and to ensure that should the disaster recovery plan need to be invoked, the company effected and the IT company managing them (if there is one) knows that it will work and with a reasonable amount of certainty, what will happen. Just as important, DR testing allows you to determine as best as possible Recovery Point (RPO) and Recovery Time (RTO) objectives. In other words, at what point in time can data and systems be recovered and how quickly.
Disaster recovery tests should be conducted on a regular basis, we recommend twice a year but some companies may need to perform more frequent tests dependent on any professional/regulatory bodies they belong to/are governed by, or client and insurance commitments. It also depends on the company size as to how detailed a DR test should be. Once the test is completed, a report should be produced showing the results, especially if there were any failures or errors and filed away with the BCDR procedures and documentation.
The DR testing process also allows a company to conduct planned maintenance, systems testing, as well as train staff about disaster recovery procedures as business continuity does not just effect the disaster recovery of IT services and systems, it effects HR, Internal and External Operations, Staff, Clients and pretty much all areas of the business. So practicing makes perfect, and that absolutely includes the IT! Communications (email, telephony), data, application and full systems recovery are primarily the focus when performing a disaster recovery test and then assessing the results against company RPO and RTO. Other areas for testing vary depending on what systems and internal processes are important to a business.
That question is very hard to answer as that is up to the internal decision making of each company, as well as what resources, tools and backup/recovery software a company uses. We use a number of different backup and recovery applications for different types of systems, but the two that we use that include the ability to perform assured Disaster Recovery tests are Veeam and Zerto. Both software applications are designed to work with virtualisation platforms and they make the entire DR testing process very simple, very reliable and without any impact to the production network.
All tests are performed within a segregated isolated network and that is an essential point; DR Tests MUST ALWAYS be performed outside of the production network and live servers MUST NEVER be used to run a DR test. This is the standard and correct practice for running Disaster Recovery testing. All DR tests need to be planned, communicated accordingly and documented beforehand, carried out within an isolated network setup using recent backup/replica files and then reports generated and documentation produced after completion of the tests. You don’t want to run a DR test on your live network and servers and then inadvertently actually bring down your business and create a disaster!