ESKITP6034 IT Disaster Recovery Level 4 Role

Transcription

1 Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6034 1

2 Performance criteria You must be able to: Manage the development of IT disaster recovery plans P1 P2 P3 Accurately identify the information and data contained within business continuity management plans that have a consequence on disaster, so that it may be used to inform the development of disaster recovery plans Correctly document the potential implications of disaster recovery plans on business continuity management activities and communicate regularly with those individuals involved in business continuity management within the wider organisation Correctly apply information contained within risk registers, risk assessments, vulnerability and threat assessments to inform disaster recovery plans for an organisation Carry out IT disaster You must be able to: P4 P5 P6 P7 Critically interpret the information and data contained within configuration and other operational documents in order to establish the interdependencies of IT/technology systems, services and assets Verify the accuracy, currency, completeness and relevance of all relevant information collected, used produced and stored during disaster Correctly follow disaster recovery plans in order to conduct tests, dry runs and execute action in real life disaster scenarios, documenting the results and outcomes Apply relevant and applicable learning from disaster recovery testing and dry runs in order to improve the effectiveness of disaster recovery plans Assist the management of IT disaster You must be able to: P8 P9 Regularly source and gather all relevant information relating to the external environment, including legislation, regulations, external standards, market forces and technology in order to keep disaster recovery plans current, complete and accurate Routinely monitor internal and external changes that may trigger an update to disaster recovery plans P10 Clearly communicate updates required to the disaster recovery plan, and document changes made to it, to a wide range of sponsors, stakeholders and other internal and external individuals and bodies P11 Provide clear and accurate information to sponsors, stakeholders and external bodies and individuals, on the implications and consequences of an IT/technology disaster, communicating the importance of relevance of disaster ESKITP6034 2

3 Knowledge and understanding You need to know and understand: Manage the development of IT disaster recovery plans K1 Identify and select K1.1 Possible disaster scenarios that may impact on an organisation K1.2 The information and data contained within business continuity management plans that have a consequence on disaster recovery activities K1.3 The range of issues associated with disaster recovery scenarios K2 Source and collate K2.1 Information relating to the consequences of an IT/technology disaster on the brand, reputation and the operational effectiveness of an organisation K2.2 Information relating to the individuals responsible for leading disaster K2.3 Information relating to the named individuals and their roles within disaster recovery plans and activities K2.4 Information relating to sponsors, stakeholders, external bodies and individuals who need to be informed in the event of a disaster K2.5 Information relating to business requirements and criteria for restoration of specific IT/technology systems, services and assets to support ongoing operation of an organisation K2.6 Changes to IT/technology systems, services and assets, the business use of them and/or changes to the individuals involved in disaster that will trigger an update to disaster recovery plans K2.7 Information relating to the external environment, including legislation, regulations, external standards, market forces and technology in order to keep disaster recovery plans current, complete and accurate K2.8 Other information from internal and external sources relevant to disaster K3 Document: K3.1 Disaster recovery strategy, policies, tools and techniques K3.2 The potential implications of disaster recovery plans on business continuity management activities K3.3 The external factors and their implications that may impact on disaster K3.4 Information relating to the individuals responsible for invoking and leading disaster, if invoked K3.5 Information relating to the named individuals and their roles within disaster recovery plans and activities K3.6 information relating to sponsors, stakeholders, external bodies and individuals who need to be informed in the event of a disaster K3.7 the priorities for recovering IT/technology systems, services and assets in a disaster scenario and their relevance to business continuity management K3.8 triggers that may result in the invocation of the disaster recovery plan K3.9 authorised changes to disaster recovery plans K3.10 the results and outcomes from real life disaster K4 What K4.1 Is the difference between disaster recovery (DR) and business ESKITP6034 3

4 continuity management (BCM) activities K4.2 Is the role and relevance of disaster recovery within business continuity management within an organisation K5 What are the K5.1 Range of issues associated with disaster recovery scenarios K5.2 External factors and their implications that may impact on disaster K5.3 Potential implications of failings of integrity, confidentiality and information security during disaster K5.4 Legislation, regulations and external standards that may impact on disaster K5.5 The benefits and disadvantages of using external providers of disaster recovery services K6 Why K6.1 the alignment of disaster recovery work and its deliverables with all relevant legislation, regulations and external standards needs to be monitor K6.2 the alignment of disaster recovery plans with business continuity plans needs to be monitored on an ongoing basis Carry out IT disaster You need to know and understand: K7 Verify the accuracy, currency, completeness and relevance of information collected, used produced and stored during disaster K8 Apply K8.1 Information relating to the business requirements and criteria for restoration of specific IT/technology systems, services and assets to support ongoing operation of an organisation K8.2 Disaster recovery plans in order to conduct tests, dry runs and execute action in real life disaster scenarios K8.3 Information contained within risk registers, risk assessments, vulnerability and threat assessments to inform disaster recovery plans for an organisation K8.4 Information and data contained with business continuity management plans that have a consequence on disaster recovery K8.5 Information relating to sponsors, stakeholders, external bodies and individuals who need to be informed in the event of a disaster K8.6 Information relating to the external environment, including legislation, external standards, market forces and technology in order to keep disaster recovery plans current, complete and accurate K8.7 Learning from disaster recovery testing and dry runs in order to improve the effectiveness of disaster recovery plans K9 Who K9.1 is responsible for leading disaster, if invoked K9.2 might need to be contacted externally in the event of a disaster scenario K9.3 are the key individuals and external providers involved in disaster recovery plans and activities K10 The importance of K10.1 effective disaster recovery planning and management to an organisations brand, reputation and success ESKITP6034 4

5 K10.2 effective disaster recovery planning and management to an organisation s business continuity management activities K10.3 using information and data contained within business risk registers and vulnerability assessments that have an impact on disaster recovery planning K10.4 having a specified management control structure with named individuals and clear communication channels specified within plans for use during disaster K10.5 maintaining integrity and confidentiality during disaster recovery activities K10.6 ensuring that sensitive information is not disclosed inappropriately during disaster Assist the management of IT disaster You need to know and understand: K11 Monitor internal and external changes that may trigger an update to disaster recovery plans K12 Analyse/interpret the information and data contained within configuration and other operational documents in order to establish the interdependencies of it/technology systems services and assets K13 Provide information to sponsors, stakeholders and external bodies and individuals, as appropriate, on the implications and consequences of an it/technology disaster K14 Communicate K14.1 with individuals involved in business continuity management with the wider organisation K14.2 updates required to the disaster recovery plan K14.3 the importance of disaster recovery and its relevance both within the organisation and to other external bodies and individuals K15 The fact that K15.1 The impact of any relevant legislation, regulations and external standards needs to be reflected in disaster and their deliverables K15.2 Disaster recovery plans for as the IT/technology systems, services and assets need to be reviewed and updated regularly K16 The need for monitoring of K16.1 The alignment of disaster recovery work and its deliverables with all relevant legislation, regulations and external standards K16.2 The alignment of disaster recovery plans with business continuity management plans K16.3 Compliance within the organisation to disaster recovery strategy and policies K17 The importance of: K17.1 refreshing disaster recovery plans as IT/technology systems, services and assets within an organisation are added, enhanced or decommissioned, as the business use of them changes and/or the personnel involved in disaster change K17.2 using dry-runs as a means of testing disaster recovery plans K17.3 Reviewing the outcomes of disaster recovery dry-runs and tests K17.4 Updating and adapting disaster recovery plans as a result of the outcomes of dryruns, tests and business change K17.5 Clear, unambiguous and consistent communications with sponsors, ESKITP6034 5

6 stakeholders and external bodies and individuals in all aspects of disaster K17.6 Learning from other potentially disastrous/disastrous scenarios and real life disaster scenarios and applying the learning back to improve own disaster recovery plans K18 The processes, tools and techniques that can be used to monitor the alignment of disaster and their deliverables with all relevant legislation, regulations and external standards ESKITP6034 6

7 Developed by e-skills UK Version number 1 Date approved September 2009 Indicative review date Validity Status Originating organisation March 2014 Current Original e-skills UK Original URN 6034 Relevant occupations Suite Key words Information and Communication Technology; Systems Support IT and Telecoms System recovery; Backup; Disaster planning ESKITP6034 7