Disaster Recovery Plan The Business Imperatives



Similar documents
Creating a Business Continuity Plan for your Health Center

Desktop Scenario Self Assessment Exercise Page 1

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity Planning in IT

Disaster Recovery and Business Continuity What Every Executive Needs to Know

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

External Supplier Control Requirements BCM

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

D2-02_01 Disaster Recovery in the modern EPU

Disaster Recovery and Business Continuity Plan

Disaster Recovery Plan Checklist

Offsite Disaster Recovery Plan

Business Continuity Planning (800)

DISASTER RECOVERY PLANNING GUIDE

Business Continuity Plan

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

Chapter I: Fundamentals of Business Continuity Management

Principles for BCM requirements for the Dutch financial sector and its providers.

Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager

a Disaster Recovery Plan

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL (630)

Managing business risk

Ohio Supercomputer Center

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

SAFETY FIRST. Emerging Trends in IT Disaster Recovery. By Cindy LaChapelle, Principal Consultant.

The Disaster Recovery Maturity Framework

Business Continuity Glossary

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

With 57% of small to medium-sized businesses (SMBs) having no formal disaster

Why Should Companies Take a Closer Look at Business Continuity Planning?

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Business Continuity Planning and Disaster Recovery Planning

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Interactive-Network Disaster Recovery

The PNC Financial Services Group, Inc. Business Continuity Program

Documentation. Disclaimer

HA / DR Jargon Buster High Availability / Disaster Recovery

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

Disaster Recovery Planning

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

How to measure your business resiliency

Business Continuity & Disaster Recovery

Business Continuity and Disaster Planning

Unit Guide to Business Continuity/Resumption Planning

Cloud Computing Disaster Recovery (DR)

EonStor DS remote replication feature guide

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

PBSi Business Continuity Planning

EMC RECOVERPOINT: BUSINESS CONTINUITY FOR SAP ENVIRONMENTS ACROSS DISTANCE

Implementing Disaster Recovery? At What Cost?

Proposal for Business Continuity Plan and Management Review 6 August 2008

NUMBER: IA-643 CREDIT HOURS: 3 PREREQUISITE: IA

Continuity of Business

Ensure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609)

Intel Business Continuity Practices

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section

Best Practices in Disaster Recovery Planning and Testing

Huawei Business Continuity and Disaster Recovery Solution

Business Continuity Management

INFORMATION TECHNOLOGY SERVICES IT CHANGE MANAGEMENT POLICY & PROCESS

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Business resilience: The best defense is a good offense

White Paper. Managed IT Services as a Business Solution

MSP Service Matrix. Servers

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Disaster Recovery Feature of Symfoware DBMS

Protecting your Enterprise

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Building a strong business continuity plan

Business Continuity Planning

Preparing for the Worst: Disaster Recovery and Business Continuity Planning for Investment Firms An Eze Castle Integration ebook

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

Staying In Business. A Business Continuity White Paper by. Paul O Brien and Gerard Joyce. LinkResQ Limited

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Information Security Policy. Chapter 11. Business Continuity

Managed IT Solutions. More Reliable Networks Are Our Business

The case for cloud-based disaster recovery

Four Steps to Disaster Recovery and Business Continuity using iscsi

Cisco Disaster Recovery: Best Practices White Paper

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Transcription:

Disaster Recovery Plan The Business Imperatives

Table of Contents Disaster Recovery Plan The Business Imperatives... 3 Introduction... 3 A Disaster Recovery Program The Need of the Hour... 3 Approach to Disaster Recovery... 4 Key Elements of a Disaster Recovery Program... 4 Disaster Recovery Strategies... 5 Summary... 6

Introduction 3 6 With the dependence on data growing exponentially across industries, all stakeholders, including regulators, employees, customers, and suppliers, are demanding quicker access to information than ever before. This has put the onus on businesses to have systems in place that make key information available to the right people at the right time. Given such a scenario, it has become critical for organizations to plan for unexpected business interruptions due to events like natural disasters, sabotage, and technology failures. A sound business continuity strategy is imperative in today s business environment because of the significant financial consequences and potential loss of brand credibility of such unexpected interruptions. While the likelihood of disasters occurring is low, organizations need to have a robust disaster recovery plan in place to protect against losses and minimize the impact on their customers without surrendering market share. Most often organizations tend to create mirror image of the server and restore the image on the Disaster site, which unfortunately takes a long time to complete. This is definitely not a best practice given that it is a time consuming and cumbersome process. For instance, organizations creating mirror image of the server tend to take an image every quarter and restore the same. This means they do not have a point in time image of the server on the disaster site which in turn suggests if there was any new functionality added after that quarter it would not be available for use on the disaster site. A Disaster Recovery Program The Need of the Hour Disasters and interruptions often come unannounced and uninvited. And in an age where customers, employees, suppliers, and regulators have diminishing patience when it comes to accessing information, organizations will be best served by a robust Disaster Recovery program that ensures data is always accessible within reasonable timeframes. To serve customers with a simple, cost-efficient, and high impact solution, KPIT has developed an innovative tool Business Continuity Solution (BCS) specially designed for EnterpriseOne 9.1, which significantly reduces the downtime for switching over to a disaster site. With BCS, systems can be up and running within 20 minutes at a disaster site. This process is accomplished by taking advantage of CNAME record or Canonical Name record within the customers Domain Name System (DNS)*. BCS provides a point in time image of the system, which means that users will not lose any new functionality, which was created and deployed on the primary server at the time of disaster. Additionally, the solution eliminates the need to create and restore images of the server, and reduces the time taken to switch over to a disaster site significantly. *Please contact KPIT SYTIME for the detailed solution 3 17

Approach to Disaster Recovery 4 6 Before any disaster recovery solution is implemented, a Disaster Recovery program needs to be in place. It has to go beyond the recovery of an organization s IT system to include the restoration of key business processes that will enable the enterprise to resume product manufacturing, customer service, bill payments, and revenue collection. The scope of a Disaster Recovery plan must include an organization s entire value chain and a networking plan that covers recoverability, redundancy, and diversity. The process of creating a Disaster Recovery plan begins with determining the probability of the occurrence of an unexpected disaster. The next step involves estimating the business consequences and financial loss, and, at the same time, estimating the cost of preventing, preparing for, and controlling the disaster. At this stage, it is also important to quantify, as accurately as possible, the harm done to the business reputation and brand. Having done this, it is important to determine important Disaster Recovery metrics such as the Recovery Point Objective (RPO), the Recovery Time Objective (RTO), and minimum level of IT and business process capability required to resume mission-critical operations. Further, the creation of the Disaster Recovery plan involves determining the method of securing an organization s key data and evaluating whether on-site redundancy is enough or remote backups are required. It is important to note that while primary locations can be secured to a great extent, they cannot be protected against natural disasters and certain unexpected incidents. A remote disaster recovery center gives organizations safety in instances where their infrastructure and facilities are damaged. In the sections that follow, we will take a closer look at key components of a thorough Disaster Recovery program. Key Elements of a Disaster Recovery Program Gaining Consensus Having recognized the importance of putting a Disaster Recovery program in place, it is important to get a buy-in from key stakeholders on the objectives, scope, and policies of the program. With financial and human resources requiring to be committed to a Disaster Recovery program, the management has to find the right balance between the potential business loss as a result of a disaster and the cost of creating, implementing, and maintaining such a program. Assessing Risk This involves pinpointing and examining potential threats and vulnerabilities. Typically, an organization faces risk on account of natural disasters, acts of sabotage or large-scale mishaps, and technology failures. Each threat must then be analyzed to understand the probability of it occurring and the magnitude of risk it poses to the organization. This analysis provides a good indication of how risks should be prioritized and tackled. After identifying the threats to business continuity, organizations need to plan for risk prevention and control. This includes reviewing existing physical, infrastructural, and IT security vulnerabilities as well as robust reviews and testing of applications and communication networks. Analyzing the Impact on Business In a Disaster Recovery program, it is important to understand and quantify the impact of the loss of various business functions. It is also important to understand the requirements for recovery. This exercise enables the business to prioritize the recovery procedure in case of a disaster. Business functions can be categorized into one of the following: Critical: Interruptions to these functions will bring business to a stop and inflict heavy losses on the organization Essential: Interruptions to these functions would significantly hamper the organization s operations and capacity to function beyond a certain point Necessary: Interruptions to these functions would still allow the organization to function but without the required level of business impact Desirable: Interruptions to these functions wouldn t significantly hinder the organization s ability to conduct business

5 6 Once business functions have been prioritized, it becomes possible to set recovery benchmarks in terms of Recovery Time Objectives, Recovery Point Objectives, etc. It is critical to involve key stakeholders from each business function during this process because the impact analysis plays an important role in establishing recovery objectives and recovery resource requirements. Moreover, inputs from each business function help in estimating costs more accurately, which is critical in decision making for a Disaster Recovery program. Disaster Recovery Strategies A good Disaster Recovery program must include detailed plans on prevention, response, resumption, recovery, and restoration. Prevention: This includes measures to deter and prevent threats becoming interruptions. Investing in these deterrent and preventive controls has been found to be more prudent than attempting to recover after an interruption. Ideally, an effective Disaster Recovery program should focus on tackling as much of the risk as possible through deterrence and prevention while deploying a recovery strategy to tackle the less likely residual risk. Response: This deals with an organization s immediate reaction in the event of a disaster. If the interruption is unexpected, the first reaction would be to alert the concerned persons about the problem. If it is expected, then alerts can be issued prior to the occurrence. Timely alerts are crucial in such situations because they can minimize the damage to operations. That s why creating a well-documented and drilled alert procedure, which clearly specifies the chain of communication and the resulting action to be taken, is important. Having notified key stakeholders, the organization must assess the cause of the disruption, the scope of damage caused, the scope for damage control, the persons/services/systems affected, etc. With these inputs, the company can then start evaluating the severity of the disaster, the immediate impact of the event, the time it will take to get operations going again, and how and where to initiate remedial action. Resumption: A key step in a Disaster Recovery scenario is to establish an alternative control center different from the primary operating premises. Once this has been done, the organization must ascertain if it can resume mission-critical operations at the primary site or if they must be moved temporarily to the alternative center. Depending on the severity of the interruption, critical services are restored by creating/maintaining an infrastructure capable of supporting these critical business activities. Recovery: While the business and IT operations are restored based on their priority in the Disaster Recovery program, data is recovered from backup sources and rebuilt to a predetermined point to maintain the integrity of the data. After data has been recovered to a stable state, operations can resume while other supporting business functions also become operational. Restoration: Efforts to restore full functionality to the organization s primary operating infrastructure are undertaken while the recovery team operates concurrently from the alternative site. This restoration process needs to cover the physical infrastructure, IT infrastructure and systems, and applications and networks. Operational data must then be reloaded to the primary systems and tested for stability. Once a stable state has been achieved, the alternative site can gradually be scaled down while business operations are restored at the primary site. Importantly, the management must define a clear plan and schedule the implementation of the complete transition back to business as usual.

Summary 46 6 During our analysis of Disaster Recovery Plans, we have found that any organization can insure itself against any kind of disaster with a solid disaster recovery approach built on thorough assessment of key elements of disaster recovery program. To sum up, a successful Disaster Recovery plan requires inputs and contributions from the entire organization, from top to bottom, its technology partner, and even suppliers, vendors, and distributors. After all, it is only when technology processes, and people are tightly Integrated, that an organization can truly thrive. Copyright 2013, KPIT. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information