Presentation on theme: "Disaster Recovery The People Dimension. Today’s Agenda Why bother with any Disaster Recovery/Business Continuity Planning? Importance of the People Factor."— Presentation transcript:
Today’s Agenda Why bother with any Disaster Recovery/Business Continuity Planning? Importance of the People Factor Disaster Recovery Components and SME’s
Question? Who has any Disaster Recovery plans? What does it involve? Data Equipment Location People What’s the most important?
Why bother with Disaster Recovery? Reassurance (that if it happens you’re ready!) Technology recovery alone is not sufficient Insurance policies starting to insist upon a robust proven plan Allows a more structured approach to spending and investment Approx 80% of business’s with no tested DR plan went bust post 9/11
Disaster Recovery Components DR plan should consist of instructions for: Routine data backup. Data security Plan should contain checklists, reference documents and worksheets and recovery worksheets Plan should be designed so there is no need to read every word – Simplicity! People have to implement it!!
Importance of the People Factor Business Continuity Institute Study Good progress on technology recovery but need to train staff Many plans flawed due to emphasis on technology Problem particularly acute among small and medium sized companies 43% of SME’s do not have or test their Disaster Recovery plans (or train their staff on what to do in the event!!)
Importance of the People Factor IT Disaster Recovery itself is not enough!! Not just data backups Who keeps them and where? Need to have business processes and procedures written down so they can be duplicated Not just standby hardware What software does it need and where is it? At least some testing to see how people and processes interact with IT systems in a DR situation Not just a standby office/home office Are the appropriate links in place and tested. People have to implement it!!
What should we all do? Understand and record our business processes. Know how they integrate with and rely on IT. Understand the real risks of something going wrong? What are the minimum actions and activities needed to keep the business going.
Why should you do it. The fundamentals IT vs. Business Processes Information vs. Business Continuity Survival vs. bankruptcy The risks Accepting risk may be appropriate where its elimination too costly Knowing your business enables spending only where needed Staff need to know what to do if it happens People have to implement it!!
What you need to know Inventory and Minimum Acceptable Recovery Configuration – Designed to show your entire hardware inventory and what inventory will be required in the event of a disaster Operating System/Application Matrix – Lists all Operating Systems and applications running on the hardware Software List and Documentation Worksheet – Lists software, records or documentation required to recover from disaster and who holds them (location)
What you need to know (cont) Server Recovery Worksheet – One per server and gives all necessary information required to recover a server that is deemed necessary in MARC worksheet Internal and External Contacts/Location Report – Lists all internal/external staff or organisations that could be required to recover from an IT disaster Personnel contact list (mobiles) IT Support company ISP (Internet Service Provider) Telecoms Co. Who is going to do what, where!! People have to implement it!!
So you are Safe This check list is there for you now BUT…….. DO you have your data DO you have alternative IT facilities? HAVE a basic plan on what you will do in the various business/functional areas HAVE a means of communicating with: Your staff Another location(s) Which takes us back to where we started !!
Conclusion? Perform at least a basic risk assessment of equipment and processes Ensure staff understand their role and procedures in case of a disaster At the very minimum produce planning worksheets for IT equipment and applications Test Disaster Recovery Plan (at least once!)