How to Design and Implement a Successful Disaster Recovery Plan



Similar documents
Business Continuity Planning Guide

Best Practices in Disaster Recovery Planning and Testing

Table of Contents... 1

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

a Disaster Recovery Plan

Abhi Rathinavelu Foster School of Business

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

DISASTER RECOVERY Steps You Need to Take (Before It s Too Late)

Business Continuity Planning in IT

DISASTER RECOVERY PLANNING GUIDE

CISM Certified Information Security Manager

Ohio Conference for Payroll Professionals Disaster Recovery

A Study on Cloud Computing Disaster Recovery

Disaster Recovery Planning

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Plan

The Difference Between Disaster Recovery and Business Continuance

Business Continuity Management and The Extended Enterprise

Why Should Companies Take a Closer Look at Business Continuity Planning?

The Disaster Recovery Maturity Framework

Business Continuity Planning and Disaster Recovery Planning

IF DISASTER STRIKES IS YOUR BUSINESS READY?

Western Intergovernmental Audit Forum

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

Disaster Recovery 101. Sudarshan Ranganath & Matthew Phillips Ellucian

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Creating a Business Continuity Plan for your Health Center

Interactive-Network Disaster Recovery

Ohio Supercomputer Center

BUSINESS CONTINUITY PLAN OVERVIEW

PBSi Business Continuity Planning

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Top 10 Disaster Recovery Pitfalls

Business Continuity Planning

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

BCP and DR. P K Patel AGM, MoF

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

Course: Information Security Management in e-governance. Day 2. Session 5: Disaster Recovery Planning

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

A Business Continuity Plan for Government. George Bomar Dianne Casey Texas Department of Licensing and Regulation

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Top 7 Best Practices for IT Service Continuity

D2-02_01 Disaster Recovery in the modern EPU

DISASTER RECOVERY BUSINESS CONTINUITY DISASTER AVOIDANCE STRATEGIES

Disaster Recovery. Hendry Taylor Tayori Limited

Business Continuity and Disaster Recovery Planning

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

HA / DR Jargon Buster High Availability / Disaster Recovery

Building Economic Resilience to Disasters: Developing a Business Continuity Plan

Audit of the Disaster Recovery Plan

courtesy of F5 NETWORKS New Technologies For Disaster Recovery/Business Continuity overview f5 networks P

11 Common Disaster Planning Mistakes

Offsite Disaster Recovery Plan

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

BUSINESS CONTINUITY PLAN

The handouts and presentations attached are copyright and trademark protected and provided for individual use only.

SCHEDULE 25. Business Continuity

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Which Backup Option is Best?

2014 NABRICO Conference

Clinic Business Continuity Plan Guidelines

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Disaster Recovery Remote off-site Storage for single server environment

How To Manage A Disruption Event

Mastering Disaster A DATA CENTER CHECKLIST

Building and Maintaining a Business Continuity Program

Business Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect

Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations

Disaster Recovery Planning Procedures and Guidelines

Running Successful Disaster Recovery Tests

Virtual Infrastructure Security

Business Continuity & Recovery Plan Summary

Advent. Disaster Recovery: Options for Investment Managers. A White Paper from Advent Software and CyGem Ltd. Advent Software, Inc.

How To Understand The State Of Business Continuity Preparedness

WHAT IS DISASTER RECOVERY

Business Continuity Management

Transcription:

How to Design and Implement a Successful Disaster Recovery Plan Feb. 21 ASA Office-Administrative Section is Sponsored by Today s ASAPro Webinar is Brought to You by the How to Ask a Question Questions Panel Type your questions into the Questions panel and click Send. 1

How to Submit Your CE for This Webinar Visit the ASAPro home page at americanstaffing.net/asapro. Log in to your ASAPro account. Click on CE Submission Form. How to Design and Implement a Successful Disaster Recovery Plan Ron Sanders Executive Vice President People Plus Inc. Disaster Mitigation and Recovery Many businesses will fail because they were not prepared for a disaster Preparation can mitigate the impact and planning can help you recover more quickly In disaster preparedness, focus is always on the last disaster 2

Disaster Mitigation and Recovery Things that are essential to keeping your doors open: Sewer Water Electricity Natural gas Telephone Internet Transportation systems Fuel/gasoline Food Disaster Mitigation and Recovery Questions to ask yourself: Will you be a victim or a first responder to your next disaster? How will you handle the loss of the 10 essential services? Can your staff work from home efficiently? Does everyone have contact numbers? How to Design and Implement a Successful Disaster Recovery Plan Rosie Rivel Director, Global IT Risk & Compliance 3

Agenda 1. Evaluate risk in developing a disaster recovery plan 2. Matching your budget with the desired level of protection 3. Components that make up a successful disaster recovery plan 4. Test your disaster recovery plan 5. Powerful lessons from experiences of successful disaster recovery plan deployments Definition of Terms > Definitions: Recovery Point Objective RPO how old the data can be for your organization with minimal impact to the business Recovery Time Objective RTO how long recovery activities take and the impact on the business DR Risk Assessment evaluation of potential DR risks to focus DR planning priorities Business Impact Analysis BIA evaluation of critical business operations and determine acceptable threshold of interruption before causing material impact Business Continuity BC activity to ensure critical business functions are available How to evaluate risk in developing a Disaster Recover Plan > Understanding potential disaster scenarios in order to identify recovery options > Understanding critical business operations: Utilize tools such as the DR Risk Assessment and Business Impact Analysis (next) > Prioritize/focus DR planning on critical operations to manage within budget and resource constraints 4

DR Risk Assessment The following table identifies probable disaster scenarios and provides weighted scale of probability, impact, and current mitigation solutions to provide a vulnerability rating. Availability Risks to Environment Availability Risk / Threat Trigger Result (Scenario) Probability Estimate Impact Analysis Mitigation Controls Comments Vulnerability Rating Weather Flood / Blizzard / Ice / Hurricane Loss of building access 5 3 5 IMT Plan 75 Employee Crime / Vandalism Loss of Service 5 4 2 40 Network Failure Network circuit (routers T1 etc.) Loss of IT / connectivity 3 4 3 36 Computer Room Fire Electrical / Accidental Loss of IT Services 2 4 4 Data Center Fire Protection devices? Water damage 32 Pandemic Bird Flu Unavailability of Staff 2 3 5 Work from home 30 Loss of Power Line down - Local to Address Loss of power to building 5 5 1 Generator backup for IT only 25 Total Loss of Single Facility Plane, Explosion, Fire Loss of Facility (Bus. & IT) 1 5 4 Random chance; highest impact 20 Water Damage Plumbing failure / roof leak / sewer Loss of IT Services 2 1 5 10 IT Software Failure Program Failure Corrupted data / improper functionality 5 1 2 10 Loss of Power Regional-Blackout Loss of power to building 2 5 1 Generator backup for IT only 10 IT Hardware Failure Component Failure Loss of IT / Single IT component(s) 5 1 2 Partial Locally Clustered Equipment; vendor support 10 Security Threats Virus / Hacking / DOS attacks Loss / theft of data / data corruption 5 1 1 5 Business Impact Analysis Evaluate systems and downtown thresholds based on process. Business Process Update Payroll Application Recovery Time (RTO) Recovery Point (RPO) QuickBooks 24 h 24 h Pay Vendors QuickBooks 48 h 48 h Receive Payment Send Paychecks QuickBooks 1 week 12 h ADT 24 h 24h How to match budget with the desired level of protection Understand requirements and rigorously manage scope only mission critical functions: > Receive and Fill Orders > Receive Employee Time > Pay Employees > Bill Customers > Receive Payment Cost is a function of time > Faster recovery = higher cost investment Build solutions over time Consider SaaS, IaaS options 5

Find balance between the cost of DR and the ability of the business to sustain an outage. RTO 0 Hours Redundant Site 1-3 Days Data Mirroring (No Data Loss) Traditional Hot Site 3-5 Days Data Mirroring & Tape Backup (Some data loss) Mobile Recovery Unit 7-30 Days Traditional Tape Backups (24 Hour Data Loss) Quick Ship / Established Cold Site > 30 Days Traditional Tape Backup (24 Hour Data Loss) Defer Actions - Address / Purchase (ATOD) Traditional Tape Backups (24 Hour Data Loss) $ $$ $$$ $$$$ $$$$$ FINANCIAL INVESTMENT What components make up a successful disaster recovery plan Executive Sponsorship they must recognize the survivability of the organization depends on it! Clear Mission/Scope Robust Stakeholder Communication Plan customers, vendors, candidates, employees Disaster Recovery Management integrated in IT operations: > Include DR requirements in all IT projects > For IaaS/SaaS solutions, evaluate vendor DR capabilities based on supported business process criticality > Regularly exercise DR plan Mission Statement The Disaster Recovery Program will provide consistent actions before, during and after a disruptive event that can cause a significant loss of information system resources. Improving readiness Disaster Event Reacting effectively Protect and Prevent Predict and Prepare Respond and Contain Adapt and Continue or Recover Quantify and prioritize Integrate and plan Incident & crisis management Recovery and restoration 6

Disaster Recovery Operational Model EXECUTIVE OVERSIGHT PURCHASING - LEGAL SLA s Contracts DR Boilerplate Architecture Assessment Questionnaires EMERGENCY MANAGEMENT TEAM Communication Plan BUSINESS CONTINUITY Business Impact Analysis IT FINANCE - BUSINESS SOLUTIONS - ENTERPRISE ARCHITECTURE DISASTER RECOVERY Communications Management Logistics INFRASTRUCTURE Enhancements & Solutions CHANGE CONTROL DR Documents Updates Testing Plans APPLICATIONS Enhancements & Solutions How to test your disaster recovery plan > Tabletop Exercise: Key participants leadership of critical business processes and IT leadership Present mock disaster scenario Walk through each department s response of how they would continue operations and communicate to all stakeholders Document issues and action items Create actionable plan to address > DR Exercise: Perform recovery of IT systems in a simulated environment exercising IT s recovery plans Document issues and action items Create actionable plan to address Sample Tabletop Module #1 Event Identification Hour 0 Activation Hour 0 1 Assessment Hour 1+ Tuesday 11:10 a.m. (immediately after evacuation) What would you do first? Who would you contact? What information do you need to have readily available to do either of the above? Given your team structure, what is the most streamlined way of supporting your team s communication and accounting for staff? Recovery Hour 5+ 7

Sample Tabletop Module #2 Event Identification Hour 0 Activation Hour 0 1 Tuesday 11:40 a.m. What direction, communication, and organizational tasks would be required? What information can be provided to the EMT about your team s capabilities and productivity of team? Who (if anybody) should you be contacting and what should you tell them? (vendors, business contacts, etc.) Barring specific communication, should you/your staff remain on the premises? Would there be any special travel requirements for your team? Assessment Hour 1+ Recovery Hour 5+ Powerful lessons from experiences of successful disaster recovery plan execution > No such thing as an unsuccessful exercise always drives out issues > Coordinate across ALL business teams find opportunities to repurpose non critical staff to DR supporting activities. > Raise awareness about DR Planning periodic training and communication Work, Personal, Family > Recognize human cost is significant and typically underestimated > Identify Risk Management Options quickly How to Design and Implement a Successful Disaster Recovery Plan Kevin Delaski, VP/CIO, The TemPositions Group of Companies 8

DR and our Experience with Hurricane Sandy No loss of power at HQ office. Biggest Problem: Employees getting to work DR Plan allowed for remote work Experienced no business interruption Features of our IT Disaster Recovery Plan IT systems virtualized and deployed in Private Cloud at remote data center VOIP telephone installation with failover to branch offices Desktop virtualization deployed for some departments Utilize alternate cold site for enterprise staffing application DR Managers provided with 4G MiFi devices for backup internet at home Critical Elements of an IT Disaster Recovery Plan Server virtualization Remote hosting for key IT systems Multiple levels of redundancy connected with key IT systems Failover plan in place for phone system Assess vendor DR plans Protection from external threats to web sites that connect to your data 9

The Importance of DR Plan Maintenance Regularly test your DR plan Keep contact lists updated Add new IT systems as they are deployed Ensure new employees are aware of the plan The Importance of DR Plan Maintenance Regularly test your DR plan Keep contact lists updated Add new IT systems as they are deployed Ensure new employees are aware of the plan Thank You for Attending Today s webinar has been recorded. Recording will be available within three days. 10

Thank you to today s webinar sponsor Upcoming Webinars Feb. 28: Minimize the Drama in Your Office March 6: Affordable Care Act Cost Calculator for Staffing- New Tool March 7: 2013 ASA Compensation Survey These ASAPro webinars each qualify for 1.0 active CE hour 11

12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information