Disaster Recovery Planning



Similar documents
PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Creating a Business Continuity Plan. What We ll Cover... What is a BCP? Micky Hogue, CRM

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Disaster Recovery Plan Checklist

Disaster Recovery Planning

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

IT Disaster Recovery Plan Template

Business Continuity Planning in IT

How to Plan for Disaster Recovery and Business Continuity

SECTION 15 INFORMATION TECHNOLOGY

Offsite Disaster Recovery Plan

Ohio Supercomputer Center

IF DISASTER STRIKES IS YOUR BUSINESS READY?

A Best Practices Point of View from. Data Backup and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

NCUA LETTER TO CREDIT UNIONS

Disaster Recovery Planning

New Clerk Academy. August 13, 2015

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 125. When Disaster Strikes Are You Prepared?

IT Disaster Recovery and Business Resumption Planning Standards

Disaster Recovery. Hendry Taylor Tayori Limited

BUSINESS CONTINUITY PLAN OVERVIEW

MARQUIS DISASTER RECOVERY PLAN (DRP)

Overview of Business Continuity Planning Sally Meglathery Payoff

Technology Recovery Plan Instructions

Business Unit CONTINGENCY PLAN

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Business Continuity Glossary

Emergency/Disaster Response Plan

Business Continuity and Disaster Planning

Beyond Effective Security. The Art and Science of Business Continuity Planning

Business Continuity and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Management

IT Service Management

Emergency Operations California State University Los Angeles

Disaster Recovery Plan Documentation for Agencies Instructions

Business Continuity Planning and Disaster Recovery Planning

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity and Disaster Survival Strategies for the Small and Mid Size Business.

Disaster Recovery Planning Process

DISASTER RECOVERY PLANNING

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Continuity of Operations Planning. A step by step guide for business

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Disaster Preparedness & Response

Overview of how to test a. Business Continuity Plan

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

CRISIS MANAGEMENT PLAN

Ohio Conference for Payroll Professionals Disaster Recovery

Business Continuity Planning for Schools, Departments & Support Units

University of Nottingham Emergency Procedures and Recovery Policy

Business Continuity Template

Planning for disaster.

Desktop Scenario Self Assessment Exercise Page 1

How To Prepare For A Disaster

Business Resiliency Business Continuity Management - January 14, 2014

Preparing a Disaster Recovery Plan (Church)

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Disaster Recovery and Business Continuity Plan

Western Washington University Basic Plan A part of Western s Comprehensive Emergency Management Plan

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

EXECUTIVE CRISIS MANAGEMENT TRAINING. Presented by Roseanne Rostron, CBCP Raido Response

Disaster Recovery Plan Overview for Customers. Sage ERP Online

Building Economic Resilience to Disasters: Developing a Business Continuity Plan

Interactive-Network Disaster Recovery

EMERGENCY ACTION PLAN Emergency Plan For:

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

Clinic Business Continuity Plan Guidelines

Learning about an Emergency Management Plan GET READY NOW!

Business Continuity Planning Toolkit. (For Deployment of BCP to Campus Departments in Phase 2)

Business Continuity and Disaster Recovery Planning 3/16/2011. Lee Goldstein CPCP, MBCI President Business Contingency Group

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

The handouts and presentations attached are copyright and trademark protected and provided for individual use only.

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Domain 3 Business Continuity and Disaster Recovery Planning

Clinic Business Continuity Plan Guidelines

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Why Should Companies Take a Closer Look at Business Continuity Planning?

Disaster Recovery Planning Save Your Business

How To Write A Disaster Recovery Plan

Transcription:

Disaster Recovery Planning Presented by Micky Hogue, CRM Sandia National Laboratories Albuquerque, New Mexico Mlhogue@sandia.gov 1 2 3

If that happened to your business... Would your business be able to survive??? 4 Agenda Business Disaster Recovery Planning Analyzing your company & it s needs Regulations, Recovery, & Risks Testing the plan Mutual Aid & Pre-disaster Agreements 5 Business Disaster Recovery Planning Disasters happen... If your company is here today, and gone tomorrow... Will it matter? 6

Focus on the Organization s most Critical Functions These Need to be Recovered First. 7 Definitions Disaster Planning--determines risks & potential impacts Disaster Prevention--steps to prevent or lessen impacts Contingency Planning--develop records program, recovery strategies, and procedures, coordinated written plans, make assignments, list resources, do training and testing. 8 Definitions...(continued) Disaster Response & Recovery--Implementing your Plan, dedicate resources to priority critical function areas - retrieve/restore all vital records for these areas. Business Resumption--retrieve/restore all vital records & information for the rest of the company s work areas -- finally return to normal business. 9

Levels of Disasters Individual loss of file, diskette, hard drive Loss of office fire, water Local (loss of building) fire, earthquake, bomb, biological hazard Region Wide flood, storm, earthquake, fire, bio/chemical hazards Nationwide terrorism, massive computer failure, bio/chemical hazards,war 10 An Information Disaster is... a sudden event that results in the loss of records essential to an organization s continued operation. Destruction--fire, water, earthquake, etc. Stolen--industrial espionage, theft for profit or sabotage Inaccessible--toxic contaminates, earthquake 11 Is Your Company Unique? Sole provider of your services/function? How fast must you resume services-- immediately? 24 hrs? 48 hrs? 1 wk?... Who is harmed if you cannot function? Are special skills/knowledge required? Will your employees be available? Are special records or equipment required? If so, will they be available in time? 12

What are Your Company s Post-Disaster Needs? Your building is gone -- Where will you go? Transportation? Housing? Food? Will employees leave home & family? Alternate work site established & contracted? Equipment, supplies, telecom -- in place? Current Vital Records Plan & backups? Do you have a plan now? Does staff know of it, and what they are supposed to do? 13 Will the Disaster Change Your Responsibilities, Functions, or Direction in Any Way? What will be new or different during the response and recovery? Do business as usual? Or address specific response & recovery services? Do you have procedures for these response & recovery function? Have your employees been trained & rehearsed? 14 Why Should I Develop a Company Disaster Recovery Plan? How can I justify? What are the Benefits?» Meet regulatory requirements» Ensures continuation of services» Increase employee confidence & morale» Insure job security» Identifies the vital parts of the agency & helps to focus and streamline procedures & strategies» Minimizes liability and lawsuits 15

Regulations & Statutes for Recovery Planning Contingency Planning Regulations Liability Laws Life/Safety Guidelines Risk Reduction Statutes Security Acts Vital Records Statutes 16 Risks Impact if records are lost? To company, customers, or public? Which type of disasters can happen most often? How quickly must you resume business? How tough is your competition? How soon will you lose market share? 17 Risks (continued) Will customer sue you if they suffer losses? What if the disaster involves your offsite storage or archives? What are legal, IRS, and other implications? 18

Where to Begin? Get management agreement for a plan, and the extent of the plan Set up a Contingency Planning Group Select a disaster recovery team Get every department working on a disaster plan and vital records plan 19 Four Phases of Disaster Recovery -- S, S, R, and R S = Survival» Immediate response to threats to life safety, equipment, buildings, or area. S = Stabilize» Take sensible steps to regain control of situation R = Recover» Take necessary steps to recover critical & essential functions & facilities R = Resume» Transition from recovery to normal business 20 Business Disaster Recovery Plan Strategies All work units develop disaster recovery plans & test them at least twice each year Recovery Priority Level is based on the impact to customer, regulatory requirements, and financial stability:» 1. CRITICAL -- recovery within 48 hours» 2. ESSENTIAL -- recovery within 1 week» 3. SUPPORT -- assist recovery of other units» 4. DEFERRED RECOVERY -- recovery can be delayed 21

Business Disaster Recovery Plan Strategies (continued) Standard Disaster Plan Format:» corporate policy, response & recovery strategies, plan assumptions» explains changes during a recovery period» ensures all essential information & decisions are included in the plan» information is in a logical sequence» information is easily referenced during a disaster 22 Business Disaster Recovery Plan Strategies (continued) Standard Disaster Plan Format:» planning process efficient for managers» allows DRP to easily read & critique every plan» allows DRP to compare strategies of business units» allows another manager to implement a plan other than their own 23 Basic Steps in Developing a Disaster Recovery Plan (cont...) Inform all function areas of the priority status and your recovery plans for them Develop a Standard Disaster Recovery Plan to be completed, & updated annually by all business units. Copies of the plan to be kept in the managers offices and homes Plan to include standard emergency response instructions--who to call, etc. 24

Basic Steps in Developing a Disaster Recovery Plan Do a Risk Analysis (building/regional) Do Business Impact Analysis (types of disasters on business functions) Do Human Impact Analysis Ensure Adequate Business Interruption Insurance Ensure frequent off-site backups of all vital records, data, software, etc. 25 Basic Steps in Developing a Disaster Recovery Plan (cont...) Develop Hotsite/Warmsite/Coldsite Plan-- implement and do tests Plan Communication after a Disaster» Where will key managers meet?» What should staff do when they hear of disaster?» How to keep everyone up-to-date & informed? Determine what your critical functions are, and if any are independent of location 26 Basic Steps in Developing a Disaster Recovery Plan (cont...) Critical functions that must resume operations in less than 1 week must develop, equip, install telecommunications and mainframe connectivity, supply, and test an alternative worksite Determine what order Critical functions should be recovered Determine how to best use staff & resources of your non-critical functions 27

Basic Steps in Developing a Disaster Recovery Plan (cont...) Do a 1-page summary of key information for every Critical function s dept s. plan--these summaries must be immediately available to the corporation s Recovery Management Team Prepare a Work Unit Location Analysis for every multi-store building--which units, # of people, criticality status, square footage, equipment needed, etc. 28 Basic Steps in Developing a Disaster Recovery Plan (cont...) Develop a multi-room Emergency Operations Center (EOC)» Develop rolls/responsibilities and basic procedures» Have key managers/staff practice activating and using it Interview major restoration companies» Consider pre-signed service agreements for emergency evaluation and priority service 29 Basic Steps in Developing a Disaster Recovery Plan (cont...) Beyond your fire warden program, develop an Emergency Response and Life Safety Program based on a severe regional emergency or disaster. Focus on your ability to survive up to 1 week without any outside assistance--fire, injuries, deaths, search & rescue, water, food, sanitation, communications, & evacuations 30

The Only Certain Thing About an Untested Plan... Is That the Plan Won t Work. 31 Types of Tests Notification Tests Table Top Tests Walk Through Tests Operational Tests of Emergency Voice Communications Operational Tests of Hotsite 32 Types of Tests (continued) Triage Tests Mini - Simulations Major - Simulations Coordinated Partnership Response Test of a Major Disaster Simulation 33

Pre-Disaster Agreements, Service Contracts, & Mutual Aid What should you do? What can you do? 34 Pre-Disaster Agreements, Service Contracts, and Mutual Aid Can You Recover All By Yourself? Generally speaking, if your business or agency is going to have a realistic chance of recovering in time, you are going to need the help of others. And in order for them to recover, they may need your help. 35 Mutual Aid & Pre-Disaster Agreements Helping Each Other Philosophy -- Volunteering to Assist Mutual Aid and Pre-Disaster Agreements:» Are voluntary» Do not bind or obligate the signers; they will only assist if possible» Define the general types of assistance that may be required» Identify the chain of command for activating the agreement» Define 24-hour communications procedures 36

Service Contracts-- --How to Ensure Essential Services Will Continue Service Contracts:» Are legal and binding contracts» Stipulate how, when, and where specific services are to resume» Are negotiated and signed by the vendors owners or high-level managers» Identify the chain of command for activating the agreement» Define 24-hour communications procedures 37 Public & Private Partnerships Mutual Aid and Pre-Disaster Agreements:» Are voluntary» Do not bind or obligate the signers; they will only assist if possible» Define the general types of assistance that may be required» Identify the chain of command for activating the agreement» Define 24-hour communications procedures 38 There are no Permanent Answers... Only Evolving Solutions 39

Any Questions?? 40

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information