DRAFT Disaster Recovery Policy Template



Similar documents
Disaster Recovery Planning Procedures and Guidelines

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery and Business Continuity Plan

Business Unit CONTINGENCY PLAN

Technology Recovery Plan Instructions

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Continuity of Operations Planning. A step by step guide for business

ITSM Tools Operation Continuity Plan Example

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Hong Kong Baptist University

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

State of South Carolina Policy Guidance and Training

Ohio Supercomputer Center

Documentation. Disclaimer

Disaster Recovery Planning. By Janet Coggins

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Cisco Disaster Recovery: Best Practices White Paper

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

SAMPLE IT CONTINGENCY PLAN FORMAT

OKHAHLAMBA LOCAL MUNICIPALITY

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

SECTION 15 INFORMATION TECHNOLOGY

IF DISASTER STRIKES IS YOUR BUSINESS READY?

How to Plan for Disaster Recovery and Business Continuity

IT Disaster Recovery Plan Template

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

White Paper: Librestream Security Overview

Disaster Recovery Planning Process

Business Continuity Plan

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Business Continuity Planning and Disaster Recovery Planning

IT Disaster Recovery and Business Resumption Planning Standards

The Difference Between Disaster Recovery and Business Continuance

Disaster Recovery and Business Continuity

Western Intergovernmental Audit Forum

Best Practices in Developing an IT Disaster Recovery Plan. Vijaykumar Kulkarni AGM Product Management

Domain 1 The Process of Auditing Information Systems

Disaster Recovery Plan Overview for Customers. Sage ERP Online

D2-02_01 Disaster Recovery in the modern EPU

ICT & Communications Services Disaster & Recovery Plan

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Running head: COMPONENTS OF A DISASTER RECOVERY PLAN 1

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA

Business Continuity Planning and Disaster Recovery Planning

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Planning for a Disaster Using Tivoli Storage Manager. Laura G. Buckley Storage Solutions Specialists, Inc.

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Technology Infrastructure Services

Disaster Recovery Remote off-site Storage for single server environment

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

CIS 523/423 Disaster Recovery Business Continuity

Why Should Companies Take a Closer Look at Business Continuity Planning?

Client Security Risk Assessment Questionnaire

Business Continuity Information Gathering Template

Virginia Commonwealth University School of Medicine Information Security Standard

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT IT IT Backup, Recovery and Disaster Recovery Planning

BUSINESS CONTINUITY PLAN OVERVIEW

Enterprise UNIX Services - Systems Support - Extended

CISM Certified Information Security Manager

IBX Business Network Platform Information Security Controls Document Classification [Public]

Offsite Disaster Recovery Plan

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

IT Service Continuity Management PinkVERIFY

Interactive-Network Disaster Recovery

Disaster Recovery Plan (Business Continuity) Template

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

Systems Support - Standard

DISASTER RECOVERY PLAN

UNIVERSITY INFORMATION TECHNOLOGY SERVICES (UITS) & INFORMATION WAREHOUSE FUNCTIONAL ANNEX 13

Fire Department Guide. Creating and Maintaining Business Continuity Plans (BCP)

Business Continuity Training and Testing: Narrowing the Gaps

Business Continuity Planning in IT

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Massachusetts Institute of Technology. Functional Area Recovery Management Team Plan Development Template

Keys to Narrowing Business Continuity Planning Gaps: Training, Testing & Audits

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

Disaster Recovery Planning

DISASTER RECOVERY PLANNING GUIDE

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Fundamentals of Business Continuity Planning Have a Plan!

How To Handle A Disaster Recovery Plan

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

a Disaster Recovery Plan

Transcription:

<COMPANY> DRAFT Disaster Recovery Policy Template

NOTE: This is a boiler plate template much information is needed from <COMPANY> to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview... 3 1 Introduction... 6 1.1 Purpose... 6 1.2 Scope... 6 1.3 Disaster Recovery Strategy... 7 1.3.1 [MOBILE NETWORK]Platforms... 7 1.3.2 <COMPANY> email... 9 1.4 Disaster Definition... 9 1.5 Assumptions... 10 1.6 Area-Wide Disasters... 10 1.7 Contractual Arrangement For Recovery Services... 10 2 Disaster Recovery Action Plan... 11 2.1 Backup and Off-Site Storage Procedures... 11 2.2 Off-Site Storage Services... 12 2.3 Disaster Response... 13 2.4 Hot Site Hardware and Software Configurations... 14 2.5 Resuming Normal Operations... 16 2.6 Security... 16 3 Functional Teams and Responsibilities... 16 Disaster Recovery Coordinator... 17 1

Damage Assessment Team... 17 Executive Team... 18 Restoration Team... 19 Operations Team... 20 Customer Support Team... 21 Salvage/Reclamation Team... 22 Administrative Support Team... 23 4 Testing the [MOBILE NETWORK]/[IT NETWORK]Disaster Recovery Plan... 23 4.1 Hot Site Test Procedures... 23 4.2 Hot Site Test Planning... 24 4.3 Application Testing Support... 25 4.4 Post-Test Wrap-Up... 26 4.5 Hot Site Test Schedule... 26 5 Testing the <COMPANY> email Services Disaster Recovery Plan... 27 6 Training... 27 7 Maintaining the Plan... 27 Disaster Recovery Check Lists... 29 General Background Status... 29 DRP Plan Maintenance Check List... 37 IT DRP Risk Control Matrix... 40 2

FOREWARD This Disaster Recovery Plan describes the strategy and procedures for recovering Data Center processing of applications should a disaster substantially disrupt operations. The plan is organized into three parts: the main body provides a general description of the disaster recovery strategy and program, the appendices provide detailed information for conducting the recovery, and the attachments provide supplemental information. The main body is public information and may be freely distributed; the appendices and attachments contain sensitive information that is restricted to the individuals responsible for recovering Data Center operations. The appendices and attachments must be destroyed when updated versions are received. The plan is frequently updated to reflect current hardware, software, procedures, applications, and staffing. Revisions are distributed to the disaster recovery team members at least twice a year following the disaster recovery tests. When copies of the plan are no longer required, please return them to the Disaster Recovery (DR) Coordinator. All corrections are welcome at any time and should be directed to the DR Coordinator. POLICY OVERVIEW The Disaster Recovery Policy must be reviewed at least annually to assure its relevance. Just as in the development of such a policy, a planning team that consists of upper management, and personnel from information security, information technology, human resources, or other operations should be assembled to review the disaster policy. Roles and responsibilities of the planning team should be as follows: Perform an initial risk assessment to determine current information systems vulnerabilities. Perform an initial business impact analysis to document and understand the interdependencies among business processes and determine how the business would be affected by an information systems outage. 3

Take an inventory of information systems assets such as computer hardware, software, applications, and data. Identify single points of failure within the information systems infrastructure. Identify critical applications, systems, and data. Prioritize key business functions. Company personnel will carry out the following procedures in the implementation of a disaster recovery policy Setup and maintain offsite facilities for data backup storage and electronic vaulting as well as redundant and reliable standby systems if necessary. Ensure that critical applications, systems, and data are distributed among facilities that are reasonably easy to get to but not so close that they could be affected by the same disaster. Establish written policies, contracts, and service level agreements with third party hosting, collocation, telecommunications, and Internet service providers that facilitate prompt recovery and continuity. Create an incident response team that consists of information security, IT, marketing, HR, legal, and other relevant personnel. Define the roles and responsibilities of the incident response team. Obtain each incident response team member s contact information. Determine which methods the incident response team members will use to communicate in the event of a disaster. Create a public relations plan to assist with the effective handling of an incident. Assign a manager (such as an IT or Information Security Manager) that has the responsibility and authority to make critical IT decisions. Develop testing standards. 4

Document and distribute the disaster recovery plan. Distribute copies of the written plans to everyone involved and also store extra copies in an offsite, fireproof vault. The following are ongoing procedures that must be followed: Continuously perform data backups, store at least weekly backups offsite, and test those backups regularly for data integrity and reliability. Test plans at least annually, document and review the results, and update the plans as needed. Analyze plans on an ongoing basis to ensure alignment with current business objectives and requirements. Provide security awareness and disaster recovery education for all team members involved. Continuously update information security policies and network diagrams. Secure critical applications and data by patching known vulnerabilities with the latest fixes or software updates. Perform continuous computer vulnerability assessments and audits. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information