Learn how to develop disaster recovery strategies as well as how to write a disaster recovery plan with these step-by-step instructions.
Formulating a detailed recovery plan is the main aim of the entire IT disaster recovery planning project. Once this work is out of the way, you’re ready to move on to developing disaster recovery strategies, followed by the actual plans. Once you have identified your critical systems, RTOs, RPOs, etc, create a table, as shown below, to help you formulate the disaster recovery strategies you will use to protect them.
Once your disaster recovery strategies have been developed, you’re ready to translate them into disaster recovery plans.
In addition to using the strategies previously developed, IT disaster recovery plans should form part of an incident response process that addresses the initial stages of the incident and the steps to be taken. The following section details the elements in a DR plan in the sequence defined by ISO 27031 and ISO 24762.
Important: Best-in-class DR plans should begin with a few pages that summarise key action steps (such as where to assemble employees if forced to evacuate the building) and lists of key contacts and their contact information for ease of authorising and launching the plan. Disaster recovery risk assessment and business impact analysis (BIA) are crucial steps in the development of a disaster recovery plan. To do that, let us remind ourselves of the overall goals of disaster recovery planning, which are to provide strategies and procedures that can help return IT operations to an acceptable level of performance as quickly as possible following a disruptive event. Having established our mission, and assuming we have management approval and funding for a disaster recovery initiative, we can establish a project plan. A disaster recovery project has a fairly consistent structure, which makes it easy to organise and conduct plan development activity.
As you can see from The IT Disaster Recovery Lifecycle illustration, the IT disaster recovery process has a standard process flow.
Following the BIA and risk assessment, the next steps are to define, build and test detailed disaster recovery plans that can be invoked in case disaster actually strikes the organisation’s critical IT assets.
Detailed response planning and the other key parts of disaster recovery planning, such as plan maintenance, are, however, outside the scope of this article so let us get back to looking at disaster recovery risk assessment and business impact assessment in detail.
IBM's planned purchase of The Weather Co.'s data operations may be a bellwether event from which data professionals can learn.
It is in these plans that you will set out the detailed steps needed to recover your IT systems to a state in which they can support the business after a disaster. Then, you’ll need to establish recovery time objectives (RTOs) and recovery point objectives (RPOs). Here we’ll explain how to write a disaster recovery plan as well as how to develop disaster recovery strategies. You’ll need to identify and contract with primary and alternate suppliers for all critical systems and processes, and even the sourcing of people. Procedures should ensure an easy-to-use and repeatable process for recovering damaged IT assets and returning them to normal operation as quickly as possible.


This process can be seen as a timeline, such as in Figure 2, in which incident response actions precede disaster recovery actions.
The next section should define roles and responsibilities of DR recovery team members, their contact details, spending limits (for example, if equipment has to be purchased) and the limits of their authority in a disaster situation. During the incident response process, we typically become aware of an out-of-normal situation (such as being alerted by various system-level alarms), quickly assess the situation (and any damage) to make an early determination of its severity, attempt to contain the incident and bring it under control, and notify management and other key stakeholders. Based on the findings from incident response activities, the next step is to determine if disaster recovery plans should be launched, and which ones in particular should be invoked.
A section on plan document dates and revisions is essential, and should include dates of revisions, what was revised and who approved the revisions. Once the plan has been launched, DR teams take the materials assigned to them and proceed with response and recovery activities as specified in the plans. Located at the end of the plan, these can include systems inventories, application inventories, network asset inventories, contracts and service-level agreements, supplier contact data, and any additional documentation that will facilitate recovery.
These are essential in that they ensure employees are fully aware of DR plans and their responsibilities in a disaster, and DR team members have been trained in their roles and responsibilities as defined in the plans. But, before we look at them in detail, we need to locate disaster recovery risk assessment and business impact assessment in the overall planning process.
Such plans provide a step-by-step process for responding to a disruptive event with steps designed to provide an easy-to-use and repeatable process for recovering damaged IT assets to normal operation as quickly as possible. Then define step-by-step procedures to, for example, initiate data backup to secure alternate locations, relocate operations to an alternate space, recover systems and data at the alternate sites, and resume operations at either the original site or at a new location. Here we can see the critical system and associated threat, the response strategy and (new) response action steps, as well as the recovery strategy and (new) recovery action steps.
This section should specify who has approved the plan, who is authorised to activate it and a list of linkages to other relevant plans and documents.
If DR plans are to be invoked, incident response activities can be scaled back or terminated, depending on the incident, allowing for launch of the DR plans.
The more detailed the plan is, the more likely the affected IT asset will be recovered and returned to normal operation.
And since DR planning generates a significant amount of documentation, records management (and change management) activities should also be initiated.
The BIA identifies the most important business functions and the IT systems and assets that support them. This section defines the criteria for launching the plan, what data is needed and who makes the determination. Technology DR plans can be enhanced with relevant recovery information and procedures obtained from system vendors. If your organisation already has records management and change management programmes, use them in your DR planning.
Those events with the highest risk factor are the ones your disaster recovery plan should primarily aim to address.


Included within this part of the plan should be assembly areas for staff (primary and alternates), procedures for notifying and activating DR team members, and procedures for standing down the plan if management determines the DR plan response is not needed.
Check with your vendors while developing your DR plans to see what they have in terms of emergency recovery documentation.
From a management standpoint, we provide a DR solution via Windows Azure Hyper-V Recovery Manager (HRM), that is integrated with System Center Virtual Machine Manager (VMM).
HRM builds on the world-class assets of Windows Server, System Center, and Windows Azure and it is delivered via the Windows Azure Management Portal. With these facts in mind, the control plane of our solution (HRM) is delivered as a cloud service we call DRaaS (Disaster Recovery as a Service). Since the metadata required for orchestration resides in the cloud, you are insured against losing the critical DR orchestration instructions even if your primary site is impacted, thereby addressing the common mistake wherein the monitoring system monitors itself.
HRM manages multiple sites, as well as complex inter-site relationships, thereby enabling a customer to create a comprehensive DR plan. The service itself is in Windows Azure and the provider installed on the VMM servers sends the metadata of the private clouds to the service, which then uses it to orchestrate the protection and recovery of the assets in the private cloud.
It even works for heterogeneous deployments, wherein the networks on primary and recovery sites are of different types. For example, the replica virtual machine of Marketing is attached to Network Marketing Recovery since (a) the primary virtual machine is connected to Network Marketing and (b) Network Marketing in turn is mapped to Network Marketing Recovery.
These documents are cumbersome to maintain and even if someone made the effort to keep these documents up-to-date, they were prone to the risk of human errors by the staff hired to execute these plans. For example, in a quick glance customers can identify the last test failover of a plan or how long ago they did a planned failover of a recovery plan.
Some compliance requirements for organizations mandate the failover of workloads twice-a-year to the recovery site and then running it there for a week.
As part of PFO, the Virtual Machines are shut-down, the last changes sent over to ensure zero data loss, and then virtual machines are brought up in order on the recovery site. But, in eventualities such as natural disasters, this ensures that designated applications can continue to function. In the event of unplanned failovers, HRM attempts to shut down the primary machines in case some of the virtual machines are still running when the disaster strikes.
On the other hand, when the user is not proactively monitoring the portal and the system needs to draw attention, this is provided through integration in the Operations Manager (SCOM).




Preparation for natural disasters
Natural disaster recovery funding
Risk assessment worksheet and management plan


Comments

  1. 08.02.2014 at 11:58:21


    Effectively in lowering her medication right when.

    Author: KLan_A_PLan_Ka
  2. 08.02.2014 at 17:48:18


    Games that will be entertaining, healthier and educational for your young serve for showers.

    Author: iko_Silent_Life
  3. 08.02.2014 at 12:30:59


    Yes, it is a bitch to get open following this but that is why I only in the end, great stay away.

    Author: Vampiro
  4. 08.02.2014 at 21:32:20


    Emergency preparedness ought to also incorporate informing each directions to cancel their net magnetic.

    Author: WILDLIFE