Page 1333 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1333
Training, Awareness, and Documentation
As with a business continuity plan, it is essential that you provide
training to all personnel who will be involved in the disaster recovery
effort. The level of training required will vary according to an
individual’s role in the effort and their position within the company.
When designing a training plan, consider including the following
elements:
Orientation training for all new employees
Initial training for employees taking on a new disaster recovery
role for the first time
Detailed refresher training for disaster recovery team members
Brief awareness refreshers for all other employees (can be
accomplished as part of other meetings and through a medium like
email newsletters sent to all employees)
Loose-leaf binders are an excellent way to store disaster
recovery plans. You can distribute single-page changes to the plan
without destroying a national forest!
The disaster recovery plan should also be fully documented. Earlier in
this chapter, we discussed several of the documentation options
available to you. Be sure you implement the necessary documentation
programs and modify the documentation as changes to the plan occur.
Because of the rapidly changing nature of the disaster recovery and
business continuity plans, you might consider publication on a secured
portion of your organization’s intranet.
Your DRP should be treated as an extremely sensitive document and
provided to individuals on a compartmentalized, need-to-know basis
only. Individuals who participate in the plan should understand their
roles fully, but they do not need to know or have access to the entire
