ESKITP6036 IT Disaster Recovery Level 5 Role

Transcription

1 Overview This sub-discipline is about the competencies required in order to manage all aspect of Disaster Recovery (DR), as it applies to IT within an organisation. ESKITP6036 1

2 Performance criteria You must be able to: Control the management of IT disaster recovery plans P1 P2 P3 P4 Develop effective disaster recovery plans that meet the needs of the business and are logistically, technically, and financially feasible, and support the organisation's brand, reputation and organisational effectiveness, presenting findings relating to their accuracy, currency and completeness to a wide range of sponsors, stakeholders and other individuals as directed by superiors Critically analyse all relevant information and knowledge relating to risks, vulnerabilities and threats that may need to be considered within disaster recovery plans Verify the assumptions contained within business continuity management plans that have a consequence on disaster recovery and the business requirements and criteria for restoration of specific IT/technology systems, services and assets Effectively manage the execution of disaster recovery plans, using triggers for invocation correctly and identifying and making decisions on the relative priorities of IT/technology systems, services and assets to be restored, where appropriate ESKITP6036 2

3 Monitor and maintain the IT disaster recovery plans You must be able to: P5 P6 P7 P8 P9 Design, develop, manage and monitor the operation of appropriate and comprehensive disaster recovery tests and dry runs that are sufficiently well constructed to provide an accurate, current and complete reflection of a real life scenario, presenting the findings to sponsors, stakeholders and other individuals Regularly and rigorously monitor the alignment of disaster recovery plans with business continuity management plans and all relevant legislation, regulations and external standards, reporting issues to superiors where appropriate Verify that disaster recovery tests and dry runs are sufficiently well constructed to provide an accurate, current and complete reflection of real life scenarios, in line with business needs and under the direction of superiors Critically analyse and clearly communicate/report the implications of business continuity management plans and assumptions on disaster recovery activities Critically analyse and clearly communicate/report the implications of the extent of disaster recovery provision for an organisation and their impact on business continuity plans to a wide range of sponsors, stakeholders, external bodies and other individuals P10 Apply best practice and relevant learning from other potentially disastrous/disastrous and real life disaster scenarios to improve own disaster recovery plans Communicate with others on matters relating to IT disaster recovery plans You must be able to: P11 Effectively manage relationships with external bodies who provide a range of disaster recovery services and communicate disaster recovery roles, responsibilities, processes and procedures to individuals who may be required to carry them out P12 Implement and maintain effective, current, comprehensive and complete education and training on disaster recovery plans and activities for all individuals within the organisation P13 Accurately identify the sponsors, stakeholders, individuals, external providers and partners who need to be involved in disaster recovery plans and activities and/or who need to be informed in the event of a disaster ESKITP6036 3

4 Knowledge and understanding You need to know and understand: Control the management of IT disaster recovery plans K1 Identify and select K1.1 the consequences of an IT/technology disaster scenario on the brand, reputation and operational effectiveness of an organisation K1.2 triggers that may result in the invocation of the disaster recovery plan K1.3 the range of appropriate approaches that can be taken to undertake disaster recovery activities and their appropriateness in a range of business, IT/technology contexts K1.4 the implications of disaster recovery plans on business continuity management activities K1.5 the external factors and their implications that may impact on disaster recovery K1.6 any other information relevant to disaster recovery activities K2 Source/gather/collate the cost and value of disaster recovery provision for IT/technology systems, services and assets K3 Use and apply: K3.1 the most appropriate approaches to undertake disaster recovery planning and activities information relating to the consequences of an IT/technology disaster on the brand, reputation and the operational effectiveness of an organisation K3.2 information relating to the individual(s) responsible for leading K3.3 disaster recovery activities K3.4 information relating to the named individuals and their roles within disaster recovery plans and activities K3.5 information generated by disaster recovery activities in order to determine when and how to return to normal operations K3.6 best practice in disaster recovery activities K3.7 learning from other potentially disastrous/disastrous and real life disaster scenarios to improve own disaster recovery plans K3.8 triggers in order to establish when to invoke a disaster recovery plan K3.9 the processes, procedures, methods, tools and techniques to monitor the alignment of disaster recovery activities and their deliverables with all relevant legislation, regulations and external standards K4 Document the cost and value of disaster recovery provision for IT/technology systems, services and assets K5 Report: K5.1 the possible implications of business continuity management plans and assumptions on disaster recovery activities K5.2 the possible implications of disaster recovery plans and assumptions on business continuity management activities K6 Manage: K6.1 the alignment of disaster recovery activities with all relevant legislation, regulations and external standards K6.2 the alignment of disaster recovery activities with business continuity management needs K6.3 relationships with sponsors, stakeholders and external bodies and individuals on matters relating to disaster recovery activities K6.4 relationships with those individuals involved in business continuity ESKITP6036 4

5 management K6.5 relationships with external providers involved in business continuity management K6.6 external factors impacting on disaster recovery activities K7 Design and Develop: K7.1 processes, tools and techniques to monitor the alignment of disaster recovery activities and their deliverables with all relevant regulation and external standards K7.2 disaster recovery plans that meet the needs of the business and are logistically, technically, and financially feasible K7.3 education and training provided to all individuals within the organisation on disaster recovery plans and activities K7.4 disaster recovery tests and dry runs that are sufficiently well constructed to provide an accurate, current and complete reflection of a real life scenario K8 The need for legislation, regulations and external standards relating to disaster recovery K9 What are the: K9.1 range of approaches that can be taken to disaster recovery activities and their appropriateness in a range of business and IT/technology contexts K9.2 priorities for recovering IT/technology systems, services and assets impacted by a potential disaster and their relevance to business continuity management K9.3 actions that may be taken in the event of disaster recovery activities not supporting the business needs, brand and reputation K10 Who are the sponsors of and stakeholders for any disaster recovery activities Monitor and maintain the IT disaster recovery plans You need to know and understand: K11 Identify and select: K11.1 changes to IT/technology systems, services and assets, the business use of them and/or changes to the individuals involved in disaster recovery activities that will trigger an update to disaster recovery plans K11.2 information relating to the external environment, including legislation, external standards, market forces and technology, in order to keep disaster recovery plans current, complete and accurate K11.3 priorities for recovering IT/technology systems, services and assets impacted by a potential disaster and their relevance to business continuity management K12 Verify: K12.1 the business requirements and criteria for restoration of specific IT/technology systems, services and assets to support ongoing operation of an organisation K12.2 the assumptions contained with business continuity management plans that have a consequence on disaster recovery K12.3 that the requirements of business continuity management plans are supported by disaster recovery plans K12.4 that disaster recovery tests and dry runs are sufficiently well constructed to provide an accurate, current and complete reflection of real life scenarios ESKITP6036 5

6 K13 Implement and maintain: K13.1 the processes, tools and techniques relating to disaster recovery activities K13.2 the processes, tools and techniques to monitor the alignment of disaster recovery activities and their deliverables with all relevant regulation and external standards K13.3 education and training on disaster recovery plans and activities for all individuals within the organisation K13.4 disaster recovery tests and dry runs scenarios that are sufficiently well constructed to provide an accurate, current and complete reflection of real life scenarios K14 Monitor: K14.1 the alignment of disaster recovery work and its deliverables with all relevant legislation, regulations and external standards K14.2 the alignment of disaster recovery plans with business continuity management plans K14.3 disaster recovery activities during tests and dry runs K14.4 the effectiveness and quality of disaster recovery processes, procedures, methods, tools and techniques K14.5 compliance within the organisation to disaster recovery strategy, policies and procedures K15 Analyse/Interpret: K15.1 the implications of business continuity management plans and assumptions on disaster recovery activities K15.2 the implications of disaster recovery plans and assumptions on business continuity management activities K15.3 disaster recovery tests and dry runs to ensure they are sufficiently well constructed to provide an accurate, current and complete reflection of a real life scenario K15.4 the results gained from disaster recovery testing and dry runs K15.5 the results gained from monitoring the alignment of disaster recovery activities and their deliverables with all legislation, regulations and external standards K15.6 information and knowledge relating to risks, vulnerabilities and threats that may need to be considered within disaster recovery plans K15.7 the implications of internal and external change on disaster recovery plans K15.8 any other information relevant to disaster recovery activities K16 Present: K16.1 the effectiveness of processes, tools and techniques relevant to disaster recovery planning K16.2 the accuracy, currency and completeness of disaster recovery plans K16.3 updates to disaster recovery plans as a result of changes that might have occurred K16.4 disaster recovery plans for completeness against information contained within risk registers and assessments and threat and vulnerability assessments K16.5 improvements to disaster recovery strategy and policies as a result of best practice and lessons learned from other potentially disastrous/disastrous scenarios and real life disaster scenarios K17 Make decisions: K17.1 on the relative priorities of IT/technology systems, services and assets ESKITP6036 6

7 to be restored K17.2 on when and how to use external providers of disaster recovery services K17.3 on the external providers of disaster recovery services to use K18 Take action: K18.1 to prioritise how and when IT/technology systems, services and assets may be restored during disaster recovery activities K18.2 to refresh disaster recovery plans in line with the impact of change from both internal and external sources K18.3 to ensure that individuals and other external resources involved in disaster recovery activities have adequate training and knowledge K18.4 to test disaster recovery strategy and plans and conduct dry runs to ensure they remain accurate, current and complete K18.5 to execute disaster recovery plans in the event of real life scenarios, as appropriate K18.6 to contain the impact and potential consequences of a IT/technology disaster scenario K18.7 to deal with issues arising as a result of disaster recovery activities K18.8 to deal with external factors on disaster recovery activities K19 The importance of: K19.1 effectively containing the impact and potential consequences of a IT/technology disaster scenario K19.2 correctly identifying triggers to ensure the timely invocation of the disaster recovery plan K20 The need for monitoring: K20.1 the effectiveness and quality of all disaster recovery and planning activities K20.2 the effectiveness and quality of external providers of disaster recovery and planning services K20.3 the cost and value of disaster recovery provision for IT/technology systems, services and assets K20.4 the effectiveness and quality of disaster recovery processes, procedures, methods, tools and techniques Communicate with others on matters relating to IT disaster recovery plans You need to know and understand: K21 Identify and select: K21.1 the sponsors of and stakeholders for any disaster recovery activities K21.2 the sponsors, stakeholders, external bodies and individuals who need to be informed in the event of a disaster K21.3 external providers and partners who need to be involved in disaster recovery plans and activities K22 Communicate: K22.1 disaster recovery roles, responsibilities, processes and procedures to individuals and external providers who may be required to carry them out K22.2 the implications of the extent of disaster recovery provision within an organisation to a wide range of sponsors, stakeholders, external bodies and other individuals K22.3 the implications of disaster recovery plans on business continuity management plans ESKITP6036 7

8 K22.4 with external bodies offering a range of disaster recovery services K23 Advise and guide others on: K23.1 all aspects of disaster recovery activities and their deliverables K23.2 the appropriateness of using external bodies offering a range of disaster recovery services K24 Negotiate: K24.1 with sponsors, stakeholders, external bodies and other individuals on how disaster recovery plans must restore IT/technology systems, services and assets K24.2 with external providers of disaster recovery services in line with organizational policies and procedures K25 The importance of : K25.1 informing sponsors, stakeholders, external bodies and individuals, as appropriate, in the event of a disaster K25.2 managing relationships with sponsors, stakeholders and external bodies and individuals in all aspects of disaster recovery activities ESKITP6036 8

9 Developed by e-skills UK Version number 1 Date approved September 2009 Indicative review date Validity Status Originating organisation March 2014 Current Original e-skills UK Original URN 6036 Relevant occupations Suite Key words Information and Communication Technology; Systems Support IT and Telecoms System recovery; Backup; Disaster planning ESKITP6036 9