Large, medium or small, no organization today can afford to ignore a disaster recovery and risk management plan.
In the absence of a trusted advisor with the experience to handle disaster recovery and risk management, your business could suffer irretrievable loss. Step Fwd IT will help you prepare for disaster and manage risk without interrupting productivity and delivery of services. Evolving information age regulations are making reporting, archiving, and disaster recovery plans all mandatory common day protocols for businesses. A flood, fire or natural disaster causes communication breakdown, power outage and in all likelihood, prevents access to your business premises.
Drawing up strategies for disaster recovery audit, maintenance and continuous improvement are the key final stages in the development of a disaster recovery programme.
Now, when looking at preparation of disaster recovery audit, maintenance and continuous improvement strategies, ISO 27031 also provides some important recommendations. Any change to ICT services which may affect the disaster recovery capability should be implemented only after the business continuity implications of the change have been assessed and addressed.
As noted in previous articles in this series, disaster recovery strategies and procedures help organisations protect their investments in IT systems and operating infrastructures. Whether you use an internal audit department or an external auditing firm, be sure to periodically evaluate your disaster recovery programme to ensure it continues to be fit for purpose and compliant with industry standards and company policies. Define the internal audit plan for IT disaster recovery and document the criteria, scope, method and frequency of audits. Have audit results documented and reported to senior management, who should review the audit results and support follow-up corrective actions. When building a disaster recovery maintenance plan, be sure to secure senior management review and approval. Generate periodic, (for example, quarterly) maintenance reports to management, highlighting the status of maintenance activities and issues that need to be addressed. Once the disaster recovery project is completed, launch an ongoing process of continuous improvement. Your organisation can continually improve disaster recovery and business continuity activities by monitoring the overall programme and applying preventive and corrective actions, such as periodic reviews of program performance, as appropriate. This paper discusses an approach for creating a good disaster recovery plan for a business enterprise.
When a disaster strikes, the normal operations of the enterprise are suspended and replaced with operations spelled out in the disaster recovery plan.
The second section of this paper explains the methods and procedures involved in the disaster recovery planning process. Simple "one cause multiple effects" diagrams (Figure 3) can be used as tools for specifying the effects of each of the disasters. Once the list of entities that possibly fail due to various types of disasters is prepared, the next step is to determine what is the downtime tolerance limit for each of the entities. How the disaster affected entities depend upon each other is crucial information for preparing the recovery sequence in the disaster recovery plan. The roles, responsibilities, and reporting hierarchy of different committee members should be clearly defined both during normal operations and in the case of a disaster emergency.
Note that not all the members of the Disaster Recovery Committee may actively participate in the actual disaster recovery.
Quick and precise detection of a disaster event and having an appropriate communication plan are the key for reducing the effects of the incoming emergency; in some cases it may give enough time to allow system personnel to implement actions gracefully, thus reducing the impact of the disaster. The best strategy is to have some kind of disaster recovery plan in place, to return to normal after the disaster has struck.
The ultimate results are a formal assessment of risk, a disaster recovery plan that includes all available recovery mechanisms, and a formalized Disaster Recovery Committee that has responsibility for rehearsing, carrying out, and improving the disaster recovery plan.
Figure 1 depicts the cycle of stages that lead through a disaster back to a state of normalcy.
The plan should also define how to restore operations to a normal state once the disaster's effects are mitigated.
A higher value would mean longer restoration time hence the priority of having a Disaster Recovery mechanism for this risk is higher.


This information becomes crucial for preparing the recovery sequence in the disaster recovery plan. This committee should have representation from all the different company agencies with a role in the disaster recovery process, typically management, finance, IT (multiple technology leads), electrical department, security department, human resources, vendor management, and so on.
Disaster recovery risk assessment and business impact analysis (BIA) are crucial steps in the development of a disaster recovery plan. To do that, let us remind ourselves of the overall goals of disaster recovery planning, which are to provide strategies and procedures that can help return IT operations to an acceptable level of performance as quickly as possible following a disruptive event. Having established our mission, and assuming we have management approval and funding for a disaster recovery initiative, we can establish a project plan. A disaster recovery project has a fairly consistent structure, which makes it easy to organise and conduct plan development activity.
As you can see from The IT Disaster Recovery Lifecycle illustration, the IT disaster recovery process has a standard process flow. Following the BIA and risk assessment, the next steps are to define, build and test detailed disaster recovery plans that can be invoked in case disaster actually strikes the organisation’s critical IT assets. Detailed response planning and the other key parts of disaster recovery planning, such as plan maintenance, are, however, outside the scope of this article so let us get back to looking at disaster recovery risk assessment and business impact assessment in detail.
Working with IT managers and members of your building facilities staff as well as risk management staff if you have them, you can identify the events that could potentially impact data centre operations. Supply chain disruptions present a key risk, said Susan Young, MBCI, a risk management professional with a London-based insurance company. Contact us online and Join our mailing list list to stay up to date on trends and advancements in disaster recovery planning and risk management.
Whether you retain our services for business continuity planning and implementation, disaster recovery, emergency preparedness, data backup management, or backup server maintenance, your business can depend on quality services and reliable systems.
Having a risk management plan in place will ensure that you can run your business as usual in the event of a disaster. Disaster recovery’s principal mission is to return IT operations to an acceptable level of performance as quickly as possible following a disruptive event. It shows where the disaster recovery audit, maintenance and continuous improvement fit into the overall disaster recovery lifecycle and framework. Check to ensure that your audit firm has expertise in business continuity and disaster recovery. So, for example, make sure to audit outsourcing vendors to ensure their capabilities support your organisation's disaster recovery strategies and plans. These will include risk assessments, business impact analyses (and updates to existing risk assessments and BIAs), plan reviews, plan exercises, contact list updates, and plan training and awareness activities. The process of preparing a disaster recovery plan begins by identifying these causes and effects, analyzing their likelihood and severity, and ranking them in terms of their business priority. The disaster recovery plan does not stop at defining the resources or processes that need to be in place to recover from a disaster. The first step in planning recovery from unexpected disasters is to identify the threats or risks that can bring about disasters by doing risk analysis covering threats to business continuity. The intention of this exercise is to produce a list of entities affected by failure due to disasters, which need to be addressed by the disaster recovery plan. The cost of downtime is the main key to calculate the investment needed in a disaster recovery plan. Though both concepts are related to business continuity, high availability is about providing undisrupted continuity of operations whereas disaster recovery involves some amount of downtime, typically measured in days. An effective disaster recovery plan plays its role in all stages of the operations as depicted above, and it is continuously improved by disaster recovery mock drills and feedback capture processes.
The effects of a disaster that strikes the entire enterprise are different from the effects of a disaster affecting a specific area, office, or utility within the company. In Figure 3, the entities that fail due to the earthquake disaster are office facility, power system, operations staff, data systems, and telephone system. During a disaster, this committee ensures that there is proper coordination between different agencies and that the recovery processes are executed successfully and in proper sequence. For an enterprise, a disaster means abrupt disruption of all or part of its business operations, which may directly result in revenue loss.


To minimize disaster losses, it is very important to have a good disaster recovery plan for every business subsystem and operation within an enterprise.
But, before we look at them in detail, we need to locate disaster recovery risk assessment and business impact assessment in the overall planning process. Such plans provide a step-by-step process for responding to a disruptive event with steps designed to provide an easy-to-use and repeatable process for recovering damaged IT assets to normal operation as quickly as possible. Step FWD IT will work hand-in-hand with your organization to help you develop a cohesive disaster recovery plan. Continuous improvement is an ongoing activity that occurs at all points in the DR planning lifecycle, and can be implemented through effective programme management. When applied to disaster recovery, continuous improvement ties together the previously discussed disaster recovery audit and maintenance activities and leverages the results of both to introduce improvements to the process on an ongoing basis. Human caused: These disasters include acts of terrorism, sabotage, virus attacks, operations mistakes, crimes, and so on. It may be noticed that two or more disasters may affect the same entities, and it can be determined which entities are affected most often. Considering multiple options and variations of disaster recovery mechanisms available, it is necessary to carefully evaluate the best suitable recovery mechanism for an affected entity in a particular organization. Execution Phase: In this phase, the actual procedures to recover each of the disaster affected entities are executed.
Effects of disasters range from small interruptions to total business shutdown for days or months, even fatal damage to the business. At the earliest possible time, the disaster recovery process must be decommissioned and the business should return to normalcy.
Now it is time to map out plans for disaster recovery audit, maintenance and continuous improvement. As always, secure senior management authorisation when organising a continuous improvement programme. Supplier: These risks are tied to the capacity of suppliers to maintain their level of services in a disaster.
A key factor in evaluating risks associated with telephone systems is to study the telephone architecture and determine if any additional infrastructure is required to mitigate the risk of losing the entire telecommunication service during a disaster.
The disaster recovery system cannot replace the normal working system forever, but only supports it for a short period of time.
Nowadays most of the meteorological threats can be forecasted, hence the chances to mitigate effects of some natural disasters are considerable.
Those events with the highest risk factor are the ones your disaster recovery plan should primarily aim to address.
Water: There are certain disaster scenarios where water outages must be considered very seriously, for instance the impact of a water cutoff on computer cooling systems. A hurricane affecting a specific geographic area, or a virus spread expected on a certain date are examples of disasters with advance notice.
Finally, ongoing procedures for testing and improving the effectiveness of the disaster recovery system are part of a good disaster recovery plan.
After the disaster detection, a notification should be sent to the damage assessment team, so that they can assess the real damage occurred and implement subsequent actions. And the fourth section explains what information the disaster recovery plan should contain and how to maintain the disaster recovery plan.
To mitigate the risk of disruption of business operations, a recovery solution should involve disaster recovery facilities in a location away from the affected area. Once the disaster risks have been assessed and the decision has been made to cover the most critical risks, the next step is to determine and list the likely effects of each of the disasters.



Pet animal care games
Earthquake map
Business continuity planning software reviews
Emp orr bags


Comments

  1. 30.06.2015 at 10:55:15


    Where you are provided sets.

    Author: QaQaW_ZaGuLbA
  2. 30.06.2015 at 12:26:36


    Committee will have an understanding of the overall corporate impact of an emergency, they.

    Author: DeatH