How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Size: px
Start display at page:

Download "How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%."

Transcription

1 How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%.

2 TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN CHAPTER WRITING A DISASTER RECOVERY PLAN CHAPTER NEED HELP PROTECTING YOUR BUSINESS FROM DISASTER? CHAPTER WHY YOU SHOULD READ THIS GUIDE carefully documented so responders Disasters can strike at any time with have a usable reference that they can devastating results. Companies must use to make decisions quickly. take the proper steps to prepare for the worst in order to minimise damages. The START BY OUTLINING GOALS best way to do this is to prepare a written The first step in creating any effective and verbal Disaster Recovery Plan (DRP). plan is to outline goals. Make a This guide will help you write your formal prioritised list of what the plan should DRP. This is a critical step in preparing for accomplish. Some ideas to start with disaster, improving employee response, could be: reducing downtime, and quickly returning to normalcy. Employee safety Equipment safety ABOUT THE AUTHOR WELL-DOCUMENTED PLANS ARE CRUCIAL FOR EFFECTIVE DISASTER Minimising downtime Cutting unnecessary overhead Volker Rath is a hosting and cloud expert at Macquarie Telecom. In this primarily RESPONSE customer-facing role, he analyses the market and customer needs, provides Disaster Recovery Plans can REVIEW THE CURRENT SITUATION feedback to the product teams, and influences the hosting and cloud strategies of significantly reduce downtime and Many companies have an informal Australia s leading business hosting and telecommunications provider. losses. To be effective, they must be DRP in place before they create their SUMMARY P2

3 official plan. Assess what is currently being done, what can be cut, and what can be implemented in the final plan. DEVELOP AND WRITE YOUR PLAN After you have assessed the situation and outlined your goals, you are ready to create a DRP that can effectively minimise the negative effects of a disaster. Develop your strategies by using this guide as a starting point, then draft a concise, clear plan that you can train employees with. REVIEW YOUR PLAN After the plan has been created, it is critical that it be reviewed at regular intervals. This helps incorporate for changing technologies and environments and ensures that the plan continues to be as effective as it was on the day it was created. DEVELOP YOUR STRATEGIES BY USING THIS GUIDE AS A STARTING POINT, THEN DRAFT A CONCISE, CLEAR PLAN THAT YOU CAN TRAIN EMPLOYEES WITH. SUMMARY P3

4 CHAPTER WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? is in place to back up, restore, and protect data in the event of a disaster. Resume operations quickly - Catastrophes can lead to extended and costly downtime. The average hourly cost of downtime ranges from $84,000 to $108,000. Between» Prevent damage to company image - When customers cannot access your website and services, they often move on to your competitors. Fifty percent of companies say that IT outages damage their reputation, leading to future loss of business. [3] You can minimise the negative lost revenue, reduced customer effects of disaster by empowering satisfaction, and lost man hours, your employees with this invaluable downtime can have a major disaster response tool. The next financial impact on an organisation. section will go into detail about how A Disaster Recovery Plan (DRP) is a set of guidelines for disaster DRPS HELP MINIMISE THE EFFECTS OF DISASTER Creating a plan for faster response can greatly reduce the length of downtime in the event of a disaster. [1] you can start the process of writing your DRP. response. Its goal is to restore IT operations and help your company DRPs have many benefits including Protect valuable assets - An recover from a disaster as quickly reduced financial losses, decreased organisation s IT infrastructure can as possible. Effective DRPs will downtime, and improved employee be worth hundreds of thousands, if significantly reduce losses from morale. They allow systems to be not millions of dollars. [2] Protecting damaged equipment and downtime. protected, operations to resume these assets from fire, flood, and quickly, and staff to respond promptly other disasters should be one of the Although the two are commonly and effectively after an incident. primary goals of your plan. confused, a DRP differs from a Business Continuity Plan (BCP). A DRP focuses only on returning IT infrastructure to normalcy, whereas a BCP deals with all business operations. A DRP can: Prevent the loss of critical data - One of the important considerations when planning for a disaster is data protection. Companies that store sensitive or mission critical data need to ensure that a plan Reduce risk of employee injury - A company s most valuable asset is its employees. A DRP can help ensure your employees are protected by providing clear directives and precautions that minimise danger. WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? P4

5 CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN Security compromise - In some cases, security compromises can be so extreme that they can be considered as a disaster. They can lead to loss of data, systems damage, and downtime, just as a physical disaster can. DECIDE WHAT THE PLAN SHOULD ASSEMBLE YOUR DISASTER RECOVERY PLANNING TEAM Before the plan can be written the necessary team members must be gathered. The team should include one or more executives responsible for ensuring the plan is executed and experts from the IT team who can advise and help execute the ACCOMPLISH plan. Make sure that the plan has Once potential threats have been top management support so the identified, you should identify the initiatives it calls for can be properly goals of the plan. Make these goals implemented. as concise as possible to make sure that the plan can be easily measured against them after a disaster. Before starting the DRP writing Flood - Floods can be extremely process, it is important to do the destructive in coastal areas. They ASSESS YOUR CURRENT RESPONSE proper research. This will provide damage equipment and can cause List all the current disaster response information on where the company power outages. and preparedness initiatives currently is vulnerable and what you need to in place at your organisation. Then include in the plan. Riot - Although uncommon, riots decide which ones are effective can be prevalent in unstable enough to go into the new DRP and IDENTIFY POTENTIAL THREATS regions. which ones should be cut. Take this The first step in the preparation time to identify areas in which your process should be to create a list of likely threats your company might face. These include: Fire - This is particularly likely in urban areas or dry, high heat areas. Tropical Monsoon - In susceptible areas, tropical monsoons can be extremely devastating, causing infrastructure and structural damages. They are often accompanied by flooding. company is particularly vulnerable. If possible, it is useful to access the effectiveness of current plans during past disasters as a guideline for this process. PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN P5

6 CHAPTER WRITING A DISASTER RECOVERY PLAN data must be backed up every thirty minutes. The RTO is the recovery time goal. This is the maximum amount of time the disaster recovery process should take. Setting these goals will help motivate your team and provide a reference point by which the plan can be measured. PART 2: DEFINE THE DISASTER PART 3: DEFINE THE SCOPE OF THE PLAN This section will help employees determine whether this is the the correct plan for their current situation. DRPs deal with damage to or malfunctions of IT systems and the buildings in which they are housed. This could include servers, temperature control systems, network or power infrastructures, or any This is a critical portion of the plan, other system, building, or infrastructure as it will help employees know when related to IT. When you have assembled your team and made all the necessary effective DRP is ensuring the safety of personnel. to declare a disaster and implement the DRP. If a disaster is defined too broadly, it could lead to unnecessary precautions that cost the company PART 4: LIST KEY PERSONNEL AND IDENTIFY RESPONSIBILITIES preparations, you are ready to start writing your DRP. Ensure that the PART 1: LIST GOALS time and money. In this section, you must provide a wording is clear, but still detailed The recommended definition of list of all personnel that need to be enough, so that employees can act Begin the introduction of the plan, a disaster is an event, natural or contacted during a disaster. This list quickly and effectively. Use bullet start by listing the goals that were manmade, that causes one or more should include executives that must points and lists that can be easily chosen during the preparation stage. vital systems to malfunction, causes be kept informed of the situation, scanned wherever possible. It is This will serve as the main directive the building to become unusable in a staff with expertise on the workings also recommended that graphics be of the DRP and help keep personnel significant way, or any combination of of the system, a designated disaster employed to make the information focused on the primary objectives. the above two vital systems must be recovery leader, and a response clearer. identified. team. Who will be in charge of Emphasise throughout the plan that the disaster recovery team should never take any actions that put themselves or other employees at risk. The first priority of any Here you should also include the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). The RPO represents the maximum acceptable data loss. For example, an RPO of thirty minutes means that Here you should also list the possible disasters employees are likely to encounter. running the disaster recovery effort. Responsibilities of key personnel should also be clearly noted so that the correct people can be promptly contacted. WRITING THE DISASTER RECOVERY PLAN P6

7 It is recommended that a table be created to make finding information PART 6: DISASTER RECOVERY PROCEDURES Make a thorough investigation of the building and systems to determine Coordinate transportation to the backup site (include rental car easier. the scope of the damage. instructions, directions, map) This section is where the active This section should also include a notification calling tree that ranks disaster response is laid out. It is the most important section of Protect and backup data that has not already been backed up, if Create time and cost estimates for return to normalcy those who should be notified first the document, as it will determine possible. so that the decision can be made quicker. whether the plan is effective at mitigating the effects of the incident. Notify clients or customers of AFTER THE DISASTER Once the incident is over, steps must Since this section will depend on expected downtime. be taken to resume normalcy. In This section should be updated at the type of disaster being faced, it is some cases, it may be necessary to regular intervals to ensure that it recommended that several scenarios Take necessary steps to prevent continue backup operations long after remains accurate. be outlined to better prepare your further damage to systems. the disaster has occurred. In these PART 5: INVENTORY & SYSTEMS AUDIT team. Steps in the checklist should be clear, so that the team can easily keep track of their progress. NEXT STEPS Once a disaster has been declared situations, companies may have to make plans for long-term employee housing, rental of additional space, and the first steps have been taken to and other personel considerations. In this section, a list should be made FIRST RESPONSE mitigate damage, the team must take Include the following steps in your of critical systems and inventory, The first response to a disaster can steps to begin to repair the damage plan and adapt as needed: that includes their cost and relative vary widely, depending on the type and resume operations. Information importance. This provides a checklist of incident. It is recommended that about the backup site, such as location Assess the current state of for first responders to assess the this section include both a damage and procedure instructions, should systems and operations. current state of the systems. assessment form and a few key be included here. The checklist might sections to perform the following also include steps to accomplish the Notify the insurance company of Like the personnel list, this section tasks: following: damages. must be updated regularly to ensure that it is kept current. Inform senior management once a Determine if the designated backup Restore data from backups. state of disaster has been declared. Inform authorities of the situation. Gather the disaster recovery response team. site will be adequate to resume critical operations. Move operations to backup site to minimise downtime, (if necessary). Initiate a plan to repair or replace damaged systems or equipment. Execute the repair or replacement plan. WRITING THE DISASTER RECOVERY PLAN P7

8 Test systems to ensure they are Are there any ways the process Backup site effectiveness. functioning as normal. could be made more efficient? Return employees to the main site, if possible. PART 8: DRP TESTING PROCEDURES Transportation to the backup site. The availability of the disaster recovery team and management. Notify clients and media of the systems return to normalcy. PART 7: EVALUATE DRP EFFECTIVENESS This is one of the most important sections in the DRP as it will help improve the plan and identify any unforeseen problems. It is recommended that you include a PART 9: DRP MAINTENANCE As systems are updated and procedures are adjusted, it is very range of tests for each system, important that the DRP be kept After the disaster recovery process including both a basic test of current. Include instructions for how is over, it is important to re-evaluate procedures to be run regularly often the plan should be updated, the plan. Some follow-up questions and a more comprehensive test what events require a full plan to include in the DRP are as follows: to be carried out when the plan rewrite, and in what situations a is first created and less regularly simple addendum can be made. How effective was the DRP in meeting its goals? thereafter. Tests should include walkthroughs, simulations, full interruption testing, and parallel REVIEWING AND ADOPTING THE DRP Which goals were met? Which were testing. not met? Once the DRP has been written, it Some important areas to test include: must be reviewed and approved by key Did the DRP meet its RPO and RTO? personnel, including top management Data backup procedures. and the disaster recovery planning How could the plan be improved to team. After it has been approved, better meet its goals? System fail-safes. it should be made available both in How much did the disaster recovery process cost in terms of time and money? The ability of the plans to adapt to unexpected disasters. The availability of disaster preparedness materials. print and digitally to all relevant staff. Staff should also be regularly trained and drilled on the procedures to ensure that they are well versed in the process. WRITING THE DISASTER RECOVERY PLAN P8

9 CHAPTER NEED HELP PROTECTING YOUR BUSINESS FROM DISASTER? Macquarie Telecom s LAUNCH Disaster Recovery provides completely outsourced disaster recovery solutions at the hypervisor level. LAUNCH has one of the lowest downtimes of any disaster recovery service, and it can help your company mitigate losses and quickly get up and running again. WANT TO LEARN MORE ABOUT HOW LAUNCH AND OUR DATA CENTRE SERVICES CAN HELP YOUR COMPANY AVOID AND PREPARE FOR DISASTER? Contact Macquarie Telecom on or visit REFERENCES: [1] Assessing the Financial Impact of Downtime. Vision Solutions. Assessing%20the%20Financial%20Impact%20 of%20downtime.pdf [2] Determining Total Cost of Ownership for Data Centre and Network Room Infastructure. Center%20Cost%20of%20Ownership.pdf [3] Downtime, Outages, and Failures - Understanding their True Costs. Evolven. LAUNCH HAS ONE OF THE LOWEST DOWNTIMES OF ANY DISASTER RECOVERY SERVICE, AND IT CAN HELP YOUR COMPANY MITIGATE LOSSES AND QUICKLY GET UP AND RUNNING AGAIN. outages-and-failures-understanding-their-true- costs.html NEED HELP PROTECTING YOUR BUSINESS? P9

10 24 Macquarie Telecom, All Rights Reserved

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

Hong Kong Baptist University

Hong Kong Baptist University Hong Kong Baptist University Disaster Recovery Standard FOR INTERNAL USE ONLY Date of Issue: JULY 2012 Revision History Version Author Date Revision 1.0 Information Security Subcommittee (ISSC) July 2012

More information

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite

More information

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain 1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Beyond Disaster Recovery: Why Your Backup Plan Won t Work Beyond Disaster Recovery: Why Your Backup Plan Won t Work Contents Introduction... 3 The Data Backup Model - Upgraded for 2015... 4 Why Disaster Recovery Isn t Enough... 5 Business Consequences with DR-Only

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

NAVIGATING THROUGH A CATASTROPHIC DISASTER: NAVIGATING THROUGH A CATASTROPHIC DISASTER: The five most common mistakes in business continuity planning As we continue to send our thoughts and prayers to the Japanese people, many of us are also reflecting

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Disaster Recovery and Business Continuity Plan

Disaster Recovery and Business Continuity Plan Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix

More information

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1 AUDITING A BCP PLAN Thomas Bronack Auditing a BCP Plan presentation Page: 1 What are the Objectives of a Good BCP Plan Protect employees Restore critical business processes or functions to minimize the

More information

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 Goals Compare and contrast aspects of business continuity Execute disaster recovery plans and procedures 2 Topics Business

More information

Planning for Disaster Disaster

Planning for Disaster Disaster Planning for Disaster Ramesh Ramani CISM CGEIT Ramesh Ramani CISM CGEIT Paramount-Dubai Agenda Disaster Management-Introduction Examples BCP and IT Continuity Process of Disaster Management-PDCA Disaster

More information

Protecting your Enterprise

Protecting your Enterprise Understanding Disaster Recovery in California Protecting your Enterprise Session Overview Why do we Prepare What is? How do I analyze (measure) it? What to do with it? How do I communicate it? What does

More information

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012 Business Continuity Planning

More information

Business continuity plan

Business continuity plan Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table

More information

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN 5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

CLOUD COMPUTING READINESS CHECKLIST

CLOUD COMPUTING READINESS CHECKLIST CLOUD COMPUTING READINESS VOLKER RATH VOLKER RATH 1 CONTENTS HOW SHOULD THIS GUIDE BE USED? 2 WILL MY COMPANY BENEFIT FROM 2 TRANSITIONING SERVICES TO THE CLOUD? CLOUD READINESS OVERVIEW 3 SECURITY CONCERNS

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning Business Continuity Planning and Disaster Recovery Planning Ed Crowley IAM/IEM 1 ISC 2 Key Areas of Knowledge Understand business continuity requirements 1. Develop and document project scope and plan

More information

EVALUATING YOUR DISASTER READINESS?

EVALUATING YOUR DISASTER READINESS? EVALUATING YOUR DISASTER READINESS? START WITH YOUR RESPONSE MANAGEMENT VENDOR Business Continuity and Disaster Recovery: Best Practices for Successful Planning What would happen to your organization if

More information

Guide. Business Continuity

Guide. Business Continuity Business Continuity The continuing need for 24/7 availability has seen increased pressures on businesses to beef up their processes and practices to ensure that they can cope with any eventuality. Especially

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Disaster Recovery Planning Process

Disaster Recovery Planning Process Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations

More information

MARQUIS DISASTER RECOVERY PLAN (DRP)

MARQUIS DISASTER RECOVERY PLAN (DRP) MARQUIS DISASTER RECOVERY PLAN (DRP) Disaster Recovery is an ongoing process to plan, develop, test and implement changes, processes and procedures supporting the recovery of the critical functions in

More information

Fundamentals of Information Systems Security Unit 6 Role of Risk Management, Response, and Recovery for IT Systems, Applications, and Data

Fundamentals of Information Systems Security Unit 6 Role of Risk Management, Response, and Recovery for IT Systems, Applications, and Data Fundamentals of Information Systems Security Unit 6 Role of Risk Management, Response, and Recovery for IT Systems, Applications, and Data Learning Objective Describe the principles of risk management,

More information

Disaster Recovery. Hendry Taylor Tayori Limited

Disaster Recovery. Hendry Taylor Tayori Limited Disaster Recovery Hendry Taylor Tayori Limited Agenda What is Business Continuity planning (BCP) What is Disaster Recovery (DR) and Disaster Recovery Planning (DRP) Overview Lifecycle Analysis Plan design

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

How to Plan for Disaster Recovery and Business Continuity

How to Plan for Disaster Recovery and Business Continuity A TAMP Systems White Paper TAMP Systems 1-516-623-2038 www.drsbytamp.com How to Plan for Disaster Recovery and Business Continuity By Tom Abruzzo, President and CEO Contents Introduction 1 Definitions

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

Planning for Disaster. Ramesh Ramani CISM CGEIT ramani@pcsuae.com 02 June 2010

Planning for Disaster. Ramesh Ramani CISM CGEIT ramani@pcsuae.com 02 June 2010 Planning for Disaster Ramesh Ramani CISM CGEIT ramani@pcsuae.com 02 June 2010 Agenda Disaster Management-Introduction Examples BCP and IT Continuity Process of Disaster Management-PDCA Disaster Management

More information

Business Continuity & Recovery Plan Summary

Business Continuity & Recovery Plan Summary Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Domain 3 Business Continuity and Disaster Recovery Planning

Domain 3 Business Continuity and Disaster Recovery Planning Domain 3 Business Continuity and Disaster Recovery Planning Steps (ISC) 2 steps [Har10] Project initiation Business Impact Analysis (BIA) Recovery strategy Plan design and development Implementation Testing

More information

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? Workshop on System Audit of Banks BCP Workshop on System Audit of Banks What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)? - Preparedness of an organisation to ensure continuity,

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Table Of Contents Introduction to NIST SP 800-34

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

Virginia Commonwealth University School of Medicine Information Security Standard

Virginia Commonwealth University School of Medicine Information Security Standard Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Business Continuity Management Standard for IT Systems This standard is applicable to all VCU School of Medicine

More information

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

Business Unit CONTINGENCY PLAN

Business Unit CONTINGENCY PLAN Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...

More information

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement

More information

Ohio Conference for Payroll Professionals Disaster Recovery

Ohio Conference for Payroll Professionals Disaster Recovery Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com

More information

Continuity of Operations Planning. A step by step guide for business

Continuity of Operations Planning. A step by step guide for business What is a COOP? Continuity of Operations Planning A step by step guide for business A Continuity Of Operations Plan (COOP) is a MANAGEMENT APPROVED set of agreed-to preparations and sufficient procedures

More information

DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late)

DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late) DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late) Introduction... 4 Disaster Recovery vs. Business Continuity... 4 Why You Need to Read this ebook... 5 Chapter 1: The Risks (aka, The

More information

SECTION 15 INFORMATION TECHNOLOGY

SECTION 15 INFORMATION TECHNOLOGY SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County

More information

Top 10 Disaster Recovery Pitfalls

Top 10 Disaster Recovery Pitfalls Top 10 Disaster Recovery Pitfalls The key to successful disaster recovery is good planning. But with so much at stake for your business, how do you plan with confidence and ensure all stakeholders know

More information

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and

More information

a Disaster Recovery Plan

a Disaster Recovery Plan Construction of a Disaster Recovery Plan David Godwin, Sr. Sales Engineer March 18, 2014 Objectives Understand What Disaster Recovery is? Why is Disaster Recovery Needed? Effectively assist customers or

More information

Overview of how to test a. Business Continuity Plan

Overview of how to test a. Business Continuity Plan Overview of how to test a Business Continuity Plan Prepared by: Thomas Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com BRP/DRP Test Plan Creation and Exercise Page: 1 Table of Contents BCP/DRP Test

More information

Business Continuity Glossary

Business Continuity Glossary Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

Offsite Disaster Recovery Plan

Offsite Disaster Recovery Plan 1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive

More information

Developing a Business Continuity Plan... More Than Disaster

Developing a Business Continuity Plan... More Than Disaster Developing a Business Continuity Plan..... More Than Disaster Recovery! April 19, 2010 UHY / MMA Business Survival Series Webinar Focus.... Understanding the components of Business Continuity Planning

More information

Guideline on Business Continuity Management

Guideline on Business Continuity Management Circular No. 033/B/2009-DSB/AMCM (Date: 14/8/2009) Guideline on Business Continuity Management The Monetary Authority of Macao (AMCM), under the powers conferred by Article 9 of the Charter approved by

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...

More information

Mastering Disaster A DATA CENTER CHECKLIST

Mastering Disaster A DATA CENTER CHECKLIST Mastering Disaster A DATA CENTER CHECKLIST Disaster Doesn t Sleep It s not always a hurricane or a power grid failure that causes businesses to lose their data. More often than not, an isolated event like

More information

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM

More information

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery Plan Documentation for Agencies Instructions California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to

More information

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein Disaster Recovery 81 Success Secrets Copyright by Michelle Stein Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical,

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three Information Security- Perspective for Management Business Impact Analysis ( BIA ) and Business

More information

ASX SETTLEMENT OPERATING RULES Guidance Note 10

ASX SETTLEMENT OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis Application / Hardware - Business Impact Analysis Template The single most important thing we can do is help you understand the criticality of each application, supporting hardware/server/pc and the required

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Clinic Business Continuity Plan Guidelines

Clinic Business Continuity Plan Guidelines Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS Executive Summary Today s businesses rely heavily on voice communication systems and data networks to such

More information

What You Should Know About Cloud- Based Data Backup

What You Should Know About Cloud- Based Data Backup What You Should Know About Cloud- Based Data Backup An Executive s Guide to Data Backup and Disaster Recovery Matt Zeman 3Fold IT, LLC PO Box #1350 Grafton, WI 53024 Telephone: (844) 3Fold IT Email: Matt@3FoldIT.com

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared? RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125 When Disaster Strikes Are You Prepared? Copyright Materials This presentation is protected by US and International Copyright laws.

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

Building and Maintaining a Business Continuity Program

Building and Maintaining a Business Continuity Program Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written

More information

Technology Recovery Plan Instructions

Technology Recovery Plan Instructions State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF

More information

HOW TO SELECT A COLOCATION PROVIDER

HOW TO SELECT A COLOCATION PROVIDER HOW TO SELECT A COLOCATION PROVIDER THE TOP 10 CRITERIA TO DISCUSS WHEN TOURING A DATA CENTER Choosing a data center or colocation provider to house your company s critical IT infrastructure is a huge

More information

With 57% of small to medium-sized businesses (SMBs) having no formal disaster

With 57% of small to medium-sized businesses (SMBs) having no formal disaster Disaster Recovery For Business Owners Practical Guidance for a Critical Operation With 57% of small to medium-sized businesses (SMBs) having no formal disaster recovery plan (Symantec, 2011), and 52% believing

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10 BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they

More information

MAXIMUM PROTECTION, MINIMUM DOWNTIME

MAXIMUM PROTECTION, MINIMUM DOWNTIME MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

More information

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member City of Gainesville Inter-Office Communication April 3, 2012 TO: FROM: SUBJECT: Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member Brent

More information

The Pareto Principle of Continuity Planning. Making the 80/20 Rule Work for You

The Pareto Principle of Continuity Planning. Making the 80/20 Rule Work for You The Pareto Principle of Continuity Planning Making the 80/20 Rule Work for You Thomas A. Gaitley, Managing Consultant Copper Harbor Consulting, Inc. Today s Agenda The Business Continuity Challenge Terminology

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

Disaster Recovery Plan The Business Imperatives

Disaster Recovery Plan The Business Imperatives Disaster Recovery Plan The Business Imperatives Table of Contents Disaster Recovery Plan The Business Imperatives... 3 Introduction... 3 A Disaster Recovery Program The Need of the Hour... 3 Approach to

More information

Disaster Recovery Plan Checklist

Disaster Recovery Plan Checklist Disaster Recovery Plan Checklist Your guide for setting up or updating a Disaster Recovery Plan for your business. ArcSource Disaster Recovery Plan Checklist 1. Compile Your Internal Contacts Information

More information

The State of Global Disaster Recovery Preparedness

The State of Global Disaster Recovery Preparedness Computer Network Solutions Disaster Recovery Preparedness Benchmark Survey The State of Global Disaster Recovery Preparedness ANNUAL REPORT 2014 The Disaster Recovery Preparedness Council publishes this

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan IMMEDIATE ACTIONS Manager/Supervisor 1. Ensure emergency services contacted 2. Ensure safety of personnel 3. Co-ordinate with the emergency services 4. Contact Senior members of

More information

Disaster Recovery 100 Success Secrets

Disaster Recovery 100 Success Secrets Disaster Recovery 100 Success Secrets Disaster Recovery 100 Success Secrets - IT Business Continuity, Disaster Recovery planning and Services Gerard Blokdijk Disaster Recovery 100 Success Secrets Copyright

More information

NCUA LETTER TO CREDIT UNIONS

NCUA LETTER TO CREDIT UNIONS NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster

More information