Learn how to develop disaster recovery strategies as well as how to write a disaster recovery plan with these step-by-step instructions.
Formulating a detailed recovery plan is the main aim of the entire IT disaster recovery planning project.
Once this work is out of the way, you’re ready to move on to developing disaster recovery strategies, followed by the actual plans. Once you have identified your critical systems, RTOs, RPOs, etc, create a table, as shown below, to help you formulate the disaster recovery strategies you will use to protect them. Once your disaster recovery strategies have been developed, you’re ready to translate them into disaster recovery plans.
In addition to using the strategies previously developed, IT disaster recovery plans should form part of an incident response process that addresses the initial stages of the incident and the steps to be taken.
The following section details the elements in a DR plan in the sequence defined by ISO 27031 and ISO 24762. Important: Best-in-class DR plans should begin with a few pages that summarise key action steps (such as where to assemble employees if forced to evacuate the building) and lists of key contacts and their contact information for ease of authorising and launching the plan. The best approach for penetration testing is to use a combination of tools with different approaches.
Failure to prepare for it can give an otherwise ideal model a theoretical name and spell disaster for those associated with the discharge of its responsibilities.
The attacks on America have brought home the realization of the horrors of disaster when it strikes. As the experience dictates, putting the pieces together is not just technology but involves people and communication and the recognition that any problems here can be solved only through superior personal leadership skills combined with positive, strategic communication and in troubleshooting tough, touchy, sensitive corporate communications issues.
In the aftermath of 11 September 2001, as organizations began to build through the process of responding, reconstructing, restoring and recovering, they realized that classic recovery planning that focused on how to restore centralized data centers was far from adequate for contemporary businesses.
Business continuity and disaster recovery are so vital to business success that they no longer remain a concern of the IT department alone. The events of 11 September have forced organizations to review their disaster recovery plans, especially in light of new technology.
Disaster recovery efforts of the past were designed to provide backup options for centralized data centers. Nonetheless, the components to integrated business continuity are the same: recovery options for facilities, technology, network infrastructure and human skills.
The goal for companies with no business tolerance for downtime is to achieve a state of business continuity, where critical systems and networks are available no matter what happens. Finally, organizations must make an executive commitment to regularly test, validate and refresh their business continuity and disaster recovery programs to protect the organization against perhaps the greatest risk of all—complacency.
There are two main reasons why organizations do not test their disaster recovery plans regularly. With good planning, a great deal of disaster recovery testing can be accomplished with modest expenditure.
Hypothetical—The hypothetical test is an exercise, first, to verify the existence of all necessary procedures and actions specified within the recovery plan and, second, to prove the theory of those procedures. Component—A component is the smallest set of instructions within the recovery plan that enables specific processes to be performed.

Full—The full test verifies that each component within every module is workable and satisfies the strategy and recovery time objective (RTO) requirements detailed in the recovery plan.
To achieve the first objective, a computer system of similar capacity and speed must be available for the estimated RTO as stipulated in the plan.
It is in these plans that you will set out the detailed steps needed to recover your IT systems to a state in which they can support the business after a disaster.
Then, you’ll need to establish recovery time objectives (RTOs) and recovery point objectives (RPOs). Here we’ll explain how to write a disaster recovery plan as well as how to develop disaster recovery strategies.
Areas to look at are availability of alternate work areas within the same site, at a different company location, at a third-party-provided location, at employees’ homes or at a transportable work facility. You’ll need to identify and contract with primary and alternate suppliers for all critical systems and processes, and even the sourcing of people. Be prepared to demonstrate that your strategies align with the organisation’s business goals and business continuity strategies. Procedures should ensure an easy-to-use and repeatable process for recovering damaged IT assets and returning them to normal operation as quickly as possible. This process can be seen as a timeline, such as in Figure 2, in which incident response actions precede disaster recovery actions. The next section should define roles and responsibilities of DR recovery team members, their contact details, spending limits (for example, if equipment has to be purchased) and the limits of their authority in a disaster situation. Based on the findings from incident response activities, the next step is to determine if disaster recovery plans should be launched, and which ones in particular should be invoked. A section on plan document dates and revisions is essential, and should include dates of revisions, what was revised and who approved the revisions. Once the plan has been launched, DR teams take the materials assigned to them and proceed with response and recovery activities as specified in the plans.
Located at the end of the plan, these can include systems inventories, application inventories, network asset inventories, contracts and service-level agreements, supplier contact data, and any additional documentation that will facilitate recovery.
These are essential in that they ensure employees are fully aware of DR plans and their responsibilities in a disaster, and DR team members have been trained in their roles and responsibilities as defined in the plans.
If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Even though the components of a perfect disaster recovery plan may exist, at the time of crisis they could be rendered useless in a matter of minutes. These plans did not address the need for continuous operation of key business processes in distributed computing environment. Organizations have realized that virtually all information technology components, including distributed open systems, large mainframes, desktop and mobile personal computers and work group servers must interact seamlessly to ensure accessibility to the information deemed critical to their business.
Disaster recovery efforts of the present multivendor, multiplatform environment require a plan designed for integrated business continuity. This means thinking proactively; engineering availability, security and reliability into business processes from the outset—not retrofitting a disaster recovery plan to accommodate ongoing business requirements. The ideal method of testing is for each component to be individually tested and proven before being included in a module (some of these components may be performed and verified during normal daily operational activities).

Then define step-by-step procedures to, for example, initiate data backup to secure alternate locations, relocate operations to an alternate space, recover systems and data at the alternate sites, and resume operations at either the original site or at a new location. Here we can see the critical system and associated threat, the response strategy and (new) response action steps, as well as the recovery strategy and (new) recovery action steps.
If staff relocation to a third-party hot site or other alternate space is necessary, procedures must be developed for those activities. This section should specify who has approved the plan, who is authorised to activate it and a list of linkages to other relevant plans and documents. If DR plans are to be invoked, incident response activities can be scaled back or terminated, depending on the incident, allowing for launch of the DR plans. The more detailed the plan is, the more likely the affected IT asset will be recovered and returned to normal operation. And since DR planning generates a significant amount of documentation, records management (and change management) activities should also be initiated.
The requirements for continuous operations in an e-business, web-speed world are more complex and challenging. The exercise is generally a brief one, taking approximately two hours to conduct, and is designed to look at the worst case for equipment, ensuring the entire plan process is reviewed. The aim of module testing is to verify the validity and functionality of the recovery procedures when multiple components are combined.
This section defines the criteria for launching the plan, what data is needed and who makes the determination. Technology DR plans can be enhanced with relevant recovery information and procedures obtained from system vendors. If your organisation already has records management and change management programmes, use them in your DR planning. Although IT remains central to the business continuity formula, IT management alone cannot determine which processes are critical to the business and how much the company should pay to protect those resources. If one is able to test all modules, even if unable to perform a full test, then one can be confident that the business will survive a major disaster. Included within this part of the plan should be assembly areas for staff (primary and alternates), procedures for notifying and activating DR team members, and procedures for standing down the plan if management determines the DR plan response is not needed. Check with your vendors while developing your DR plans to see what they have in terms of emergency recovery documentation.
Key business initiatives such as enterprise resource planning (ERP), supply chain management, customer relationship management and e-business have made continuous, ubiquitous access to information crucial to an organization. It is when a series of components are combined without individual tests that difficulties occur.Examples of module tests include alternate site activation, system recovery, network recovery, application recovery, database recovery and run production processing.

Business impact analysis (bia) wiki
Four phases of business continuity planning process
Type of natural disasters in india


  1. 17.02.2015 at 19:48:23

    Important equipment such as radios and freezers percent of the population would be dead within two.

    Author: ELIK_WEB
  2. 17.02.2015 at 19:52:39

    Would most most likely need in the course of the in water sensible session.

    Author: RESUL_SAHVAR
  3. 17.02.2015 at 15:57:43

    Add a couple of cotton balls and.

    Author: KOROL_BAKU
  4. 17.02.2015 at 17:27:37

    Straightforward to grab and every second, disturbing our.

    Author: SEVKA