A disaster recovery plan, or DRP, in a business context is a set of procedures mapped out to enable a business to ensure that its technology infrastructure can continue to operate, after the occurrence of either a natural or a human-induced disaster.
The importance of putting in place at least a generic disaster recovery plan can hardly be over-estimated in today’s industrial world. The vast majority of businesses are placing increasing emphasis on the importance of their communication and IT functions, either for managing supply chains, or for dealing with customer transactions and customer service.
When considering how to set up a generic disaster recovery plan, it is important to ensure it is applicable to every possible disaster. It is preferable to keep the generic disaster recovery plan concise, focusing on the most essential information required when a disaster strikes.
The issue of data safety is of course one of the most crucial elements of a generic disaster recovery plan. If you are a business owner considering setting up a generic disaster recovery plan, you may find that one of the most difficult elements is knowing when to start. Today, disaster recovery plans encompass every type of automated system, including mainframes, midrange computers open systems, desktop devices, and perhaps even PDAs (personal digital assistants). The Internet has opened up methods of business that were inconceivable even five years ago. I could go on all afternoon covering the changes just in the years since the first edition of Business Resumption Planning was published.
The classical scenarios of fire, flood, earthquake, tornado, sabotage, and other disasters still apply. At the 100,000-foot level we can split disasters into three categories: natural causes, human error, and intentional causes. Consider the fact that the lines separating the voice communications, data communications, and local area network departments are becoming more blurred than ever.
Reflective of these changes, equipment component categories themselves are becoming blurred as well. Mainframes, in turn, don't require a lot of the excess baggage they once used to require, like chilled water, 400 Hz power, etc. Many "mission-critical" frontline applications continue to migrate to the "open" server environment. Chances are that all three systems, telecom, open systems, and mainframes, reside today in the same equipment rooms in your organization. I think it's safe to say that most of the people initially tasked with responsibility for a disaster recovery plan by their organizations will not really know where to start. The key to a successful project, as any good project manager will tell you, is organization.
You will undoubtedly have financial constraints and probably will not have all the people you need for the project. Consider Figure 2, which illustrates a four-step process to achieve the goals set forth earlier. I have personally seen this type of plan utilize as few as three steps, and as many as six. The idea in Phase I is to utilize the most expensive resources as little as possible, but to accomplish some very complicated goals. What they have that you don't have (but can acquire) is the ability to speak to management in terms they understand. Oh, and by the way, if you as the reader are a Big 4 consultant, there is something here for you too. Getting back to the project manager, remember that high-end consulting resources are expensive.
Let's assume this first phase is being performed by a high-level consultant, like PricewaterhouseCoopers, Ernst & Young, or one of the others.
One course of action you can consider if you can't afford a high-powered consultant to pitch the top brass is to do the executive presentation yourself.
For the moment, however, as this is only an overview, let's return to our four-step process defined previously.
After completion of Phase I and Phase II (typically 90 to 120 days), you will finally begin writing the plan.
In summary, often the most difficult part of the planning process is simply getting off square one, and starting.
The moderated business community for business intelligence, predictive analytics, and data professionals.
As educational institutions become more dependent on their computer data, the cost of losing access to that information is measured in hundreds of thousands of dollars. The key to solving the problem is not completely technology based; an IT department needs a good disaster recovery plan for when the worst happens. A disaster recovery plan needs to cover cyber-attacks, hardware failures, user failure, sabotage and natural disasters. Many just back-up the data daily on drives and disks and send it off-site believing that it is secure. While a basic disaster recovery plan looks good on paper, it lacks a business process that covers what an IT department should do if something goes wrong and how that data can be restored to the business. It is not as if this plan is never going to be used; figures from Storage Sweden suggest that data needs to be restored about five to 10 percent of their backed up data on an annual basis.
This forward planning will reveal previously unidentified technology problems, and allow for effective counter measure. The DRP plan called for older data to be purged to save space, which meant that back-ups were not actually being completed. While this sounds gloomy, when people are ready for the worst, it is more likely that when disaster strikes, the IT department can fix the problem quickly. A DRP is actually one element of the business continuity management process, which involves working out how all aspects of the business will keep functioning, after a major disruption. Organizations often set up plans for fires, floods and earthquakes, yet omit to include arrangements for server or power outages, or application failures. These include the recovery time objective, which refers to how long the business can continue to operate without the essential IT services.
Having an alternative phone is of no use if there is no list of clients, or no access to the inventory system. If you have drawn the short straw and been tasked with producing a plan for your organization, then I am both happy and sad for you.

All of these play a role in the conduct of today's business, and all of them will have to be considered in your plan. Advanced telecommunications systems, including the World Wide Web, support voice and data connections to these systems and make them revenue generators by making them more available to customers. There are portions of this task that can be shared between departments, spreading the workload over more people, the objective being to hopefully come up with a superior plan faster. Even so, it's amazing to see the degree to which today's IP networks have become multipurpose and completely independent of whether the payload is voice, data, image, video, or something else. They can sustain themselves just fine in a well-conditioned space, not necessarily the "environment" that they used to require. Therefore, operation and security standards that used to apply only to the mainframe should now apply to the servers as well. Indeed, the responsibility to maintain the integrity of the business in the event of a natural disaster, catastrophic human error, major system failure, or even a terrorist attack can be a daunting task at first glance.
They may also make the executive pitch complete with some very classy audiovisual material.
This will not be the first or the last time you will have to work within financial constraints. There are career advantages from the visibility you will receive; after all, for many companies disaster recovery planning is a board-of-directors-level issue. Without management buy-in and endorsement on the project (as well as funding), you are spinning your wheels.
As networking bandwidth improved this basic back-up plan included wiring the data to a specialist software vendor who has data center sites in other regions.
While that might not sound like much, it is the equivalent of 18- 36 days of a business year recovering from some disaster or another. The standard says that any plan should define a response to an incident and lay out an action plan.
For example, one of the biggest issues is that backup software is unreliable or misconfigured.
This was not noticed until the servers containing all of the conveyance and mortgage records crashed and the court needed to carry out an urgent restore. Arranging a drill soon after a disaster recovery plan is developed is vital, particularly if a company has recruited a new data backup provider. Not only will they have the backed up data, they will know that it works, and how to use it. Senior Systems Advantage is modular, scalable, and customizable, enabling us to effectively meet the needs of both small and large institutions.
It is possible either to develop a generic disaster recovery plan, which can be adapted to any situation, or to develop customized disaster recovery plans, to deal with individual industries, or specific risk and disaster scenarios. It has been estimated that 20% of companies which experience a disaster go out of business within about five years of the event.
The effects of these can be just as serious as the effects of natural disasters, and they occur much more frequently. They also include the recovery point objective, which estimates how much data the business can afford to lose—for instance, no data at all, or data from the last back-up, or more. The plan must provide for making frequent back-ups of all important records and data, in both hard and digital form, and storing them remotely in a secure location.
These and other events have changed and colored our definition of disasters to the point where they have perhaps permanently altered our very psychology as a nation. The impact of such disasters, however, is intensified today when they take enabling technologies with them and potentially affect millions of people. Today, with the advent of VoIP (Voice integrated with data over the same network) phone service, many companies now lose their voice and data services when an internal, previously all-data network is down.
We predicted that fiber optics would make telecommunications like Doritos (eat all you want, we'll make more) and that the network would become increasingly independent of whether the services were voice, data, or something else. That fact needs to be reflected in our recovery plans today, because routers, for example, now do more than only data. Traditional telecommunications switches (those that are still left after IP!) are large computers and require the same protection and operating standards as mainframes. It's not the platform that's important, it's the application the platform supports, and how long the company can survive without it. In later chapters we discuss in detail about how you can share the duty with other departments (and the cost).
When you think about it, however, as technologists we get presented with all kinds of difficult impossible deadlines and most of the time we do just fine. You are probably not going to be privy to a lot of the details of the core business in your organization, because chances are you work in technical services. In fact, count the number of times you have chanted ad infinitum that "this must be a priority," only to have Ernst & Young come in and play a round of golf with your CEO. The role of a good consultant is to borrow management's watch to tell them what time it is.
You will also delight your client because the techniques described here will not give your client a fish, they will teach your client to fish. In the meantime, learn everything you can from the consultant, first and foremost because it broadens your skill set and makes you more valuable, even on other non-disaster-recovery-related projects and, second, so that you can become the flag bearer for the disaster recovery project in Phase II - not the expensive consultant. They may also produce an executive white paper with lots of graphs that condense 5000 words into four pages (seriously, another very useful talent that a good consultant will possess). If, on the other hand, this prospect intimidates you, you will probably want to get someone to champion it for you. At best you can expect to be assigned the project to complete in your copious spare time, or at home in the evening on the kitchen table. That's why even though we have laid out a thumbnail sketch of a plan and how to implement it, the remaining several hundred pages will dive right into the details. However, for small businesses, disaster recovery may be deemed costly or an unnecessary expense.Disaster recovery is an important aspect of business continuity. More recently cloud-based offerings from the likes of EMC, HP, Oracle, Amazon and Microsoft have also helped make such back-ups more reliable and affordable. That means that up to 304 man-hours can be allocated every year to disaster recovery and the added workload could push back other IT projects and deployments.
This plan should be so detailed and everyone is trained to know what to do at the right time.

Most experts believe that a good disaster recovery back-up plan should include some form of automation and testing to eliminate such errors. These objectives must be identified in advance, in the context of overall organizational goals.
Maybe it's not the system at all, but the telecommunications link that connects the user to a system. At the same time, we are reintroducing tried and tested disaster recovery planning fundamentals.
What has remained constant over this time is the fact that computers and communications are more of an indispensable component of our economy than ever. We predicted that it would come down to how many "gigacells" would traverse the network and how the providers would manage them.
For the remainder of this chapter, we will provide some basic information about what your planning objectives should be, what it should cost, where to get resources, and where you should start. Even if you find out about details and can describe to them, management may not believe you.
On Monday, the CEO comes in with the enthusiasm of a revivalist preacher proclaiming the gospel that "this must be a priority!"- the same advice, incidentally, that you have been giving for the last two years. Nothing makes for a better and more satisfying consulting engagement than the sense from your client that they have truly learned from you.
But there is no reason that it cannot limit the hours somewhat and use this expensive resource judiciously. The consultants will make the compelling point that disaster recovery is important, presenting all the reasons management needs to fund and endorse the project.
If you end up doing it yourself, there are a few tips on how to do it presented later in this book. If you expect to have people, money, and resources to complete a plan, there are some steps to take first.
Management never gets off the dime in supporting the plan and the organization "studies" it forever. If you do things right, you should be able to compile something good enough to get the auditors off your back in 90 to 120 days. There is a guard in a blue suit with a badge, however, who sits at the front door, and this person has different ideas.
These include not only the obvious things, like budget and technology limitations, but the less obvious ones as well, such as departmental "turf issues" and other politics. In any event, the automated system that was originally designed to serve us has now become an irritant in our lives, or maybe something worse. This company enjoys a significant competitive edge by providing patrons with a nationwide "local" telephone number that is easy to remember (especially for guys who mess up and forget their anniversary).
These fundamentals have, astoundingly, changed very little, sometimes over 30 years or more.
You may recall that in 1993, the only technology that would reliably manage "gigacells" was ATM (Asynchronous Transfer Mode). In some environments, physically speaking there is literally no difference between the two because Doritos are Doritos and data packets are data packets.
Sure, consultants will be an expensive resource, but you will only utilize them to accomplish specific objectives in order to keep the cost down. The important thing is not to be intimidated by this project simply because it is something you have not done before. As most experienced managers have dealt first hand with projects of equal or greater complexity, most are up to the task of producing a plan. According to folklore, this company was acquired in the 1990s when it was on the brink of bankruptcy. We will cover that fact in this book as well, as it will save you a lot of legwork as you write your plan. These all depend almost exclusively on one form of "value-added-sand" or another, whether these silicon chips are computer based or the telephone. It is almost always under refinement and, besides, you can't trash all the equipment you have today and buy new equipment. This is because you are using fewer and fewer resources like outside consultants, and you are doing (and learning) more and more of the work yourself.
Naturally, from a fiscal standpoint, it makes sense to build disaster recovery into your organization's budget, and with monthly subscriptions that range from less than $100 to a few hundred dollars for a cloud-based DR solution, it’s more affordable than you may realize.Disaster Recovery Concepts to Implement in Your BusinessOne reason why many small businesses skip over disaster recovery is a lack of understanding of its basic concepts. The concepts of disaster recovery may have a technical nature, but aren’t as complex as one may believe.The recovery time objective, or RTO, is the maximum desired length of time between an unexpected failure or disaster and the resumption of normal operations and service levels. The RTO defines the length of time that is allowed to pass between system failure and repair before the consequences of the service interruption become unacceptable.The recovery point objective, or RPO, is the maximum amount of data allowed to be lost, measured in time.
It refers to the age of the files or data in backup storage required to resume normal operations if a computer system or network failure occurs. If you have an RPO of 30 minutes, system backups must be performed every half hour to keep the data current.Failovers are designed to allow the system to seamlessly switch to a backup. This serves to reduce or eliminate the impact on users when a system fails.Redundancies are duplicate servers, attached to the network but ran offline. These allow the network to smoothly transition to the redundant server in the event of a main server outage due to traffic spikes, failure, or other issue. It will outline several disaster scenarios, define the detailed responses to each while aiming to keep impact to a minimum.
If you’re maintaining a data center, maintain an off-site failover device to monitor your system health and reroute traffic in real-time, to another data center if your data center experiences failure.ConclusionIn the end, businesses are far safer implementing disaster recovery plans in their operations.
It ensures synchronization of data and backups across distributed infrastructure to keep your business continually running smoothly in the event of hard drive failure, or any other number of IT disasters.
The benefit of a investing either in infrastructure or a monthly subscription – in the case of SME-oriented cloud services – to protect yourself from disaster is definitely worth the investment compared to the potential loss of revenue and the damage to your reputation as a result of downtime or online security issues.

Example of a business disaster plan
Disaster preparedness plan for business
Risk assessment iso
Prepare for tomorrow commercial


  1. 24.05.2015 at 18:58:49

    This particular program is, I went on the the sensible knowledge.

    Author: KaYfUsA
  2. 24.05.2015 at 21:41:21

    The following concerns that sleeping linens, heat generating equipment and and exactly where you can.

    Author: NERPATOLUQ