This paper discusses an approach for creating a good disaster recovery plan for a business enterprise.
The process of preparing a disaster recovery plan begins by identifying these causes and effects, analyzing their likelihood and severity, and ranking them in terms of their business priority.
When a disaster strikes, the normal operations of the enterprise are suspended and replaced with operations spelled out in the disaster recovery plan. The disaster recovery plan does not stop at defining the resources or processes that need to be in place to recover from a disaster. The second section of this paper explains the methods and procedures involved in the disaster recovery planning process. The first step in planning recovery from unexpected disasters is to identify the threats or risks that can bring about disasters by doing risk analysis covering threats to business continuity.
Human caused: These disasters include acts of terrorism, sabotage, virus attacks, operations mistakes, crimes, and so on.
Supplier: These risks are tied to the capacity of suppliers to maintain their level of services in a disaster. Water: There are certain disaster scenarios where water outages must be considered very seriously, for instance the impact of a water cutoff on computer cooling systems.
Climate Control: Losing the air conditioning or heating system may produce different risks that change with the seasons. Fire: Many factors affect the risk of fire, for instance the facility's location, its materials, neighboring businesses and structures, and its distance from fire stations. Data systems risks are those related to the use of shared infrastructure, such as networks, file servers, and software applications that could impact multiple departments. Once the disaster risks have been assessed and the decision has been made to cover the most critical risks, the next step is to determine and list the likely effects of each of the disasters.
Simple "one cause multiple effects" diagrams (Figure 3) can be used as tools for specifying the effects of each of the disasters.
The intention of this exercise is to produce a list of entities affected by failure due to disasters, which need to be addressed by the disaster recovery plan.
It may be noticed that two or more disasters may affect the same entities, and it can be determined which entities are affected most often. Once the list of entities that possibly fail due to various types of disasters is prepared, the next step is to determine what is the downtime tolerance limit for each of the entities.
The cost of downtime is the main key to calculate the investment needed in a disaster recovery plan. How the disaster affected entities depend upon each other is crucial information for preparing the recovery sequence in the disaster recovery plan. Once the list of affected entities is prepared and each entity's business criticality and failure tendency is assessed, it is time to analyze various recovery methods available for each entity and determine the best suitable recovery method for each.
In the case of data systems, for example, the recovery mechanism usually involves having the critical data systems replicated somewhere else in the network and putting them online with the latest backed up data available. Considering multiple options and variations of disaster recovery mechanisms available, it is necessary to carefully evaluate the best suitable recovery mechanism for an affected entity in a particular organization. The roles, responsibilities, and reporting hierarchy of different committee members should be clearly defined both during normal operations and in the case of a disaster emergency. Note that not all the members of the Disaster Recovery Committee may actively participate in the actual disaster recovery. Quick and precise detection of a disaster event and having an appropriate communication plan are the key for reducing the effects of the incoming emergency; in some cases it may give enough time to allow system personnel to implement actions gracefully, thus reducing the impact of the disaster.
The moderated business community for business intelligence, predictive analytics, and data professionals.
Disaster Recovery traditionally relates to preserving the technology and information critical to an organization by setting up a remote Disaster Recovery location that takes regular backups, This alternate location can then ensure your business's continuity and support business function when calamity strikes. Learn how to develop disaster recovery strategies as well as how to write a disaster recovery plan with these step-by-step instructions.
Once you have identified your critical systems, RTOs, RPOs, etc, create a table, as shown below, to help you formulate the disaster recovery strategies you will use to protect them. The following section details the elements in a DR plan in the sequence defined by ISO 27031 and ISO 24762. Important: Best-in-class DR plans should begin with a few pages that summarise key action steps (such as where to assemble employees if forced to evacuate the building) and lists of key contacts and their contact information for ease of authorising and launching the plan. The best strategy is to have some kind of disaster recovery plan in place, to return to normal after the disaster has struck.
The ultimate results are a formal assessment of risk, a disaster recovery plan that includes all available recovery mechanisms, and a formalized Disaster Recovery Committee that has responsibility for rehearsing, carrying out, and improving the disaster recovery plan. Figure 1 depicts the cycle of stages that lead through a disaster back to a state of normalcy.
Only when these are assessed and the affected systems are identified can a recovery process begin.
The effects of a disaster that strikes the entire enterprise are different from the effects of a disaster affecting a specific area, office, or utility within the company.
It is also useful to determine how many powers feeds operate within the facility and if necessary make the power system redundant. In Figure 3, the entities that fail due to the earthquake disaster are office facility, power system, operations staff, data systems, and telephone system. For less critical data systems, there may be an option to have spare server hardware, and if required these servers could be configured with the required application.
During a disaster, this committee ensures that there is proper coordination between different agencies and that the recovery processes are executed successfully and in proper sequence. Execution Phase: In this phase, the actual procedures to recover each of the disaster affected entities are executed.


It is in these plans that you will set out the detailed steps needed to recover your IT systems to a state in which they can support the business after a disaster.
Procedures should ensure an easy-to-use and repeatable process for recovering damaged IT assets and returning them to normal operation as quickly as possible. The next section should define roles and responsibilities of DR recovery team members, their contact details, spending limits (for example, if equipment has to be purchased) and the limits of their authority in a disaster situation.
Effects of disasters range from small interruptions to total business shutdown for days or months, even fatal damage to the business.
The disaster recovery system cannot replace the normal working system forever, but only supports it for a short period of time. Recovery from this type of failure may be lengthy and expensive due to the need to replace or update software and equipment and retrain personnel. The entities with less downtime tolerance limit should be assigned higher priorities for recovery.
Depending on the data system, there may be options of autorecovery or manual recovery, and the cost and recovery time factors of each mechanism vary. And since DR planning generates a significant amount of documentation, records management (and change management) activities should also be initiated. Included within this part of the plan should be assembly areas for staff (primary and alternates), procedures for notifying and activating DR team members, and procedures for standing down the plan if management determines the DR plan response is not needed.
While NEC recommends fault tolerant solutions for local resilience in order to avoid switching of applications and processes for a simple hardware fault, NEC recommends the implementation of an inter-site DRP in order to protect oneself from threats to the main site.NEC solutions are based around Cluster solutions (ExpressCluster, Double-Take) ) which can replicate data from an asynchronous system through a WAN and switch from one site to another in case of damage to the main site. Up, it really is time for her system disaster recovery plan to locate a property of her he mentioned that in reality, unless the. Amanda Enterprise should be on the short list of any IT manager looking for a backup solution. The Zmanda Disaster Recovery Solution provides robust and cost-effective disaster recovery capabilities for your critical data assets.
The DR Option for Amanda Enterprise supports all platforms and applications backed up by Amanda Enterprise: filesystem data on systems running Linux, Solaris, Windows, and Mac OS X as well as application and database data residing in MS Exchange, MS SharePoint, MS SQL, Oracle and Postgres.
Leverage our Expertise: Zmanda Professional Services engineers have extensive experience creating backup strategies across all supported system types, storage devices, and operating systems. Affordable: The Zmanda Disaster Recovery Solution is available as an annual subscription that includes implementation, through secured remote shell, by Zmanda Professional Services. Though both concepts are related to business continuity, high availability is about providing undisrupted continuity of operations whereas disaster recovery involves some amount of downtime, typically measured in days.
The plan should also define how to restore operations to a normal state once the disaster's effects are mitigated. An effective disaster recovery plan plays its role in all stages of the operations as depicted above, and it is continuously improved by disaster recovery mock drills and feedback capture processes. Risk analysis (sometimes called business impact analysis) involves evaluating existing physical and environmental security and control systems, and assessing their adequacy with respect to the potential threats.
A key factor in evaluating risks associated with telephone systems is to study the telephone architecture and determine if any additional infrastructure is required to mitigate the risk of losing the entire telecommunication service during a disaster. A key objective in analyzing these risks is to identify all single points of failure within the data systems architecture.
Operations that have run for a long period of time on obsolete hardware or software are a major risk given the lack of spares or support. The likelihood that something happens should be considered in a long plan period, such as 5 years. A higher value would mean longer restoration time hence the priority of having a Disaster Recovery mechanism for this risk is higher. This information becomes crucial for preparing the recovery sequence in the disaster recovery plan.
For example, having the data systems restored has a dependency on the restoration of power.
This committee should have representation from all the different company agencies with a role in the disaster recovery process, typically management, finance, IT (multiple technology leads), electrical department, security department, human resources, vendor management, and so on. Reconstitution Phase: In this phase the original system is restored and execution phase procedures are stopped.
A hurricane affecting a specific geographic area, or a virus spread expected on a certain date are examples of disasters with advance notice. At the end of this phase, recovery staff will be ready to execute contingency actions to restore system functions on a temporary basis. Those with on-premises infrastructure will often invest in additional disaster-recovery tools, such as remote backups, archives, etc.
Traditional disaster recovery is a complex endeavour, involving expensive capacity planning and cutover (switch-over) systems that meet the demands of business.
Once your original site has been restored after the disaster, you can simply stop paying for the cloud servers.
Formulating a detailed recovery plan is the main aim of the entire IT disaster recovery planning project. In addition to using the strategies previously developed, IT disaster recovery plans should form part of an incident response process that addresses the initial stages of the incident and the steps to be taken. This process can be seen as a timeline, such as in Figure 2, in which incident response actions precede disaster recovery actions. During the incident response process, we typically become aware of an out-of-normal situation (such as being alerted by various system-level alarms), quickly assess the situation (and any damage) to make an early determination of its severity, attempt to contain the incident and bring it under control, and notify management and other key stakeholders. Finally, ongoing procedures for testing and improving the effectiveness of the disaster recovery system are part of a good disaster recovery plan. Procedures should contain the process to alert recovery personnel during business and nonbusiness hours.


To minimize disaster losses, it is very important to have a good disaster recovery plan for every business subsystem and operation within an enterprise.
Check with your vendors while developing your DR plans to see what they have in terms of emergency recovery documentation.
In the virtual business environment, different solutions will be recommended according to expressed needs, and of course including solutions such as VMWare HA.A constantly available virtualized infrastructure!When virtualization is at the heart of infrastructure projects, risks linked with virtualized system downtime become a major issue for virtualization.
For an enterprise, a disaster means abrupt disruption of all or part of its business operations, which may directly result in revenue loss.
And the fourth section explains what information the disaster recovery plan should contain and how to maintain the disaster recovery plan.
For example, spilling several gallons of toxic liquid across an assembly line area during working hours is a different situation than the same spill at night or during the weekend. To mitigate the risk of disruption of business operations, a recovery solution should involve disaster recovery facilities in a location away from the affected area.
It should have trusted information sources in the different agencies to forestall false alarms or overreactions to hoaxes.
However, for small businesses, disaster recovery may be deemed costly or an unnecessary expense.Disaster recovery is an important aspect of business continuity. Based on the findings from incident response activities, the next step is to determine if disaster recovery plans should be launched, and which ones in particular should be invoked. Then define step-by-step procedures to, for example, initiate data backup to secure alternate locations, relocate operations to an alternate space, recover systems and data at the alternate sites, and resume operations at either the original site or at a new location. At the earliest possible time, the disaster recovery process must be decommissioned and the business should return to normalcy. To opt for an NEC Fault tolerant server with an exchange 2007 messaging service, is to opt for performance, efficiency and piece of mind with no threats of unplanned downtime.Vertical ApproachVertical ApproachThe demand for high availability and continuous IT system availability is directly linked to the activities of the business.
Nowadays most of the meteorological threats can be forecasted, hence the chances to mitigate effects of some natural disasters are considerable. After the disaster detection, a notification should be sent to the damage assessment team, so that they can assess the real damage occurred and implement subsequent actions.
A section on plan document dates and revisions is essential, and should include dates of revisions, what was revised and who approved the revisions. Here we can see the critical system and associated threat, the response strategy and (new) response action steps, as well as the recovery strategy and (new) recovery action steps. This process turns out to be not only expensive, but also time consuming and recovery time going upto days. Once the plan has been launched, DR teams take the materials assigned to them and proceed with response and recovery activities as specified in the plans. This section should specify who has approved the plan, who is authorised to activate it and a list of linkages to other relevant plans and documents. With our cloud based disaster recovery services, the DR site is up and running immediately, whereas the physical DR site may take much longer time (even a few hours) to take over from the main site in the event of a disaster. Located at the end of the plan, these can include systems inventories, application inventories, network asset inventories, contracts and service-level agreements, supplier contact data, and any additional documentation that will facilitate recovery. If DR plans are to be invoked, incident response activities can be scaled back or terminated, depending on the incident, allowing for launch of the DR plans.
This section defines the criteria for launching the plan, what data is needed and who makes the determination. Also, since our DR site is up and running within minutes of the main site being hit by a disaster, chances of data loss are significantly reduced. These are essential in that they ensure employees are fully aware of DR plans and their responsibilities in a disaster, and DR team members have been trained in their roles and responsibilities as defined in the plans. The more detailed the plan is, the more likely the affected IT asset will be recovered and returned to normal operation. Technology DR plans can be enhanced with relevant recovery information and procedures obtained from system vendors.
If your organisation already has records management and change management programmes, use them in your DR planning. Naturally, from a fiscal standpoint, it makes sense to build disaster recovery into your organization's budget, and with monthly subscriptions that range from less than $100 to a few hundred dollars for a cloud-based DR solution, it’s more affordable than you may realize.Disaster Recovery Concepts to Implement in Your BusinessOne reason why many small businesses skip over disaster recovery is a lack of understanding of its basic concepts.
The concepts of disaster recovery may have a technical nature, but aren’t as complex as one may believe.The recovery time objective, or RTO, is the maximum desired length of time between an unexpected failure or disaster and the resumption of normal operations and service levels. The RTO defines the length of time that is allowed to pass between system failure and repair before the consequences of the service interruption become unacceptable.The recovery point objective, or RPO, is the maximum amount of data allowed to be lost, measured in time.
It refers to the age of the files or data in backup storage required to resume normal operations if a computer system or network failure occurs. If you have an RPO of 30 minutes, system backups must be performed every half hour to keep the data current.Failovers are designed to allow the system to seamlessly switch to a backup. This serves to reduce or eliminate the impact on users when a system fails.Redundancies are duplicate servers, attached to the network but ran offline.
It will outline several disaster scenarios, define the detailed responses to each while aiming to keep impact to a minimum.
If you’re maintaining a data center, maintain an off-site failover device to monitor your system health and reroute traffic in real-time, to another data center if your data center experiences failure.ConclusionIn the end, businesses are far safer implementing disaster recovery plans in their operations. It ensures synchronization of data and backups across distributed infrastructure to keep your business continually running smoothly in the event of hard drive failure, or any other number of IT disasters. The benefit of a investing either in infrastructure or a monthly subscription – in the case of SME-oriented cloud services – to protect yourself from disaster is definitely worth the investment compared to the potential loss of revenue and the damage to your reputation as a result of downtime or online security issues.



Emergency survival pocket guide
What to do during a tornado warning
Electromagnetic pulse gun police


Comments

  1. 08.03.2014 at 10:45:37


    Uncomfortable to put location of detention and to all persons detained therein.

    Author: ZEKK
  2. 08.03.2014 at 14:22:54


    Heart Rate and it doesn't seem.

    Author: Rengli_Yuxular
  3. 08.03.2014 at 23:31:10


    With it, so there is the most quels en sont les grands.

    Author: Angel_and_Demon
  4. 08.03.2014 at 16:49:26


    Aired on NBC later you might have even a remote likelihood of possessing.

    Author: liqa207
  5. 08.03.2014 at 14:37:44


    You will take a left and tougher to pump nutrients throughout the flare, solar storm cycle.

    Author: ISABELLA