This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services at Weill Cornell Medical College.
The disaster recovery standards in this policy provide a systematic approach for safeguarding the vital technology and data managed by the Information Technologies and Services Department. The ITS Disaster Recovery Program (DRP) addresses the protection and recovery of WCMC IT services so that critical operations and services are recovered in a timeframe that ensures the survivability of WCMC and is commensurate with customer obligations, business necessities, industry practices, and regulatory requirements. The Disaster Recovery Manager is responsible for conducting Capability Analyses (CA) to determine ITS's capacity to recover critical IT services that support defined critical business processes and recovery objectives; at least every other years. The Disaster Recovery Manager is responsible for maintaining the Recovery Tier Chart , which defines the Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) of all ITS-managed systems. ITS is required to create disaster recovery plans for the IT portion - including services, systems, and assets - of critical business processes. A Risk Assessment must be conducted at least every other year to determine threats to disaster recovery and their likelihood of impacting the IT infrastructure. Approved recovery strategies must be tested to ensure they meet required recovery time and recovery point objectives.
During an outage, IT Managers may incur special recovery and restoration costs that are unbudgeted.
Disaster recovery risk assessment and business impact analysis (BIA) are crucial steps in the development of a disaster recovery plan. To do that, let us remind ourselves of the overall goals of disaster recovery planning, which are to provide strategies and procedures that can help return IT operations to an acceptable level of performance as quickly as possible following a disruptive event. Having established our mission, and assuming we have management approval and funding for a disaster recovery initiative, we can establish a project plan. A disaster recovery project has a fairly consistent structure, which makes it easy to organise and conduct plan development activity.


As you can see from The IT Disaster Recovery Lifecycle illustration, the IT disaster recovery process has a standard process flow.
Following the BIA and risk assessment, the next steps are to define, build and test detailed disaster recovery plans that can be invoked in case disaster actually strikes the organisation’s critical IT assets. Detailed response planning and the other key parts of disaster recovery planning, such as plan maintenance, are, however, outside the scope of this article so let us get back to looking at disaster recovery risk assessment and business impact assessment in detail. A key aspect is to know what services run on which parts of the infrastructure, said Andrew Hiles, FBCI, managing director of Oxfordshire-based Kingswell International. The Disaster Recovery Manager is responsible for conducting Business Impact Analyses (BIA) to identify the critical business processes, determine standard recovery timeframes, and establish the criticality ratings for each; at least every other years. The IT Disaster Recovery Manager should be part of the ITS representation within the institution's Emergency Management Team . Recovery strategies must be implemented within a previously agreed upon period of time, generally not more than 180 days after management approval.
A documented decision making process will be used to determine what subset of backup data will be additionally encrypted, and stored off-site in a secured location outside of the geographical area of the system they are backups of. But, before we look at them in detail, we need to locate disaster recovery risk assessment and business impact assessment in the overall planning process.
Such plans provide a step-by-step process for responding to a disruptive event with steps designed to provide an easy-to-use and repeatable process for recovering damaged IT assets to normal operation as quickly as possible. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Each IT division must develop and maintain a documented emergency plan including notification procedures.
The ITS Disaster Recovery Manager is required to provide DR training and awareness activities at least twice per year.


For example, in the Lloyd's insurance market in London, all businesses depend on a firm called Xchanging to provide premiums and claims processing. IT DR budgeting must be informed annually by requirements gathered in the BIA and CA as well as the ITS budgeting process. IT managers are responsible for briefing staff on their roles and responsibilities related to DR planning, including developing, updating, and testing plans.
Those events with the highest risk factor are the ones your disaster recovery plan should primarily aim to address.
IT Managers are responsible for tracking and reporting on planned and unplanned outage spending related to the recovery and restoration effort. The Service managers are required to prioritize their IT processes and associated assets based upon the potential detrimental impacts to the defined critical business processes. IT DR plans must provide information on Business Impact Analysis, Data Backup, Recovery, Business Resumption, Administration, Organization Responsibilities, Emergency Response & Operations, Training and Awareness and Testing. Technological solutions for data availability, data protection, and application recovery must be considered by data gathered by the BIA and CA.
All Backup data must be labeled and logged, and are available for use during an emergency within stated recovery time objectives.
Upon completion or update, DR plans must be sent to the Disaster Recovery Manager and ITS Change Manager for review. Backup strategies must comply with predefined businesses continuity requirements, including defined recovery time and point objectives.



Emergency procedures for businesses
Food safety during hurricanes


Comments

  1. 02.06.2014 at 17:55:53


    Agency (FEMA) provides checklists and data zombie games.

    Author: ElektrA_CakO
  2. 02.06.2014 at 12:21:17


    Effective CME discharge ever things we could not.

    Author: nice_boy
  3. 02.06.2014 at 15:14:29


    Radio may possibly be far more.

    Author: Turchanka_18