Learn how to develop disaster recovery strategies as well as how to write a disaster recovery plan with these step-by-step instructions. Formulating a detailed recovery plan is the main aim of the entire IT disaster recovery planning project. The following section details the elements in a DR plan in the sequence defined by ISO 27031 and ISO 24762. Important: Best-in-class DR plans should begin with a few pages that summarise key action steps (such as where to assemble employees if forced to evacuate the building) and lists of key contacts and their contact information for ease of authorising and launching the plan. Disaster recovery risk assessment and business impact analysis (BIA) are crucial steps in the development of a disaster recovery plan.
As you can see from The IT Disaster Recovery Lifecycle illustration, the IT disaster recovery process has a standard process flow.
Detailed response planning and the other key parts of disaster recovery planning, such as plan maintenance, are, however, outside the scope of this article so let us get back to looking at disaster recovery risk assessment and business impact assessment in detail. It is in these plans that you will set out the detailed steps needed to recover your IT systems to a state in which they can support the business after a disaster. Based on the findings from incident response activities, the next step is to determine if disaster recovery plans should be launched, and which ones in particular should be invoked. Once the plan has been launched, DR teams take the materials assigned to them and proceed with response and recovery activities as specified in the plans.
Then define step-by-step procedures to, for example, initiate data backup to secure alternate locations, relocate operations to an alternate space, recover systems and data at the alternate sites, and resume operations at either the original site or at a new location. Here we can see the critical system and associated threat, the response strategy and (new) response action steps, as well as the recovery strategy and (new) recovery action steps. This section should specify who has approved the plan, who is authorised to activate it and a list of linkages to other relevant plans and documents. The more detailed the plan is, the more likely the affected IT asset will be recovered and returned to normal operation. And since DR planning generates a significant amount of documentation, records management (and change management) activities should also be initiated. If your organisation already has records management and change management programmes, use them in your DR planning.
Included within this part of the plan should be assembly areas for staff (primary and alternates), procedures for notifying and activating DR team members, and procedures for standing down the plan if management determines the DR plan response is not needed. Check with your vendors while developing your DR plans to see what they have in terms of emergency recovery documentation. The RTO defines the length of time that is allowed to pass between system failure and repair before the consequences of the service interruption become unacceptable.The recovery point objective, or RPO, is the maximum amount of data allowed to be lost, measured in time. It ensures synchronization of data and backups across distributed infrastructure to keep your business continually running smoothly in the event of hard drive failure, or any other number of IT disasters.
Today, disaster recovery plans encompass every type of automated system, including mainframes, midrange computers open systems, desktop devices, and perhaps even PDAs (personal digital assistants).
I could go on all afternoon covering the changes just in the years since the first edition of Business Resumption Planning was published. The classical scenarios of fire, flood, earthquake, tornado, sabotage, and other disasters still apply.
At the 100,000-foot level we can split disasters into three categories: natural causes, human error, and intentional causes. Consider the fact that the lines separating the voice communications, data communications, and local area network departments are becoming more blurred than ever. Chances are that all three systems, telecom, open systems, and mainframes, reside today in the same equipment rooms in your organization. I think it's safe to say that most of the people initially tasked with responsibility for a disaster recovery plan by their organizations will not really know where to start. You will undoubtedly have financial constraints and probably will not have all the people you need for the project. I have personally seen this type of plan utilize as few as three steps, and as many as six. Oh, and by the way, if you as the reader are a Big 4 consultant, there is something here for you too.
As I stated earlier, consultants carry credibility with executive management and speak a language in terms executive management understands.
After completion of Phase I and Phase II (typically 90 to 120 days), you will finally begin writing the plan. In summary, often the most difficult part of the planning process is simply getting off square one, and starting. The key to solving the problem is not completely technology based; an IT department needs a good disaster recovery plan for when the worst happens.
A disaster recovery plan needs to cover cyber-attacks, hardware failures, user failure, sabotage and natural disasters. Many just back-up the data daily on drives and disks and send it off-site believing that it is secure. While a basic disaster recovery plan looks good on paper, it lacks a business process that covers what an IT department should do if something goes wrong and how that data can be restored to the business. This forward planning will reveal previously unidentified technology problems, and allow for effective counter measure. Finally, it is recommended that IT departments organize disaster drills similar to those carried out by civil defense organizations in earthquake zones, such as San Francisco.
While this sounds gloomy, when people are ready for the worst, it is more likely that when disaster strikes, the IT department can fix the problem quickly. Drawing up strategies for disaster recovery audit, maintenance and continuous improvement are the key final stages in the development of a disaster recovery programme.
Now, when looking at preparation of disaster recovery audit, maintenance and continuous improvement strategies, ISO 27031 also provides some important recommendations.
Any change to ICT services which may affect the disaster recovery capability should be implemented only after the business continuity implications of the change have been assessed and addressed.
As noted in previous articles in this series, disaster recovery strategies and procedures help organisations protect their investments in IT systems and operating infrastructures.
Whether you use an internal audit department or an external auditing firm, be sure to periodically evaluate your disaster recovery programme to ensure it continues to be fit for purpose and compliant with industry standards and company policies. Define the internal audit plan for IT disaster recovery and document the criteria, scope, method and frequency of audits.

Select auditors and conduct the audit to ensure objectivity and impartiality during the audit process. Have audit results documented and reported to senior management, who should review the audit results and support follow-up corrective actions.
When building a disaster recovery maintenance plan, be sure to secure senior management review and approval.
Generate periodic, (for example, quarterly) maintenance reports to management, highlighting the status of maintenance activities and issues that need to be addressed. Once the disaster recovery project is completed, launch an ongoing process of continuous improvement.
Your organisation can continually improve disaster recovery and business continuity activities by monitoring the overall programme and applying preventive and corrective actions, such as periodic reviews of program performance, as appropriate. The moderated business community for business intelligence, predictive analytics, and data professionals. To do that, let us remind ourselves of the overall goals of disaster recovery planning, which are to provide strategies and procedures that can help return IT operations to an acceptable level of performance as quickly as possible following a disruptive event.
A section on plan document dates and revisions is essential, and should include dates of revisions, what was revised and who approved the revisions. Located at the end of the plan, these can include systems inventories, application inventories, network asset inventories, contracts and service-level agreements, supplier contact data, and any additional documentation that will facilitate recovery. However, for small businesses, disaster recovery may be deemed costly or an unnecessary expense.Disaster recovery is an important aspect of business continuity. Those events with the highest risk factor are the ones your disaster recovery plan should primarily aim to address. It will outline several disaster scenarios, define the detailed responses to each while aiming to keep impact to a minimum.
If you have drawn the short straw and been tasked with producing a plan for your organization, then I am both happy and sad for you. All of these play a role in the conduct of today's business, and all of them will have to be considered in your plan. Advanced telecommunications systems, including the World Wide Web, support voice and data connections to these systems and make them revenue generators by making them more available to customers. Even so, it's amazing to see the degree to which today's IP networks have become multipurpose and completely independent of whether the payload is voice, data, image, video, or something else.
Therefore, operation and security standards that used to apply only to the mainframe should now apply to the servers as well.
Indeed, the responsibility to maintain the integrity of the business in the event of a natural disaster, catastrophic human error, major system failure, or even a terrorist attack can be a daunting task at first glance.
You will need to define your goals and expectations, set clear objectives, and have a measurement in place to gauge your progress. There are career advantages from the visibility you will receive; after all, for many companies disaster recovery planning is a board-of-directors-level issue.
Without management buy-in and endorsement on the project (as well as funding), you are spinning your wheels.
While that might not sound like much, it is the equivalent of 18- 36 days of a business year recovering from some disaster or another. The standard says that any plan should define a response to an incident and lay out an action plan. This was not noticed until the servers containing all of the conveyance and mortgage records crashed and the court needed to carry out an urgent restore. Arranging a drill soon after a disaster recovery plan is developed is vital, particularly if a company has recruited a new data backup provider.
Not only will they have the backed up data, they will know that it works, and how to use it. Senior Systems Advantage is modular, scalable, and customizable, enabling us to effectively meet the needs of both small and large institutions.
Disaster recovery’s principal mission is to return IT operations to an acceptable level of performance as quickly as possible following a disruptive event. It shows where the disaster recovery audit, maintenance and continuous improvement fit into the overall disaster recovery lifecycle and framework.
Check to ensure that your audit firm has expertise in business continuity and disaster recovery. So, for example, make sure to audit outsourcing vendors to ensure their capabilities support your organisation's disaster recovery strategies and plans. These will include risk assessments, business impact analyses (and updates to existing risk assessments and BIAs), plan reviews, plan exercises, contact list updates, and plan training and awareness activities. This process has ties to the “kaizen” philosophy of manufacturing, which encompasses activities to continually improve all manufacturing functions, involving all workers and all processes. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Once you have identified your critical systems, RTOs, RPOs, etc, create a table, as shown below, to help you formulate the disaster recovery strategies you will use to protect them. Having established our mission, and assuming we have management approval and funding for a disaster recovery initiative, we can establish a project plan.
These are essential in that they ensure employees are fully aware of DR plans and their responsibilities in a disaster, and DR team members have been trained in their roles and responsibilities as defined in the plans. For example, in the Lloyd's insurance market in London, all businesses depend on a firm called Xchanging to provide premiums and claims processing.
These and other events have changed and colored our definition of disasters to the point where they have perhaps permanently altered our very psychology as a nation. The impact of such disasters, however, is intensified today when they take enabling technologies with them and potentially affect millions of people. A fourth category can also be added called acts of God as a catch-all for disasters that defy classification (the legal term for this is force majeure).
Today, with the advent of VoIP (Voice integrated with data over the same network) phone service, many companies now lose their voice and data services when an internal, previously all-data network is down. We predicted that fiber optics would make telecommunications like Doritos (eat all you want, we'll make more) and that the network would become increasingly independent of whether the services were voice, data, or something else. That fact needs to be reflected in our recovery plans today, because routers, for example, now do more than only data. Traditional telecommunications switches (those that are still left after IP!) are large computers and require the same protection and operating standards as mainframes.

It's not the platform that's important, it's the application the platform supports, and how long the company can survive without it.
When you think about it, however, as technologists we get presented with all kinds of difficult impossible deadlines and most of the time we do just fine. In fact, count the number of times you have chanted ad infinitum that "this must be a priority," only to have Ernst & Young come in and play a round of golf with your CEO. In the meantime, learn everything you can from the consultant, first and foremost because it broadens your skill set and makes you more valuable, even on other non-disaster-recovery-related projects and, second, so that you can become the flag bearer for the disaster recovery project in Phase II - not the expensive consultant.
Indeed, many things like equipment inventories and personnel call out lists are actually compiled in Phase II. That's why even though we have laid out a thumbnail sketch of a plan and how to implement it, the remaining several hundred pages will dive right into the details. More recently cloud-based offerings from the likes of EMC, HP, Oracle, Amazon and Microsoft have also helped make such back-ups more reliable and affordable. That means that up to 304 man-hours can be allocated every year to disaster recovery and the added workload could push back other IT projects and deployments. This plan should be so detailed and everyone is trained to know what to do at the right time. Most experts believe that a good disaster recovery back-up plan should include some form of automation and testing to eliminate such errors.
This enables an institution to see clearly how data will be returned and what steps are needed to make it usable. Continuous improvement is an ongoing activity that occurs at all points in the DR planning lifecycle, and can be implemented through effective programme management.
When applied to disaster recovery, continuous improvement ties together the previously discussed disaster recovery audit and maintenance activities and leverages the results of both to introduce improvements to the process on an ongoing basis. A disaster recovery project has a fairly consistent structure, which makes it easy to organise and conduct plan development activity. Those with on-premises infrastructure will often invest in additional disaster-recovery tools, such as remote backups, archives, etc.
This section defines the criteria for launching the plan, what data is needed and who makes the determination. At the same time, we are reintroducing tried and tested disaster recovery planning fundamentals. What has remained constant over this time is the fact that computers and communications are more of an indispensable component of our economy than ever.
We predicted that it would come down to how many "gigacells" would traverse the network and how the providers would manage them. For the remainder of this chapter, we will provide some basic information about what your planning objectives should be, what it should cost, where to get resources, and where you should start.
Even if you find out about details and can describe to them, management may not believe you.
Nothing makes for a better and more satisfying consulting engagement than the sense from your client that they have truly learned from you.
But there is no reason that it cannot limit the hours somewhat and use this expensive resource judiciously. The consultants will make the compelling point that disaster recovery is important, presenting all the reasons management needs to fund and endorse the project.
If you expect to have people, money, and resources to complete a plan, there are some steps to take first. Management never gets off the dime in supporting the plan and the organization "studies" it forever. There is a guard in a blue suit with a badge, however, who sits at the front door, and this person has different ideas.
These include not only the obvious things, like budget and technology limitations, but the less obvious ones as well, such as departmental "turf issues" and other politics. Now it is time to map out plans for disaster recovery audit, maintenance and continuous improvement.
In addition to using the strategies previously developed, IT disaster recovery plans should form part of an incident response process that addresses the initial stages of the incident and the steps to be taken. Procedures should ensure an easy-to-use and repeatable process for recovering damaged IT assets and returning them to normal operation as quickly as possible. But, before we look at them in detail, we need to locate disaster recovery risk assessment and business impact assessment in the overall planning process.
Technology DR plans can be enhanced with relevant recovery information and procedures obtained from system vendors. This company enjoys a significant competitive edge by providing patrons with a nationwide "local" telephone number that is easy to remember (especially for guys who mess up and forget their anniversary). In some environments, physically speaking there is literally no difference between the two because Doritos are Doritos and data packets are data packets. This process can be seen as a timeline, such as in Figure 2, in which incident response actions precede disaster recovery actions.
Such plans provide a step-by-step process for responding to a disruptive event with steps designed to provide an easy-to-use and repeatable process for recovering damaged IT assets to normal operation as quickly as possible.
Think of it as a new learning experience that will elevate your standing as a technologist and broaden your horizons. It is almost always under refinement and, besides, you can't trash all the equipment you have today and buy new equipment. The next section should define roles and responsibilities of DR recovery team members, their contact details, spending limits (for example, if equipment has to be purchased) and the limits of their authority in a disaster situation.
You have to phase out what you have and replace it with equipment having fault-tolerant or disaster-resistant characteristics. This is because you are using fewer and fewer resources like outside consultants, and you are doing (and learning) more and more of the work yourself.

Disaster recovery itil definition
Indian country singer


  1. 02.12.2013 at 13:21:48

    Any bridges, overpasses funded EMP investigation and development applications and.

    Author: RAZiNLi_QIZ
  2. 02.12.2013 at 21:46:17

    Spent and what appoint an emergency if you can try boiling the water.

    Author: XoD_GedeN_909
  3. 02.12.2013 at 13:46:10

    Preppers and conspiracy theorists i am searching into how.

    Author: KAYFA_SURGUN