How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Similar documents
BUSINESS CONTINUITY PLAN

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Planning (800)

Business Continuity Planning

Hong Kong Baptist University

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Plan

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

Business Continuity and Disaster Recovery Planning

Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP).

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Planning for Disaster Disaster

Desktop Scenario Self Assessment Exercise Page 1

TO AN EFFECTIVE BUSINESS CONTINUITY PLAN

Protecting your Enterprise

Business Continuity Management

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Disaster Recovery Planning Process

Business Resiliency Business Continuity Management - January 14, 2014

NHS 24 - Business Continuity Strategy

MARQUIS DISASTER RECOVERY PLAN (DRP)

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Business Continuity & Recovery Plan Summary

CISM Certified Information Security Manager

Business Continuity Planning and Disaster Recovery Planning

DISASTER RECOVERY Steps You Need to Take (Before It s Too Late)

CLOUD COMPUTING READINESS CHECKLIST

Ohio Conference for Payroll Professionals Disaster Recovery

Disaster Recovery. Hendry Taylor Tayori Limited

Best Practices in Disaster Recovery Planning and Testing

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?

Business Continuity Glossary

The State of Global Disaster Recovery Preparedness

Disaster Recovery and Business Continuity Plan

How to Plan for Disaster Recovery and Business Continuity

Disaster Recovery 81 Success Secrets. Copyright by Michelle Stein

Planning for Disaster. Ramesh Ramani CISM CGEIT 02 June 2010

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Overview of Business Continuity Planning Sally Meglathery Payoff

Business continuity plan

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Domain 3 Business Continuity and Disaster Recovery Planning

Why Should Companies Take a Closer Look at Business Continuity Planning?

Virginia Commonwealth University School of Medicine Information Security Standard

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

SECTION 15 INFORMATION TECHNOLOGY

Business Continuity Planning for Risk Reduction

State of South Carolina Policy Guidance and Training

Clinic Business Continuity Plan Guidelines

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Overview of how to test a. Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Unit CONTINGENCY PLAN

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Developing a Business Continuity Plan... More Than Disaster

Clinic Business Continuity Plan Guidelines

Disaster Recovery Plan Checklist

Mastering Disaster A DATA CENTER CHECKLIST

ASX SETTLEMENT OPERATING RULES Guidance Note 10

Guideline on Business Continuity Management

Offsite Disaster Recovery Plan

Intel Business Continuity Practices

Disaster Recovery Plan Documentation for Agencies Instructions

Disaster Recovery 100 Success Secrets

Continuity of Operations Planning. A step by step guide for business

Disaster Recovery Plan The Business Imperatives

Top 10 Disaster Recovery Pitfalls

What You Should Know About Cloud- Based Data Backup

a Disaster Recovery Plan

Business Continuity Plan

Creating a Business Continuity Plan for your Health Center

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL (630)

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

Technology Recovery Plan Instructions

Business Continuity & Recovery Plan Summary

FORMULATING YOUR BUSINESS CONTINUITY PLAN

Audit, Finance and Legislative Committee Mayor Craig Lowe, Chair Mayor-Commissioner Pro Tem Thomas Hawkins, Member

Principles for BCM requirements for the Dutch financial sector and its providers.

Flinders University IT Disaster Recovery Framework

Business Continuity Management

Building and Maintaining a Business Continuity Program

Information Security Policy. Chapter 11. Business Continuity

External Supplier Control Requirements BCM

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Transcription:

How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%.

TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN CHAPTER WRITING A DISASTER RECOVERY PLAN CHAPTER NEED HELP PROTECTING YOUR BUSINESS FROM DISASTER? CHAPTER WHY YOU SHOULD READ THIS GUIDE carefully documented so responders Disasters can strike at any time with have a usable reference that they can devastating results. Companies must use to make decisions quickly. take the proper steps to prepare for the worst in order to minimise damages. The START BY OUTLINING GOALS best way to do this is to prepare a written The first step in creating any effective and verbal Disaster Recovery Plan (DRP). plan is to outline goals. Make a This guide will help you write your formal prioritised list of what the plan should DRP. This is a critical step in preparing for accomplish. Some ideas to start with disaster, improving employee response, could be: reducing downtime, and quickly returning to normalcy. Employee safety Equipment safety ABOUT THE AUTHOR WELL-DOCUMENTED PLANS ARE CRUCIAL FOR EFFECTIVE DISASTER Minimising downtime Cutting unnecessary overhead Volker Rath is a hosting and cloud expert at Macquarie Telecom. In this primarily RESPONSE customer-facing role, he analyses the market and customer needs, provides Disaster Recovery Plans can REVIEW THE CURRENT SITUATION feedback to the product teams, and influences the hosting and cloud strategies of significantly reduce downtime and Many companies have an informal Australia s leading business hosting and telecommunications provider. losses. To be effective, they must be DRP in place before they create their SUMMARY P2

official plan. Assess what is currently being done, what can be cut, and what can be implemented in the final plan. DEVELOP AND WRITE YOUR PLAN After you have assessed the situation and outlined your goals, you are ready to create a DRP that can effectively minimise the negative effects of a disaster. Develop your strategies by using this guide as a starting point, then draft a concise, clear plan that you can train employees with. REVIEW YOUR PLAN After the plan has been created, it is critical that it be reviewed at regular intervals. This helps incorporate for changing technologies and environments and ensures that the plan continues to be as effective as it was on the day it was created. DEVELOP YOUR STRATEGIES BY USING THIS GUIDE AS A STARTING POINT, THEN DRAFT A CONCISE, CLEAR PLAN THAT YOU CAN TRAIN EMPLOYEES WITH. SUMMARY P3

CHAPTER WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? is in place to back up, restore, and protect data in the event of a disaster. Resume operations quickly - Catastrophes can lead to extended and costly downtime. The average hourly cost of downtime ranges from $84,000 to $108,000. Between» Prevent damage to company image - When customers cannot access your website and services, they often move on to your competitors. Fifty percent of companies say that IT outages damage their reputation, leading to future loss of business. [3] You can minimise the negative lost revenue, reduced customer effects of disaster by empowering satisfaction, and lost man hours, your employees with this invaluable downtime can have a major disaster response tool. The next financial impact on an organisation. section will go into detail about how A Disaster Recovery Plan (DRP) is a set of guidelines for disaster DRPS HELP MINIMISE THE EFFECTS OF DISASTER Creating a plan for faster response can greatly reduce the length of downtime in the event of a disaster. [1] you can start the process of writing your DRP. response. Its goal is to restore IT operations and help your company DRPs have many benefits including Protect valuable assets - An recover from a disaster as quickly reduced financial losses, decreased organisation s IT infrastructure can as possible. Effective DRPs will downtime, and improved employee be worth hundreds of thousands, if significantly reduce losses from morale. They allow systems to be not millions of dollars. [2] Protecting damaged equipment and downtime. protected, operations to resume these assets from fire, flood, and quickly, and staff to respond promptly other disasters should be one of the Although the two are commonly and effectively after an incident. primary goals of your plan. confused, a DRP differs from a Business Continuity Plan (BCP). A DRP focuses only on returning IT infrastructure to normalcy, whereas a BCP deals with all business operations. A DRP can: Prevent the loss of critical data - One of the important considerations when planning for a disaster is data protection. Companies that store sensitive or mission critical data need to ensure that a plan Reduce risk of employee injury - A company s most valuable asset is its employees. A DRP can help ensure your employees are protected by providing clear directives and precautions that minimise danger. WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? P4

CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN Security compromise - In some cases, security compromises can be so extreme that they can be considered as a disaster. They can lead to loss of data, systems damage, and downtime, just as a physical disaster can. DECIDE WHAT THE PLAN SHOULD ASSEMBLE YOUR DISASTER RECOVERY PLANNING TEAM Before the plan can be written the necessary team members must be gathered. The team should include one or more executives responsible for ensuring the plan is executed and experts from the IT team who can advise and help execute the ACCOMPLISH plan. Make sure that the plan has Once potential threats have been top management support so the identified, you should identify the initiatives it calls for can be properly goals of the plan. Make these goals implemented. as concise as possible to make sure that the plan can be easily measured against them after a disaster. Before starting the DRP writing Flood - Floods can be extremely process, it is important to do the destructive in coastal areas. They ASSESS YOUR CURRENT RESPONSE proper research. This will provide damage equipment and can cause List all the current disaster response information on where the company power outages. and preparedness initiatives currently is vulnerable and what you need to in place at your organisation. Then include in the plan. Riot - Although uncommon, riots decide which ones are effective can be prevalent in unstable enough to go into the new DRP and IDENTIFY POTENTIAL THREATS regions. which ones should be cut. Take this The first step in the preparation time to identify areas in which your process should be to create a list of likely threats your company might face. These include: Fire - This is particularly likely in urban areas or dry, high heat areas. Tropical Monsoon - In susceptible areas, tropical monsoons can be extremely devastating, causing infrastructure and structural damages. They are often accompanied by flooding. company is particularly vulnerable. If possible, it is useful to access the effectiveness of current plans during past disasters as a guideline for this process. PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN P5

CHAPTER WRITING A DISASTER RECOVERY PLAN data must be backed up every thirty minutes. The RTO is the recovery time goal. This is the maximum amount of time the disaster recovery process should take. Setting these goals will help motivate your team and provide a reference point by which the plan can be measured. PART 2: DEFINE THE DISASTER PART 3: DEFINE THE SCOPE OF THE PLAN This section will help employees determine whether this is the the correct plan for their current situation. DRPs deal with damage to or malfunctions of IT systems and the buildings in which they are housed. This could include servers, temperature control systems, network or power infrastructures, or any This is a critical portion of the plan, other system, building, or infrastructure as it will help employees know when related to IT. When you have assembled your team and made all the necessary effective DRP is ensuring the safety of personnel. to declare a disaster and implement the DRP. If a disaster is defined too broadly, it could lead to unnecessary precautions that cost the company PART 4: LIST KEY PERSONNEL AND IDENTIFY RESPONSIBILITIES preparations, you are ready to start writing your DRP. Ensure that the PART 1: LIST GOALS time and money. In this section, you must provide a wording is clear, but still detailed The recommended definition of list of all personnel that need to be enough, so that employees can act Begin the introduction of the plan, a disaster is an event, natural or contacted during a disaster. This list quickly and effectively. Use bullet start by listing the goals that were manmade, that causes one or more should include executives that must points and lists that can be easily chosen during the preparation stage. vital systems to malfunction, causes be kept informed of the situation, scanned wherever possible. It is This will serve as the main directive the building to become unusable in a staff with expertise on the workings also recommended that graphics be of the DRP and help keep personnel significant way, or any combination of of the system, a designated disaster employed to make the information focused on the primary objectives. the above two vital systems must be recovery leader, and a response clearer. identified. team. Who will be in charge of Emphasise throughout the plan that the disaster recovery team should never take any actions that put themselves or other employees at risk. The first priority of any Here you should also include the Recovery Point Objective (RPO) and the Recovery Time Objective (RTO). The RPO represents the maximum acceptable data loss. For example, an RPO of thirty minutes means that Here you should also list the possible disasters employees are likely to encounter. running the disaster recovery effort. Responsibilities of key personnel should also be clearly noted so that the correct people can be promptly contacted. WRITING THE DISASTER RECOVERY PLAN P6

It is recommended that a table be created to make finding information PART 6: DISASTER RECOVERY PROCEDURES Make a thorough investigation of the building and systems to determine Coordinate transportation to the backup site (include rental car easier. the scope of the damage. instructions, directions, map) This section is where the active This section should also include a notification calling tree that ranks disaster response is laid out. It is the most important section of Protect and backup data that has not already been backed up, if Create time and cost estimates for return to normalcy those who should be notified first the document, as it will determine possible. so that the decision can be made quicker. whether the plan is effective at mitigating the effects of the incident. Notify clients or customers of AFTER THE DISASTER Once the incident is over, steps must Since this section will depend on expected downtime. be taken to resume normalcy. In This section should be updated at the type of disaster being faced, it is some cases, it may be necessary to regular intervals to ensure that it recommended that several scenarios Take necessary steps to prevent continue backup operations long after remains accurate. be outlined to better prepare your further damage to systems. the disaster has occurred. In these PART 5: INVENTORY & SYSTEMS AUDIT team. Steps in the checklist should be clear, so that the team can easily keep track of their progress. NEXT STEPS Once a disaster has been declared situations, companies may have to make plans for long-term employee housing, rental of additional space, and the first steps have been taken to and other personel considerations. In this section, a list should be made FIRST RESPONSE mitigate damage, the team must take Include the following steps in your of critical systems and inventory, The first response to a disaster can steps to begin to repair the damage plan and adapt as needed: that includes their cost and relative vary widely, depending on the type and resume operations. Information importance. This provides a checklist of incident. It is recommended that about the backup site, such as location Assess the current state of for first responders to assess the this section include both a damage and procedure instructions, should systems and operations. current state of the systems. assessment form and a few key be included here. The checklist might sections to perform the following also include steps to accomplish the Notify the insurance company of Like the personnel list, this section tasks: following: damages. must be updated regularly to ensure that it is kept current. Inform senior management once a Determine if the designated backup Restore data from backups. state of disaster has been declared. Inform authorities of the situation. Gather the disaster recovery response team. site will be adequate to resume critical operations. Move operations to backup site to minimise downtime, (if necessary). Initiate a plan to repair or replace damaged systems or equipment. Execute the repair or replacement plan. WRITING THE DISASTER RECOVERY PLAN P7

Test systems to ensure they are Are there any ways the process Backup site effectiveness. functioning as normal. could be made more efficient? Return employees to the main site, if possible. PART 8: DRP TESTING PROCEDURES Transportation to the backup site. The availability of the disaster recovery team and management. Notify clients and media of the systems return to normalcy. PART 7: EVALUATE DRP EFFECTIVENESS This is one of the most important sections in the DRP as it will help improve the plan and identify any unforeseen problems. It is recommended that you include a PART 9: DRP MAINTENANCE As systems are updated and procedures are adjusted, it is very range of tests for each system, important that the DRP be kept After the disaster recovery process including both a basic test of current. Include instructions for how is over, it is important to re-evaluate procedures to be run regularly often the plan should be updated, the plan. Some follow-up questions and a more comprehensive test what events require a full plan to include in the DRP are as follows: to be carried out when the plan rewrite, and in what situations a is first created and less regularly simple addendum can be made. How effective was the DRP in meeting its goals? thereafter. Tests should include walkthroughs, simulations, full interruption testing, and parallel REVIEWING AND ADOPTING THE DRP Which goals were met? Which were testing. not met? Once the DRP has been written, it Some important areas to test include: must be reviewed and approved by key Did the DRP meet its RPO and RTO? personnel, including top management Data backup procedures. and the disaster recovery planning How could the plan be improved to team. After it has been approved, better meet its goals? System fail-safes. it should be made available both in How much did the disaster recovery process cost in terms of time and money? The ability of the plans to adapt to unexpected disasters. The availability of disaster preparedness materials. print and digitally to all relevant staff. Staff should also be regularly trained and drilled on the procedures to ensure that they are well versed in the process. WRITING THE DISASTER RECOVERY PLAN P8

CHAPTER NEED HELP PROTECTING YOUR BUSINESS FROM DISASTER? Macquarie Telecom s LAUNCH Disaster Recovery provides completely outsourced disaster recovery solutions at the hypervisor level. LAUNCH has one of the lowest downtimes of any disaster recovery service, and it can help your company mitigate losses and quickly get up and running again. WANT TO LEARN MORE ABOUT HOW LAUNCH AND OUR DATA CENTRE SERVICES CAN HELP YOUR COMPANY AVOID AND PREPARE FOR DISASTER? Contact Macquarie Telecom on 1800 0 943 or visit www.macquarietelecom.com REFERENCES: [1] Assessing the Financial Impact of Downtime. Vision Solutions. http://www.strategiccompanies.com/pdfs/ Assessing%20the%20Financial%20Impact%20 of%20downtime.pdf [2] Determining Total Cost of Ownership for Data Centre and Network Room Infastructure. http://www.linuxlabs.com/pdf/data%20 Center%20Cost%20of%20Ownership.pdf [3] Downtime, Outages, and Failures - Understanding their True Costs. Evolven. http://www.evolven.com/blog/downtime- LAUNCH HAS ONE OF THE LOWEST DOWNTIMES OF ANY DISASTER RECOVERY SERVICE, AND IT CAN HELP YOUR COMPANY MITIGATE LOSSES AND QUICKLY GET UP AND RUNNING AGAIN. outages-and-failures-understanding-their-true- costs.html NEED HELP PROTECTING YOUR BUSINESS? P9

24 Macquarie Telecom, All Rights Reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information