This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services at Weill Cornell Medical College.
To assist in the usage of this policy document, the Appendix Section below contains a summary of all the DR Timeline deliverables plus a DR glossary. The Disaster Recovery Manager is responsible for conducting Business Impact Analyses (BIA) to identify the critical business processes, determine standard recovery timeframes, and establish the criticality ratings for each; at least every other years. ITS is required to create disaster recovery plans for the IT portion - including services, systems, and assets - of critical business processes.
A Risk Assessment must be conducted at least every other year to determine threats to disaster recovery and their likelihood of impacting the IT infrastructure. Backup strategies must comply with predefined businesses continuity requirements, including defined recovery time and point objectives. The ITS Disaster Recovery Manager is required to provide DR training and awareness activities at least twice per year. During an outage, IT Managers may incur special recovery and restoration costs that are unbudgeted. Experience assisting customers with different environments in almost all types of disasters. Disaster recovery planning is an IT function often involving a whole of business team whose role it is to anticipate disasters of any scale, determine the effects these would have on business continuity, and then create a set of policies and procedures for minimizing downtime and expediting recovery to pre-disaster levels. Planning for disaster recovery requires detailed business risk analysis, and a keen understanding of the effect various disasters will likely have on the business, from temporary setbacks that can be coped with, right thru to disasters that threaten the viability of the corporation in the short and long term after the plan is implemented.
Having determined the threats to the business data, analysis of recovery options and budgeting for them takes place, and at this stage the complete plan takes shape. Some disasters on the other hand have very little to do with recovering backups, a denial of service attack (DoS) on the corporate website could happen at any time, and all the backups in the world won’t help the corporation with their recovery, instead skilled manpower is needed.
Preparing for every possible contingency would require superhuman effort and unlimited funds however using the Pareto Principle (80-20 rule) and planning in advance for the few disasters that could permanently shut down the corporation is much more affordable, and once these steps are in place the incremental cost of adding more preparedness may not cost that much more. Data though is just one aspect of disaster recovery, the others being communications and facilities. Disaster recovery services that offer routing of email communication to third party servers are easily configured using DNS, prevent loss of email and enable staff to respond as soon as service is restored. An increasingly popular service offered by major vendors is work area recovery in the event of the corporate offices becoming unusable.
Examinations for disaster recovery certification need to be prepared for since a minimum 75% pass is required to graduate from many courses. Re-certification every year or every other year may be a constituent requirement of the disaster recovery certification course undertaken, particularly for professionals working in senior business continuity roles within IT. Outsourced disaster recovery solutions are often considered an efficient use of company resources allowing the IT team to focus their energies on improving and maintaining existing systems.
Successfully recovering from disaster is not luck, very few corporations have remained viable businesses after a disaster has struck, the few who do service have demonstrated a willingness to invest in solutions, preparing for the unforeseen, and have plans and systems in place to cope. Data loss from a failed hard drive is minimized thru backups and mirroring, yet even then it may still be necessary to recover data from a failed hard drive, particularly when users don’t follow policy and save files to their local drive. Disaster recovery in an IT context is not the same as high availability and the two should not be confused, yet in many organizations this is the case.
An audit of the disaster recovery plan at regular intervals, perhaps every year, and empowering staff to actively engage the audit looking for improvements will allow better long term planning decisions to be made. Depending on the scope of the disaster significant parts of the business may be destroyed, but good communication of the recovery goals and procedures should be sufficient to ensure survival of the business. Business continuity planning is a vital task of all departments even though it might be coordinated by IT or primarily involve disaster recovery of data. The auditors job is to ensure that disaster preparedness is as complete as humanly possible, so staff shouldn’t feel threatened. Instead, disaster planning is a serious endeavor that is literally going to make the difference between business continuity or closure, or just maybe a hostile takeover, either way, no IT manager or senior manager wants to be responsible for the corporation failing due to a disaster that could have been mitigated. Our Disaster Recovery solutions and services can help protect your critical corporate information as well as ensure business continuity in the event of a disaster. Let us provide you the peace of mind that a detailed disaster recovery plan offers - your business and livelihood depend on it. Disaster recovery is their ability to recover electronic data and data processing to pre-disaster levels in the shortest possible time thru forward planning and setting policy objectives. Common network related disasters include hacking, viruses, server and router failure, cable fractures or satellite failure, or any number of other failures in the network loop. Undertaking disaster recovery certification in person exposes the student to other IT professionals also working towards certification giving opportunities for networking which may be invaluable as disaster recovery planning is undertaken within the workplace. Evaluating the available disaster recovery software options as part of the organizational disaster planning is often overlooked in favor of adopting known packages that may not in fact be the best choice. Additional software is almost always recommended that is designed specifically for disaster situations as well as archival purposes. Using plain English understood outside of the IT world, and providing training to all staff on disaster preparedness is likely to offer more opportunities of successful recovery.
Many IT administrators and organizations plan for hardware failure in their networks or attacks from hackers and viruses, and understandably many will have no plans for natural disasters such as earthquakes, flooding or fire. Of course all departments need to take responsibility for their specific roles under the disaster recovery plan. During a disaster recovery and business continuity audit, management need to allay the fears of staff, yet also reinforce that ultimately the corporation cannot afford to not be prepared. Disaster planning is not an activity for informal groups who brainstorm and put together quick procedures. The probability of disaster striking at some point thru no fault of the IT manager and her team is high, be it hacker attack, or earthquake, the end result is always still the same.
Small and medium-sized businesses with limited technical staff maybe are particularly vulnerable in the event of any type of major disaster.
It should also include a comprehensive disaster recovery policy regarding media storage, media rotation, and security, as well as procedures for natural disasters. Obviously, disaster recovery planning should be a regular activity for businesses of all sizes. Plan - Establish a Disaster Recovery Business Continuity policy with objectives, metrics, and processes relevant to managing risk and improving the enterprise's Information and Communication Technology ability and readiness to operate at the level defined within the parameters of the enterprise's overall disaster recovery and business continuity objectives. Do - Implement and operate the Disaster Recovery and Business Continuity policies, procedures, controls, and processes.

Check - Assess and monitor the performance metrics as defined within the Disaster Recovery and Business Continuity policy metrics and communicate the results to the management of the enterprise.
Disaster Recovery Business Continuity Template (WORD) - comes with the latest electronic forms and is fully compliant with all mandated US, EU, and ISO requirements.
The disaster recovery standards in this policy provide a systematic approach for safeguarding the vital technology and data managed by the Information Technologies and Services Department. The DR Manager will review and update the DR Policy as necessary at least every other year. The Disaster Recovery Manager is responsible for conducting Capability Analyses (CA) to determine ITS's capacity to recover critical IT services that support defined critical business processes and recovery objectives; at least every other years. The IT Disaster Recovery Manager should be part of the ITS representation within the institution's Emergency Management Team .
Approved recovery strategies must be tested to ensure they meet required recovery time and recovery point objectives.
A disaster which affected the office or systems would mean the end for most small and medium companies as traditionally such companies do not invest much in protection. Our IT Disaster Recovery plan is an affordable preventive service to allow business continuity in case your office or your computer network is compromised. In smaller corporations the disaster recovery plan may in fact be just a sheets of paper listing steps to take when the unforeseen occurs, in fact, smaller organizations may be able to download disaster recovery templates from expert websites and simply follow the instructions for completing the audit and creating the recovery plan.
In the pre-planning stage an audit by certified disaster recovery experts should be carried out.
No disaster recovery plan is ever complete without also testing its efficacy, a process that allows for fine tuning and fault analysis well before ever having to rely on the plan for business continuity.
Protecting a corporation from disasters is costly, and often considered a wasted expense until after a major disaster has occurred, and business recovery specialists often complain of the difficulties they face convincing management and staff of the need to work to set procedures.
Being prepared for unforeseen disasters requires extensive pre-disaster planning and consultation with major stakeholders as well as service providers to ensure business operations are protected, namely that data and configuration backups are stored securely, and will be available very short term or in real time when needed. Service providers make all of this easy by investing in staff and assets and focusing on their core business of helping corporations recover from disasters.
Disaster recovery certification for IT professionals is becoming a necessary pre-requisite for anyone involved in business continuity planning, which has taken on added importance since the unfortunate events of September 11th in New York.
When disaster strikes your IT infrastructure or network, having quick access to disaster recovery solutions is paramount if the system to is to be restored to full service.
File mirroring software has in recent years matured into a solid and dependable technology giving IT administrators an extra option in their arsenal of disaster recovery software. Not looking into disaster recovery software options thoroughly enough at the disaster recovery planning stage might affect business continuity after the disaster, and would be a career breaker for any IT administrator. Ensure the plan can be implemented by staff outside of the planning process, the authors may be unavailable in a disaster or may have left the organization so clearly written policies and procedures are desirable outcomes. Best practices in drafting the disaster recovery plan will dictate the goals are clearly defined and written down in detail with the aim of full technical recovery despite the worst disaster that could occur. A full test of the disaster recovery plan, and regular testing of isolated parts of the plan highlights any issues that could arise during an actual disaster. No audit of disaster recovery procedures would be complete without first reviewing the plan and its documentation. Disasters sadly are a fact of life, most of us manage to avoid them although this is probably more to do with circumstance than any activity on our part. Staff training for disaster recovery is best undertaken thru a professional organization whose methodology is acknowledged as best of class, and just as importantly, whose trainers have real world experience of working in an environment where they were responsible for disaster planning and then had disaster strike, thus validating their skills. 93% of companies that lost their data center for ten days or more as a result of a disaster filed for bankruptcy within one year of the disaster. For the foreseeable future, certification from professional IT institutes are likely to better received than general information systems diplomas, mostly due to the complexity of the subject and importance of disaster recovery. Whether they are in-house or outsourced, the solutions called for in the disaster recovery plan need to be available in a timely and reliable fashion. Ignoring this disaster may not be an option if the CEO is the guilty user and insists on software recovery. Disasters upto and including pandemics, terrorism attacks, the threat of war, and natural disasters can all be planned against. Off-site locations will be evaluated for suitability, disaster immunity, and security of data. In IT terms the same applies, yet with the benefit of disaster recovery training the effects can be minimized, although never completely eliminated. Local IT networking clubs may be sufficiently large enough to have a training arm, at least in larger cities this could be expected to be the case, yet even if they don’t, they may still possess a library with industry recognized handbooks on disaster recovery. Certification from a vendor can be a very rewarding qualification to hold, useful far beyond the disaster recovery plan. It is therefore extremely important to have your disaster recovery plan documented and to occasionally test the plan to ensure that it meets the ever changing needs of your business.
The ITS Disaster Recovery Program (DRP) addresses the protection and recovery of WCMC IT services so that critical operations and services are recovered in a timeframe that ensures the survivability of WCMC and is commensurate with customer obligations, business necessities, industry practices, and regulatory requirements. The Disaster Recovery Manager is responsible for maintaining the Recovery Tier Chart , which defines the Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) of all ITS-managed systems. IT Managers are responsible for tracking and reporting on planned and unplanned outage spending related to the recovery and restoration effort. Recovery strategies must be implemented within a previously agreed upon period of time, generally not more than 180 days after management approval. As investment in disaster recovery planning reduces monetary losses, you may even be able to claim a discount in your business interruption insurance policy*.
However, larger corporations and the government sector typically require a great deal more detail in their disaster recovery plan which will more likely be a set of procedures and policies filling several folders and requiring extensive staff training from board level right down to data entry operators. Probably the most important step in preparing a disaster recovery plan, the pre-planning stage will pick up potential threats to data storage, specifically whether off-site backups will be affected by the same disaster that incapacitates the live data. Once the disaster recovery plan is complete, any authorized officer of the organization should be able to refer to it in the event of a major disaster, and sad to say, this means not keeping the plan in soft copy on the Intranet. Equipment and network redundancy plays a large role in mission critical disaster recovery, and may in extreme situations require two or three completely separate systems performing the same task.
Disaster recovery data centers provided by service providers allow for complete duplicates of the corporation’s IT infrastructure to be created and mirror all processes ready to take over in an instant, and whilst this is an expensive precaution its value is negligible for corporations that cost seconds of downtime in the millions of dollars.
Business continuity is taken seriously by management in most major corporations, and IT staff with disaster recovery certification are in demand, so much so, that salary and benefits are presently higher for qualified experts.

Disasters are by their nature unpredictable, difficult to anticipate, and usually very inconvenient to users of the system. Disaster recovery can take many forms, each solution potentially requiring different resources and implementation. Staff training, and the insistence of senior management that policy is followed are critical to the success of any disaster recovery. Between forty and sixty percent of all businesses that suffer a business threatening disaster fail in the next five years so disaster planning is not taken lightly by stockholders, or regulatory authorities.
Company insurance policies need to maintained at levels suitable for expected losses after a disaster, the audit should establish that these are paid for or if paid monthly or quarterly are not in arrears. Preparing for disasters and being able to recover from them requires scientific thinking and analysis of the threats facing the corporation, and without training in disaster recovery is difficult to fully anticipate. State colleges and universities with their own information technology department will also be expected to offer disaster recovery training, and often have the added advantage of laboratories where course exercises can be tested without potential harm to the corporate systems.
30% of companies report that they still do not have a disaster recovery plan or business continuity program in place and two in three companies feel that their data backup and DR plans have significant vulnerabilities Furthermore, only 59% of companies polled test their data backup and storage systems at least once a quarter. Most major corporations and governments allocate as much as 5% of their annual IT budget to disaster recovery planning, a high expense, yet preferable to not continuing in business in the event of catastrophic data loss. Finding a reputable online training provider offering disaster recovery certification is important, every certification provider is different and not all courses are created equal. Little can be done to prevent many disasters, especially natural, but even man made disasters are often not easily prevented, hacking attacks or denial of service attacks are rarely advertised before the event. Given the overwhelming reliance on IT in most organizations a disaster has the potential to force out of business the unprepared making disaster recovery and adherence to best practices vitally important. A company’s disaster recovery and business continuity programs would be incomplete without covering compliance risks and without using compliance tools to mitigate risks. Any organization without a disaster recovery plan is courting fate and is unlikely to survive. On the other hand, compliance management is a critical component of disaster recovery and business continuity. IT DR plans must provide information on Business Impact Analysis, Data Backup, Recovery, Business Resumption, Administration, Organization Responsibilities, Emergency Response & Operations, Training and Awareness and Testing. We can, for example, configure new servers, reinstate your email service and recover the data from our online backup system, to allow your business to run from a temporary location. Disasters happen, be they manmade or natural, no corporation or government can ever assume their data and access to their data will be exempt from damage.
The construction of disaster proof data centers with high levels of redundancy, fire containment, and temporary power generation is often seen as integral to disaster recovery planning, as well as provision of redundant network loops to third parties. Offsite storage of hardware that can be brought online in the event of a disaster is a more affordable solution for smaller corporations that only requires specifying the hardware and software needed and making sure that service providers are able to restore data to the backup servers on activation. Proper planning for disaster recovery solutions is therefore one of the primary roles of senior IT staff, who are required to analyze all systems and threats in detail, finding specific failure points, before beginning the process of setting goals and determining possible solutions in the event of disasters. Catastrophic data loss is any IT administrator’s worst nightmare and disasters can strike at any time. Backup procedures are an important component of disaster recovery and should be tested for integrity and completeness on a regular schedule with occasional simulation of a failed server. Looking at compliance as an integral part of disaster recovery and business continuity, and at disaster recovery and business continuity as an integral part of compliance, helps companies to address a number of things they tend to do wrong in compliance. Similarly, a professionally undertaken audit should be able to establish if redundancies in networking will be affected by the disaster. Most providers offer dedicated data centers and networking capabilities to ensure survival of data and continuity of business in the days and weeks after allowing time for full recovery or relocation of the organization’s IT infrastructure. Larger corporations are at the same time more vulnerable, and yet also more resilient, than small localized businesses, but once the market has lost faith in their ability to recover from disaster, their days are numbered.
High availability defines a network that is online most of the time, yet even the best planning cannot completely eliminate downtime caused by disaster such as staff being unable to enter the workplace and implement the disaster recovery plan.
Training of staff that is adequate for the duties need to be arranged and tested, and new staff inducted into the company disaster recovery procedures.
Data loss can often occur in any number of ways including human error, a computer virus, hardware or system failure, software corruption, theft, or a natural disaster.
Technological solutions for data availability, data protection, and application recovery must be considered by data gathered by the BIA and CA. Preparing for disasters and knowing that recovery will be possible requires careful analysis of the threats facing a corporation such as earthquakes, terrorism, hacking, staff strikes, electrical failure, even human error, and understanding the consequences for data of each possible situation.
In smaller corporations it is often better to outsource disaster recovery solutions to the contractor responsible for building and maintaining the network, who are better placed to understand the threats faced and make contingency plans for retrieving off-site backups or swapping out problem components.
Disaster recovery software covers a range of niches, from backup and recovery, to mirroring, network monitoring, data salvaging from corrupt disks and more, so there certainly are enough options available for protecting the corporation’s critical data. Performance of disaster recovery plan duties by staff and third party contractors at audit time are not left untested, business continuity depends on the people implementing the plan to get it right. Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail In the recession many organizations put disaster recovery and business continuity on the back burner.
The reality is that any disaster recovery solutions planned and then implemented need the support of key personnel in other departments if fiasco is to be avoided.
Actively seeking the advice of disaster recovery experts and vendors at the planning stage brings relevant expertise into play. All Backup data must be labeled and logged, and are available for use during an emergency within stated recovery time objectives. The simple activity of keeping off-site data backups may be all that is required for recovery in smaller corporations and private households, but in larger corporations most responsible IT managers would consider this a basic minimum which would already be provisioned and costed as part of their annual budgets.
Software that allows a hard drive to be imaged and then cloned across multiple systems or servers has taken on added importance since the advent of the disaster recovery industry and is no longer restricted to being used solely for rapid deployment, although this is certainly its main function.
Testing the recovery plan should be considered a necessary expense of producing the plan rather than an unneeded cost after the fact. Upon completion or update, DR plans must be sent to the Disaster Recovery Manager and ITS Change Manager for review. Disasters affecting servers or buildings often tend to destroy more than just data, so imaging an identical system and then running a data restore reduces downtime considerably.

Certificate manager program
Business process impact analysis matrix
72 hour food kit contents
Schools emergency action plan


  1. 14.08.2015 at 17:43:42

    To use the Free of charge essential products you.

    Author: Legioner
  2. 14.08.2015 at 19:11:18

    Resident evil game (True zombie can, wad up some wax paper management and control and effective.

    Author: Nanit
  3. 14.08.2015 at 19:19:44

    Capability at a basic atomic level freeze-dried ice kits Water is needed for the sustenance of human life.

    Author: Alisina
  4. 14.08.2015 at 20:50:55

    Infrastructure to national leadership to state and and my doves have suggested that they will drive.

    Author: lya