Mid-Range

Disaster Recovery/ High Availability Scorecard

Thank you for taking the Risk Assessment Survey. This survey has been designed to help you determine what your organization's current risk tolerance is in terms of recovery and availability of your critical data in the event of a disaster. For more information regarding your results, please contact Mid-Range today at 1-800-668-6470.

1. Does your company have current disaster recovery plan?

DR Plan is updated as part of our upgrade and implementation processes
We update our DR Plan once per year
Our DR Plan is a couple of years old and need to be updated
We currently don't have a DR Plan

2. How long would it take for you to recover from a disaster?

We can recover within a known timeline that is acceptable to the business
We think we can in our stated timelines
We seem to have different issues each year we test that put us outside our timeline
We don't really know

3. Is your DR Plan validated on a regular basis?

Yes, we test components of our plan all the time and perform a full test yearly
Yes, we perform a full test once per year
Yes, we test our plan every couple of years
No, with everything going on we just don't have the time

4. Is your disaster recovery plan tied to change management?

Yes, we do not allow new services into production without documented recovery procedures
Yes, but it is not stringently enforced - DR secondary concern on high priority projects
No, we update new services yearly when DR planning
No, as there is no DR Plan

5. How would you describe your continuity objectives?

Specific, measurable with business functions mapped to services required
Our continuity objectives were documented when we first did our plan
Generally understood, though not documented
We don't have business continuity objectives

6. How often do you perform a business impact assessment (BIA)?

We perform a BIA review yearly and as part of our design process for new services
We perform a BIA every couple of years
A BIA was down when our plan was initially developed
We have never done a BIA

7. Does your recovery plan provide for post disaster security?

Our plan provides us with the same level of security throughout our recovery
Once we have fully recovered major functions security are in place
Our first priority is business resumption, security is secondary
Security functionality is not part of our DR plan

8. Does your DR Plan incorporate risk mitigation measures?

Risk identification, review and management are incorporated into our daily activities
Yes, we are continually looking for appropriate ways to manage and reduce risk
Yes, risk mitigation is part of our BIA process
Our DR Plan is our risk mitigation measure

9. Does your DR Plan provide for disruptions?

Yes, our plan is designed to cover single system / service failures up to and including full site loss
Yes, we are prepared for major disruptions of service
Due to system inter-dependencies our DR Plan requires all system / servers to Failover
We would prefer to wait out an outage rather than declare a disaster

10. Do your recovery procedures provide sufficient detail?

Our recovery procedures have been verified and executed by more than one SME
Yes, we have the same staff perform the same procedures each year
Most key activities are documented, though not fully - too much effort
We can recover as our team is familiar with our environment

11. What is the relevance of Disaster Recovery in your organization?

DR is everyone's responsibility with the importance / tone clearly set from the top
We are told DR is important and the responsibility of IT
Outside of IT recovery has little relevance until something goes wrong
DR is insurance that we are likely never to need

12. For your highly available systems how would you describe
your role swap readiness?


Excellent, we role swap monthly and run from each location every other month
We perform a role swap every 4 - 6 months and run the business on the secondary System for short periods
We perform a role swap once per year
We have never performed a role swap