maxkabakov - Fotolia

What to include in a post-DR-test after-action review

What should go into your organization's after-action review following a disaster recovery test? #CIOChat participants suggest what to include in the report and why.

After completing a disaster recovery test, organizations must closely examine their DR processes from start to finish -- the good, the bad and even the ugly. And in order to do so, proper documentation must be recorded throughout, and after, the DR testing process.

Participants in our recent SearchCIO DR-themed tweet jam said that disaster recovery testing can be fraught with error. Once organizations finally get through the actual testing phase, SearchCIO asked #CIOChat-ters, "What should be in a post-test after-action report?"

An initial response was succinct and simply put:

One participant suggested that an after-action review include stats on recovery point objective (RPO) and recovery time objective (RTO):

In disaster recovery (DR) and business continuity (BC), RPO defines the age of files that must be recovered from backup in order for normal business operations to resume following an incident. Once RPO is defined, it determines the necessary frequency of backup for an organization's systems. RTO refers to the maximum tolerable length of downtime for compromised systems.

Understanding the effectiveness of disaster recovery plans through careful after-action review examination will help determine both RPO and RTO, but that's not all. According to our tweet jammers, there is a long list of documentation to include in a DR test evaluation, and it's important to extract it as quickly as possible:

One #CIOChat-ter suggests DR testers consider splitting their reports into more focused sections for each department or tested system:

Echoing similar comments about potential sources of DR failure, a tweet jammer advised organizations to be honest about where they might be drawing unsubstantiated conclusions:

With all that said, businesses tend to be less concerned with the specifics and more concerned with the bottom line. Hard numbers in an after-action report can bolster the case to higher-ups that DR testing is worth the investment:

Demonstrating what there is to lose in system downtime -- and what can be gained in disaster recovery testing -- is an important aspect of after-action reporting. Is your organization focused on post-test reporting to the business? Is your after-action review and report as thorough as tweet jammers suggest it should be? Sound off below in the comments section.

Next Steps

Read additional recaps from our June #CIOChat on IT disaster recovery plans and a slideshow on five disaster recovery pitfalls to avoid.

After-action report template and guide for DR planning

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
Sustainability and ESG
Close