Disaster Recovery https://store.theartofservice.com/the-disaster-recovery-toolkit.html.

Disaster Recovery

Disaster recovery Disaster recovery (DR) is the process, policies and procedures that are related to preparing for recovery or continuation of technology infrastructure which are vital to an organization after a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems that support business functions, as opposed to business continuity, which involves planning for keeping all aspects of a business functioning in the midst of disruptive events.

Disaster recovery is a subset of business continuity.

Disaster recovery History
Disaster recovery as a concept developed in the mid- to late 1970s as computer center managers began to recognize the dependence of their organizations on their computer systems. At that time most systems were batch-oriented mainframes which in many cases could be down for a number of days before significant damage would be done to the organization.

As awareness of disaster recovery grew, an industry developed to provide backup computer centers, with Sun Information Systems (which later became Sungard Availability Systems) becoming the first major US commercial hot site vendor, established in 1978 in Philadelphia.

During the 1980s and 1990s, IT disaster recovery awareness and the disaster recovery industry grew rapidly, driven by the advent of open systems and real-time processing (which increased the dependence of organizations on their IT systems). Another driving force in the growth of the industry was increasing government regulations mandating business continuity and disaster recovery plans for organizations in various sectors of the economy.

This increasing dependence on IT systems, as well as increased awareness from large-scale disasters such as 9/11, contributed to the further growth of various disaster recovery related industries, from high-availability solutions to hot-site facilities.

Disaster recovery Classification of disasters
Disasters can be classified into two broad categories

Disaster recovery Importance of disaster recovery planning
Recent research supports the idea that implementing a more holistic pre-disaster planning approach is more cost-effective in the long run. Every $1 spent on hazard mitigation(such as a disaster recovery plan)saves society $4 in response and recovery costs.

Disaster recovery Importance of disaster recovery planning
As IT systems have become increasingly critical to the smooth operation of a company, and arguably the economy as a whole, the importance of ensuring the continued operation of those systems, and their rapid recovery, has increased

Disaster recovery Control measures
Control measures are steps or mechanisms that can reduce or eliminate various threats for organizations. Different types of measures can be included in disaster recovery plan (DRP).

A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.

IT disaster recovery control measures can be classified into the following three types:

Preventive measures - Controls aimed at preventing an event from occurring.

Detective measures - Controls aimed at detecting or discovering unwanted events.

Corrective measures - Controls aimed at correcting or restoring the system after a disaster or an event.

Good disaster recovery plan measures dictate that these three types of controls be documented and tested regularly.

Disaster recovery Strategies
Prior to selecting a disaster recovery strategy, a disaster recovery planner first refers to their organization's business continuity plan which should indicate the key metrics of recovery point objective (RPO) and recovery time objective (RTO) for various business processes (such as the process to run payroll, generate an order, etc.). The metrics specified for the business processes are then mapped to the underlying IT systems and infrastructure that support those processes.

A cost-benefit analysis often dictates which disaster recovery measures are implemented.

Some of the most common strategies for data protection include:

backups made to tape and sent off-site at regular intervals

backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk

replication of data to an off-site location, which overcomes the need to restore the data (only the systems then need to be restored or synchronized), often making use of storage area network (SAN) technology

Hybrid Cloud solutions that replicate to both on-site 'appliances' and off-site data centers. These solutions provide the ability to instantly fail-over to local on-site hardware, but in the event of a physical disaster, servers can be brought up in the cloud data centers as well. Two such examples are Quorom or EverSafe.

the use of high availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data, even after a disaster (often associated with cloud storage)

In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities, increasingly via cloud computing.

In addition to preparing for the need to recover systems, organizations also implement precautionary measures with the objective of preventing a disaster in the first place. These may include:

local mirrors of systems and/or data and use of disk protection technology such as RAID

surge protectors — to minimize the effect of power surges on delicate electronic equipment

use of an uninterruptible power supply (UPS) and/or backup generator to keep systems going in the event of a power failure

fire prevention/mitigation systems such as alarms and fire extinguishers

anti-virus software and other security measures

Disaster recovery Further reading
ISO/IEC 22301:2012 (replacement of BS-25999:2007) Societal Security - Business Continuity Management Systems - Requirements

ISO/IEC 27001:2005 (formerly BS :2002) Information Security Management System

ISO/IEC 27002:2005 (remunerated ISO17999:2005) Information Security Management - Code of Practice

ISO/IEC 22399:2007 Guideline for incident preparedness and operational continuity management

ISO/IEC 24762:2008 Guidelines for information and communications technology disaster recovery services

IWA 5:2006 Emergency Preparedness—British Standards Institution --

BS :2006 Business Continuity Management Part 1: Code of practice

BS :2007 Business Continuity Management Part 2: Specification

BS 25777:2008 Information and communications technology continuity management - Code of practice—Others --

"A Guide to Business Continuity Planning" by James C. Barnes

"Business Continuity Planning", A Step-by-Step Guide with Planning Forms on CDROM by Kenneth L Fulmer

"Disaster Survival Planning: A Practical Guide for Businesses" by Judy Bell

Harney, J.(2004). Business continuity and disaster recovery: Back up or shut down.

Dimattia, S. (November 15, 2001).Planning for Continuity. Library Journal,32-34.

Information security - Disaster recovery planning
Disaster recovery planning includes establishing a planning group, performing risk assessment, establishing priorities, developing recovery strategies, preparing inventories and documentation of the plan, developing verification criteria and procedure, and lastly implementing the plan.

Hardware virtualization - Hardware virtualization disaster recovery
A disaster recovery (DR) plan is good business practice for a hardware virtualization platform solution

Tape backup for software data long-term archival needs

This common method can be used to store data offsite but can be a difficult and lengthy process to recover your data. Tape backup data is only as good as the latest copy stored. Tape backup methods will require a backup device and ongoing storage material.

The implementation of this method will require control software and storage capacity for application and data file storage replication typically on the same site. The data is replicated on a different disk partition or separate disk device and can be a scheduled activity for most servers and is implemented more for database-type applications.

This solution provides the highest level of disaster recovery protection for a hardware virtualization solutions providing duplicate hardware and software replication in two distinct geographic areas.

EC-Council - Disaster Recovery and Business Continuity
EC-Council Disaster Recovery Professional (EDRP)

Disaster recovery and business continuity auditing

Disaster recovery (DR) and business continuity refers to an organization’s ability to recover from a disaster and/or unexpected event and resume operations. Organizations often have a plan in place (usually referred to as a "Disaster Recovery Plan", or "Business Continuity Plan") that outlines how a recovery will be accomplished. The key to successful disaster recovery is to have a plan (emergency plan, disaster recovery plan, continuity plan) well before disaster ever strikes.

Successful disaster recovery audits clear state their objectives in an audit plan.

Disaster recovery and business continuity auditing - Metrics
Some of the key metrics to be measured in a disaster recovery environment are the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO is a metric that measures the time that it takes for a system to be completely up and running in the event of a disaster. RPO measures the ability to recover files by specifying a point in time restore of the backup copy.

Disaster recovery and business continuity auditing - Mission statement
A disaster recovery mission statement is used to identify the purpose and goals of the disaster recovery plan. The mission statement can also help an auditor obtain a better understanding of the organization’s environment. An auditor examined the mission statement to determine the objectives, priorities, and goals of the disaster recovery plan.

Disaster recovery and business continuity auditing - The DR committee and auditor
A good disaster recovery plan project manager is often someone who has good leadership abilities, strong knowledge of company business, strong knowledge of management processes, experience and knowledge in information technology and security, and of course, good project management skills

An auditor is assigned to examine and assess the project manager and deputy project manager’s training, experience, and abilities as well as to analyze the capabilities of the team members to complete assigned tasks and that more than one individual is trained and capable of doing a particular function. Tests and inquiries of personnel can help achieve this objective.

Some of the techniques used to determine such consistency are direct observation of procedures, examination of the disaster recovery plan, and inquiries of personnel.

Disaster recovery and business continuity auditing - Documentation
In addition, the plan must also be readily available as well, since digging for a hard-to-find or misplaced disaster recovery plan at a time of a disaster can complicate the effect of the disaster

Disaster recovery and business continuity auditing - Site designation
A review of the disaster recovery plan generally involves examining and testing the procedures included, conducting outside research relating to Disaster recovery, determining reasonable standards relating to implementation, and touring, examining, and researching the outside facility.

Disaster recovery and business continuity auditing - Site designation
The auditor can verify this through paper and paperless documentation and actual physical observation. Testing of the backups and procedures is also performed to confirm data integrity and effective processes. The security of the storage site is also confirmed.

Disaster recovery and business continuity auditing - Data backup
Data backups are central to any disaster recovery plan. An audit of backup processes determines if (a) they are effective, and (b) if they are actually being implemented by the involved personnel. Some techniques that are used to accomplish this include direct observation of the processes in question, analyzing and researching the backup equipment used, conducting computer-assisted audit techniques and tests, examining of paper and paperless records.

Disaster recovery and business continuity auditing - Data backup
The continual backing up of data and systems can help minimize the impact of threats. Even so, the disaster recovery plan also includes information on how best to recover any data that has not been copied. Controls and protections are put in place to ensure that data is not damaged, altered, or destroyed during this process. Information technology experts and procedures need to be identified that can accomplish this endeavor. Vendor manuals can also assist in determining how best to proceed.

Disaster recovery and business continuity auditing - Drills
Practice drills conducted periodically to determine how effective the plan is and to determine what changes may be necessary. The auditor’s primary concern here is verifying that these drills are being conducted properly and that problems uncovered during these drills are addressed and procedures designed to deal with these potential deficiencies are implemented and tested to determine their effectiveness.

Disaster recovery and business continuity auditing - Backup of key personnel
A disaster recovery plan includes clearly written policies and specific communication with employees to ensure that both regular and replacement personnel is selected, documented, and informed should a disaster occur

Disaster recovery and business continuity auditing - Insurance issues
The auditor determines the adequacy of the company's insurance coverage (particularly property and casualty insurance) through a review of the company's insurance policies and other research

Disaster recovery and business continuity auditing - Insurance issues
Effective DR plans take into account the extent of a company's responsibilities to other entities and its ability to fulfill those commitments despite a major disaster

Disaster recovery and business continuity auditing - Communication issues
The disaster recovery evaluates these procedures and assumptions to determine if they are reasonable and likely to be effective

Disaster recovery and business continuity auditing - Emergency procedures
Procedures to sustain staff during a round-the clock disaster recovery effort are included in any good disaster recovery plan

Disaster recovery and business continuity auditing - Environmental issues
Disaster recovery plans may also involve procedures that take into account the possibility of power failures or other situations that are of a non-IT nature

Newton (platform) - Package installation, capacity planning, and disaster recovery
Several software utilities which accommodate data transfer to and from a host system exist for the following platforms:

Telephone exchange - Fire and disaster recovery
In July 1951, during massive flooding in Kansas and Missouri, a manual switchboard in Manhattan, Kansas was abandoned as water levels rose in the central office; operators regained access to the town's four trunk lines from a local filling station on higher ground to send emergency messages and radiotelephone was used to bypass damaged facilities.

On February 27, 1975 a fire at New York Telephone's building at 204 Second Avenue (at East 13th Street) in Manhattan destroyed the main distribution frame and damaged much of the underground cabling, disconnecting subscribers. This office connects many circuits to Brooklyn which were disrupted. Equipment was redirected from other Bell System operating companies in multiple US states to establish temporary service and rebuild the destroyed exchange.

In 1978, a central office fire in Mebane, North Carolina knocked out every one of the small community's 3900 phones.

In May 1988, a central office fire in the Chicago suburb of Hinsdale, Illinois knocked out local subscribers, broke the link between the FAA and air traffic control at Chicago O'Hare International Airport (then the world's busiest) and disrupted the Midwest's ability to communicate with the rest of the country

In 1991, all twenty-eight exchanges serving Kuwait were out of service in the wake of a 1990 invasion by Iraq; equipment had been looted and central offices destroyed. Service was initially restored via satellite.

On September 11, 2001 a terrorist attack destroyed a central office in the World Trade Center in New York City and heavily damaged an adjacent exchange. The Verizon Building at 140 West Street was restored by 3500 workers at a cost of $1.2 billion, after voice lines and three million data circuits had been knocked out of operation.

The central exchange, due to the system's design, is almost always a single point of failure for local calls

Telecom switch - Fire and disaster recovery
In July 1951, during Great Flood of 1951|massive flooding in Kansas and Missouri, a manual switchboard in Manhattan, Kansas was abandoned as water levels rose in the central office; operators regained access to the town's four trunk lines from a local filling station on higher ground to send emergency messages and radiotelephone was used to bypass damaged facilities.

On February 27, 1975 a fire at New York Telephone's building at 204 Second Avenue (Manhattan)|Second Avenue (at East 13th Street) in Manhattan destroyed the main distribution frame and damaged much of the underground cabling, New York Telephone#Service crisis|disconnecting subscribers

In May 1988, a central office fire in the Chicago suburb of Hinsdale, Illinois knocked out local subscribers, broke the link between the Federal Aviation Administration|FAA and air traffic control at O'Hare International Airport|Chicago O'Hare International Airport (then the world's busiest) and disrupted the Midwest's ability to communicate with the rest of the country

In 1991, all twenty-eight exchanges serving Kuwait were out of service in the wake of a 1990 Invasion of Kuwait|invasion by Iraq; equipment had been looted and central offices destroyed. Service was initially restored via communications satellite|satellite.

On September 11, 2001 a terrorist attacks of September 11, 2001|terrorist attack destroyed a central office in the World Trade Center in New York City and heavily damaged an adjacent exchange. The Verizon Building at 140 West Street was restored by 3500 workers at a cost of US dollar|$1.2 billion, after voice lines and three million data circuits had been knocked out of operation.

Platform virtualization - Hardware virtualization disaster recovery
; Tape backup for software data long-term archival needs : This common method can be used to store data offsite but can be a difficult and lengthy process to recover your data. Tape backup data is only as good as the latest copy stored. Tape backup methods will require a backup device and ongoing storage material.

; Whole-file and application replication : The implementation of this method will require control software and storage capacity for application and data file storage replication typically on the same site. The data is replicated on a different disk partition or separate disk device and can be a scheduled activity for most servers and is implemented more for database-type applications.

; Hardware and software redundancy : This solution provides the highest level of disaster recovery protection for a hardware virtualization solutions providing duplicate hardware and software replication in two distinct geographic areas.

New Orleans, Louisiana - Post-disaster recovery
Because of the scale of damage, many people settled permanently outside the city in other areas where they had evacuated, as in Houston

Several major tourist events and other forms of revenue for the city have returned

Major annual events such as New Orleans Mardi Gras|Mardi Gras and the New Orleans Jazz Heritage Festival|Jazz Heritage Festival were never displaced or cancelled. Also, an entirely new annual festival, The Running of the Bulls New Orleans, was created in 2007.[ Nola.com], New Orleans

Disaster Recovery Advisor
The 'Disaster Recovery Advisor' ('DRA' or 'CC DRA') is a proprietary software|proprietary disaster recovery and high availability management system from Symantec. It is available for Microsoft Windows|Windows, AIX Operating System|AIX, Solaris (operating system)|Solaris, Linux, and HP-UX. It offers vulnerability detection and optimization functionalities to complement disaster recovery testing and guarantee recovery point objective and recovery time objective.

Seven tiers of disaster recovery
IBM also aided in the development of the model.[ Disaster Recovery Levels.] Robert Kern and Victor Peltz

Seven tiers of disaster recovery
The definitions for the various Tiers have been updated as technology has evolved in support of today's business requirements and their associated Recovery Time Objective (RTO) and Recovery Point Objective (RPO).[ Business Continuity: The 7-tiers of Disaster Recovery.] Recovery Specialties

Seven tiers of disaster recovery - Tier levels
The seven tiers of business continuity solutions offer a simple method to define current service levels and associated risks.[ Continuous Operations: The Seven Tiers of Disaster Recovery.] Mary Hall

Seven tiers of disaster recovery - Tier 0: No off-site data – Possibly no recovery
Businesses with a Tier 0 business continuity solution have no business continuity plan. There is no saved information, no documentation, no backup hardware, and no contingency plan. The time necessary to recover in this instance is unpredictable. In fact, it may not be possible to recover at all.

Seven tiers of disaster recovery - Tier 1: Data backup with no hot site
Businesses that use Tier 1 continuity solutions back up their data and send these backups to an off-site storage facility. The method of transporting these backups is often referred to as PTAM - the Pick-up Truck Access Method. Depending on how often backups are created and shipped, these organizations must be prepared to accept several days to weeks of data loss, but their backups are secure off-site. However, this tier lacks the systems on which to restore data.

Seven tiers of disaster recovery - Tier 2: Data backup with a hot site
Businesses using Tier 2 business continuity solutions make regular backups on tape. This is combined with an off-site facility and infrastructure (known as a hot site) in which to restore systems from those tapes in the event of a disaster. This solution will still result in the need to recreate several hours or even days' worth of data, but the recovery time is more predictable.

Seven tiers of disaster recovery - Tier 3: Electronic vaulting
Tier 3 solutions build on the components of Tier 2

Seven tiers of disaster recovery - Tier 4: Point-in-time copies
Tier 4 solutions are used by businesses that require both greater data currency and faster recovery than users of lower tiers. Rather than relying largely on shipping tape, as is common on the lower tiers, Tier 4 solutions begin to incorporate more disk based solutions. Several hours of data loss is still possible, but it is easier to make such point-in-time (PiT) copies with greater frequency than tape backups even when electronically vaulted.

Seven tiers of disaster recovery - Tier 5: Transaction integrity
Tier 5 solutions are used by businesses with a requirement for consistency of data between the production and recovery data centers. There is little to no data loss in such solutions; however, the presence of this functionality is entirely dependent on the application in use.

Seven tiers of disaster recovery - Tier 6: Zero or near-zero data loss
Tier 6 business continuity solutions maintain the highest levels of data currency. They are used by businesses with little or no tolerance for data loss and who need to restore data to applications rapidly. These solutions have no dependence on the applications or applications staffs to provide data consistency.

Tier 6 solutions often require some form of Disk mirroring. There are various synchronous and asynchronous solutions available from the Mainframe computer|mainframe storage vendors. Each solution is somewhat different, offering different capabilities and providing different Recovery Point Objective|Recovery Point and Recovery Time Objective|Recovery Time objectives.

Often some form of automated tape solution is also required. However, this can vary somewhat depending on the amount and type of data residing on tape.

Seven tiers of disaster recovery - Tier 7: Highly automated, business integrated solution
Tier 7 solutions include all the major components being used for a Tier 6 solution with the additional integration of automation. This allows a Tier 7 solution to ensure consistency of data above that which is granted by Tier 6 solutions. Additionally, recovery of the applications is automated, allowing for restoration of systems and applications much faster and more reliably than would be possible through manual business continuity procedures.

Seven tiers of disaster recovery - Other schemes
2003.[ iSCSI-based Storage Area Networks for Disaster Recovery Operations.] Matthew R

Disaster recovery plan
A 'disaster recovery plan' (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster

Disaster recovery plan
Given organizations' increasing dependency on information technology to run their operations, a disaster recovery plan, sometimes erroneously called a 'Continuity of Operations|continuity of operations plan (COOP)', is increasingly associated with the recovery of information technology data, assets, and facilities.

Disaster recovery plan - Objectives
The objective of a disaster recovery plan is to minimize downtime and data loss.[ An Overview of the Disaster Recovery Planning Process - From Start to Finish.] Comprehensive Consulting Solutions Inc

Disaster recovery plan - Objectives
The recovery time objective is the time within which a business process must be restored, after a disaster|major incident (MI) has occurred, in order to avoid unacceptable consequences associated with a break in business continuity

Disaster recovery plan - Relationship to the Business Continuity Plan
The Institute further states that a Business Continuity Plan (BCP) consists of the five component plans:[ The Disaster Recovery Plan.] Chad Bahan

* Business Resumption Plan

* Continuity of Operations Plan

They further state that the Incident Management Plan (IMP) does deal with the IT infrastructure, but since it establishes structure and procedures to address cyber attacks against an organization’s IT systems, it generally does not represent an agent for activating the Disaster Recovery Plan, leaving The Disaster Recovery Plan as the only BCP component of interest to IT.

The Disaster Recovery Institute International states that disaster recovery is the area of business continuity that deals with technology recovery as opposed to the recovery of business operations.Disaster Recovery Institute International. Course BCLE Participant Guide: Professional Practice 6. Page

Disaster recovery plan - Benefits
Like every insurance plan, there are benefits that can be obtained from the drafting of a disaster recovery plan. Some of these benefits are:

* Providing a sense of security

* Guaranteeing the reliability of standby systems

* Minimizing decision-making during a disaster

* Reducing potential legal liabilities

* Lowering unnecessarily stressful work environment

Disaster recovery plan - Types of plans
Corrective measures may include keeping critical documents in the Disaster Recovery Plan or securing proper insurance policy|insurance policies, after a lessons learned brainstorming session.[ Disaster Recovery Business Continuity Plans.] Stone Crossing Solutions

Disaster recovery plan - Types of plans
A disaster recovery plan must answer at least three basic questions: (1) what is its objective and purpose, (2) who will be the people or teams who will be responsible in case any disruptions happen, and (3) what will these people do (the procedures to be followed) when the disaster strikes.[ Disaster Recovery – Benefits of Getting Disaster Planning Software and Template and Contracting with Companies Offering Data Disaster Recovery Plans, Solutions and Services: Why Would You Need a Disaster Recovery Plan?.] Continuity Compliance

Disaster recovery plan - Types of disasters
Disasters can be Natural disaster|natural or Anthropogenic hazard|man-made. Man-made disasters could be intentional (for example, sabotage or an act of terrorism) or unintentional (that is, accidental, such as the breakage of a man-made dam). Disasters may encompass more than weather. They may involve Internet threats or take on other man-made manifestations such as theft.

Disaster recovery plan - Natural disaster
A natural disaster is a major adverse event resulting from the earth's natural hazards. Examples of natural disasters are floods, tsunamis, tornadoes, hurricane|hurricanes/cyclones, volcanic eruptions, earthquakes, heat waves, and landslides. Other types of disasters include the more End time|cosmic scenario of an Impact event|asteroid hitting the Earth.

Disaster recovery plan - Man-made disasters
Man-made disasters are the consequence of technological or human hazards. Examples include stampedes, fire|urban fires, industrial accidents, oil spills, nuclear explosions/nuclear radiation and acts of war. Other types of man-made disasters include the more cosmic scenarios of catastrophic global warming, nuclear war, and bioterrorism.

The following table categorizes some disasters and notes first response initiatives. Note that whereas the sources of a disaster may be natural (for example, heavy rains) or man-made (for example, a broken dam), the results may be similar (flooding).[ Business Continuity Planning (BCP): Sample Plan For Nonprofit Organizations.] Pages Retrieved 8 August 2012.

In the realm of information technology per se, disasters may also be the result of a computer security exploit. Some of these are: computer viruses, cyberattacks, denial-of-service attacks, hacker (computer security)|hacking, and malware exploits. These are ordinarily attended to by information security experts.

Disaster recovery plan - Planning methodology
According to Geoffrey H. Wold of the Disaster Recovery Journal, the entire process involved in developing a Disaster Recovery Plan consists of 10 steps:

Disaster recovery plan - Obtaining top management commitment
Management is responsible for coordinating the disaster recovery plan and ensuring its effectiveness within the organization

Disaster recovery plan - Establishing a planning committee
A planning committee is appointed to oversee the development and implementation of the plan. The planning committee includes representatives from all functional areas of the organization. Key committee members customarily include the operations manager and the data processing manager. The committee also defines the scope of the plan.

Disaster recovery plan - Performing a risk assessment
The planning committee prepares a Probabilistic risk assessment|risk analysis and a business impact analysis (BIA) that includes a range of possible disasters, including natural, technical and human threats

Disaster recovery plan - Establishing priorities for processing and operations
At this point, the critical needs of each department within the organization are evaluated in order to prioritize them

Disaster recovery plan - Establishing priorities for processing and operations
Processing and operations are analyzed to determine the maximum amount of time that the department and organization can operate without each critical system

Disaster recovery plan - Determining recovery strategies
During this phase, the most practical alternatives for processing in case of a disaster are researched and evaluated. All aspects of the organization are considered, including Building|physical facilities, computer hardware and software, communications links, data files and databases, customer services provided, user operations, the overall management information systems (MIS) structure, end-user systems, and any other processing operations.

Alternatives, dependent upon the evaluation of the computer function, may include: hot sites, warm sites, cold sites, reciprocal agreement (disaster preparedness)|reciprocal agreements, the provision of more than one data center, the installation and deployment of multiple computer system, duplication of service center, consortium arrangements, lease of equipment, and any combinations of the above.

Written Contract|agreements for the specific recovery alternatives selected are prepared, specifying contract duration, termination conditions, system testing, cost, any special security procedures, procedure for the notification of system changes, hours of operation, the specific hardware and other equipment required for processing, personnel requirements, definition of the circumstances constituting an emergency, process to negotiate service extensions, guarantee of Computer compatibility|compatibility, availability, non-mainframe resource requirements, priorities, and other contractual issues.

Disaster recovery plan - Collecting data
In this phase, data collection takes place. Among the recommended data gathering materials and documentation often included are

Disaster recovery plan - Collecting data
various lists (employee backup position listing, critical telephone numbers list, master call list, master vendor list, notification checklist), inventories (communications equipment, documentation, office equipment, forms, insurance policy|insurance policies, workgroup and data center computer hardware, microcomputer hardware and software, office supplies|office supply, off-site storage location equipment, telephones, etc.), distribution register, software and data files backup/retention schedules, temporary location specifications, any other such other lists, materials, inventories and documentation

Disaster recovery plan - Organizing and documenting a written plan
Next, an outline of the plan’s contents is prepared to guide the development of the detailed procedures

It is often considered best practice to develop a standard format for the disaster recovery plan so as to facilitate the writing of detailed procedures and the documentation of other information to be included in the plan later. This helps ensure that the disaster plan follows a consistent format and allows for its ongoing future maintenance. Standardization is also important if more than one person is involved in writing the procedures.

The disaster recovery plan is structured using a team approach

The structure of the contingency organization may not be the same as the existing organization chart. The contingency organization is usually structured with teams responsible for major functional areas such as administrative functions, facilities, logistics, user support, computer backup, restoration, and any other important area.

The management team is especially important because it coordinates the recovery process

Disaster recovery plan - Developing testing criteria and procedures
Best practices dictate that DR plans be thoroughly tested and evaluated on a regular basis (at least annually). Thorough DR plans include documentation with the procedures for testing the plan. The tests will provide the organization with the assurance that all necessary steps are included in the plan. Other reasons for testing include:

* Determining the feasibility and compatibility of backup facilities and procedures.

* Providing motivation for maintaining and updating the disaster recovery plan.

Disaster recovery plan - Testing the plan
After testing procedures have been completed, an initial Dry run (testing)|dry run of the plan is performed by conducting a structured walk-through test

Disaster recovery plan - Testing the plan
Types of tests include: checklist tests, simulation tests, parallel tests, and full interruption tests.

Disaster recovery plan - Obtaining plan approval
Once the disaster recovery plan has been written and tested, the plan is then submitted to management for approval. It is top management’s ultimate responsibility that the organization has a documented and tested plan. Management is responsible for (1) establishing the policies, procedures and responsibilities for comprehensive contingency planning, and (2) reviewing and approving the contingency plan annually, documenting such reviews in writing.

Disaster recovery plan - Obtaining plan approval
Organizations that receive information processing from service bureaus will, in addition, also need to (1) evaluate the adequacy of contingency plans for its service bureau, and (2)ensure that its contingency plan is compatible with its service bureau’s plan.

Disaster recovery plan - Caveats/controversies
Due to its high cost, disaster recovery plans are not without critics. Cormac Foster has identified five common mistakes organizations often make related to disaster recovery planning:[ Five Mistakes That Can Kill a Disaster Recovery Plan. In archive.org] Cormac Foster. Dell Corporation. 25 October Retrieved 8 August 2012.

Disaster recovery plan - Lack of buy-in
One factor is the perception by executive management that DR planning is just another fake earthquake drill or CEOs that fail to make DR planning and preparation a priority, are often significant contributors to the failure of a DR plan.

Disaster recovery plan - Incomplete RTOs and RPOs
Another critical point is failure to include each and every important business process or a block of data

Disaster recovery plan - Systems myopia
A third point of failure involves focusing only on DR without considering the larger business continuity needs: Data and systems restoration after a disaster are essential, but every business process in your organization will need IT support, and that support requires planning and resources

Disaster recovery plan - Lax security
As such, security can be more important than the raw speed involved in a disaster recovery plan's RTO

Disaster recovery plan - Outdated plans
To stay relevant, disaster recovery plans should be an integral part of all business analysis processes, and should be revisited at every major corporate acquisition, at every new product launch and at every new system development milestone.

Disaster recovery plan - Off-the-shelf DRP software
Additionally, there are online outlets that provide templates and other disaster planning tools, which are available for free download.[ Disaster Recovery Plan Template: Free Tools for Disaster Preparedness] Disaster Recovery Plan Template

United States Senate Homeland Security Ad Hoc Subcommittee on Disaster Recovery
The 'Senate Homeland Security and Governmental Affairs Subcommittee on Emergency Management, Intergovernmental Affairs, and the District of Columbia' is one of the four subcommittees within the United States Senate Committee on Homeland Security and Governmental Affairs|Senate Committee on Homeland Security and Governmental Affairs

John Hickenlooper - Disaster recovery
In May 2014, Governor Hickenlooper signed legislation to provide better disaster relief to Coloradans after record setting floods and wildfires had ravaged the state and destroyed homes, schools, roads, and watersheds

Waffle House - Disaster recovery
The ability of a Waffle House to remain open after a severe storm, possibly with a limited menu, is used by FEMA as a measure of disaster recovery known as the Waffle House Index.

For More Information, Visit:
The Art of Service

Disaster Recovery https://store.theartofservice.com/the-disaster-recovery-toolkit.html.

Similar presentations

Presentation on theme: "Disaster Recovery https://store.theartofservice.com/the-disaster-recovery-toolkit.html."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Disaster Recovery https://store.theartofservice.com/the-disaster-recovery-toolkit.html.

Similar presentations

Presentation on theme: "Disaster Recovery https://store.theartofservice.com/the-disaster-recovery-toolkit.html."— Presentation transcript:

Similar presentations

About project

Feedback