Company X IT Disaster Recovery Plan (BCP0005)

Similar documents
How to Plan for Disaster Recovery and Business Continuity

VICTOR KHANYE LOCAL MUNICIPALITY PLAASLIKE MUNISIPALITEIT. ICT Business Continuity Plan. DRAFT v0.1 Page 1 of 9

Business Unit CONTINGENCY PLAN

External Supplier Control Requirements BCM

#316 The Security Elements of Business Continuity & Disaster Recovery Plans

Business continuity plan

Business continuity management and planning

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

LOCATION XX. Business Continuity Plan

BUSINESS CONTINUITY PLANNING

SCHEDULE 25. Business Continuity

Business Continuity Glossary

Technology Recovery Plan Instructions

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Subject: Internal Audit of Information Technology Disaster Recovery Plan

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

ITSM Tools Operation Continuity Plan Example

Desktop Scenario Self Assessment Exercise Page 1

Table of Contents... 1

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

SAMPLE IT CONTINGENCY PLAN FORMAT

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

Disaster Recovery Plan Documentation for Agencies Instructions

Unit Guide to Business Continuity/Resumption Planning

Information Services IT Security Policies B. Business continuity management and planning

Disaster Recovery Plan Overview for Customers. Sage ERP Online

Clinic Business Continuity Plan Guidelines

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

Why Should Companies Take a Closer Look at Business Continuity Planning?

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

COMCARE BUSINESS CONTINUITY MANAGEMENT

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Business Continuity Business Continuity Management Policy

Business Continuity Overview

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Continuity of Operations Planning. A step by step guide for business

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Clinic Business Continuity Plan Guidelines

Emergency Response and Business Continuity Management Policy

Offsite Disaster Recovery Plan

Disaster Recovery Policy

BUSINESS CONTINUITY PROGRAM (BCP) HANDBOOK FOR DEPARTMENT BCP TEAMS

CISM Certified Information Security Manager

Emergency Operations California State University Los Angeles

Business Continuity Management

Contingency Plan for HIPAA

Business Continuity Planning for Risk Reduction

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Planning (800)

March 2007 Report No FDIC s Contract Planning and Management for Business Continuity AUDIT REPORT

Federal Energy Regulatory Commission Division of Dam Safety and Inspections DRAFT RECOVERY PLAN FORMAT

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity Planning (BCP) / Disaster Recovery (DR)

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Business Continuity Plan

Running head: COMPONENTS OF A DISASTER RECOVERY PLAN 1

How To Manage A Disruption Event

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

State of South Carolina Policy Guidance and Training

Overview of how to test a. Business Continuity Plan

Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

BUSINESS CONTINUITY MANAGEMENT PLAN

IT Service Continuity Management PinkVERIFY

BUSINESS CONTINUITY PLANNING. Business Continuity Management Plan. Version 1.4

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

Statement of Guidance

EA-ISP-002-Business Continuity Management and Planning Policy

BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES

Plan Development Getting from Principles to Paper

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

LIMCO AIREPAIR, INC. Disaster Plan

Prudential Practice Guide

IT SERVICE CONTINUITY AS RELATED TO THE MANAGEMENT OF ELECTRONIC RECORDS POLICY

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June Report 6c Page 1 of 15

Business Continuity Management For Small to Medium-Sized Businesses

Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Business Continuity Planning. Presentation and. Direction

Prudential Practice Guide

Creating a Business Continuity Plan. What We ll Cover... What is a BCP? Micky Hogue, CRM

Business Continuity Plan

Business Continuity Plan

Temple university. Auditing a business continuity management BCM. November, 2015

Overview of Business Continuity Planning Sally Meglathery Payoff

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Disaster Recovery Planning. By Janet Coggins

Proposal for Business Continuity Plan and Management Review 6 August 2008

Transcription:

Company X IT Disaster Recovery Plan (BCP0005) 1 of 48

Document version control Version Date Author(s) Summary of changes Document approvals Approving body Roles Version Document distribution Referenced documents Title Location Version Document Review History Reviewed By Title Date 2 of 48

Table of Contents 1. INTRODUCTION...5 1.1. Policy Statement...5 1.2. Scope of this Plan Document...5 1.3. Disaster Scenarios...6 1.4. Conceptual Recovery Time Line...7 1.5. Assumptions...7 1.6. Invoking the Plan...8 1.7. Explanation of Terms...9 2. ROLES AND RESPONSIBILITIES... 10 2.1. Overview... 10 2.2. IT Emergency Recovery Team... 11 2.3. Damage Assessment Team... 14 2.4. Technical Recovery Team... 15 2.5. Media Liaison Team... 16 2.6. Logistical Support Team... 17 2.7. Vendors/Service Providers... 18 2.8. Special Equipment/Vital Documentation... 19 3. ACTION PLAN... 20 3.1. Action Plan Overview... 20 3.2. Primary Action Procedure... 20 3.3. Continuation Action Procedure... 21 4. RECOVERY ACTION PLAN... 22 STEP 1 -- Activate the IT Emergency Recovery Team... 23 STEP 2 -- Assess Damage... 24 STEP 3 -- Declaring a Disaster... 25 STEP 4 -- Take Action to Restore the Damaged Facility... 26 STEP 5 -- Deliver Critique of Plan... 28 STEP 6 -- FINISH (if a disaster was not declared)... 29 STEP 7 -- Move to Emergency Alternate Facilities... 30 STEP 8 -- Manage External Contacts... 31 STEP 9 -- Recover IT Processes... 32 STEP 10 -- Salvage Damaged Offices/Computer Room... 34 STEP 11 -- Deliver Critique of Plan... 35 STEP 12 -- FINISH... 36 5. TESTING AND MAINTENANCE OF THE PLAN... 37 5.1. Overview... 37 5.2. About Tests... 38 5.3. Types of Tests... 39 6. CHECKLISTS AND FORMS... 41 6.1. Overview... 41 6.2. Incident Description... 42 6.3. Assessment Checklist... 43 6.4. Recovery Checklist... 44 3 of 48

7. APPENDICES... 45 Appendix 1: Other Things to Include... 45 Appendix 2: Activity Log... 46 Appendix 3: Expense Log... 47 Appendix 4: Sample Fax Message to Clients... 48 4 of 48

1. INTRODUCTION 1.1. Policy Statement A business continuity management process should be implemented to reduce the disruption caused by disasters and security failures (which may be the result of, for example, natural disasters, accidents, equipment failures, and deliberate actions) to an acceptable level through a combination of preventative and recovery controls. AS/NZS ISO/IEC 17799:2001 Clause 11.1 It is the policy of Company X to develop and maintain enterprise-wide disaster recovery plans (DRP s) for Company X s IT services. These will provide Company X with the opportunity to recover from a catastrophic event, be it accidental, man-made or natural, and resume IT operations in an efficient and effective manner. This DRP is designed to reduce the risks of COMPANY X failing to continue to operate the IT element of business critical functions in the face of various crisis situations. It is recognized that the probability of a severe disaster is low, however the existence of a DRP is considered vital should an emergency occur. The ultimate goal of the DRP is to allow COMPANY X IT facilities to resume essential business operations at an alternate location within a predictable time. 1.2. Scope of this Plan Document This document outlines the steps to be taken to restore COMPANY X s IT facilities in a controlled manner and in line with defined business application priorities. It is not a Business Continuity Plan since it only addresses the IT component of business applications. Business Continuity Plans are the responsibility of the relevant business units. Incident Alert & verification Initial Emergency Reponse Focus on specific incidents Scope of activities covered by this document Emergency Procedures Focus on specific services Fallback Plans Focus on specific business activities Figure 1 Framework for Business Continuity Planning Resumption Plans 5 of 48

1.3. Disaster Scenarios All scenarios assume that the disaster is likely to continue for more than two working days. Facility Scenario A Scenario B Scenario C Secondary Data Centre COMPANY X Computer Room 1 COMPANY X Computer Room 2 COMPANY X general office facilities Facility is accessible and operable Facility is inaccessible and inoperable 6 of 48

1.4. Conceptual Recovery Time Line The graphic below depicts the typical progression of steps and activities anticipated within a well-orchestrated disaster recovery plan. Disaster Occurs Team Alerted Damage Assessed Disaster Declared Recovery Site Occupied Systems & Data Restored Data Network Connected Applications Validated Production Mode 0 12 24 36 48 60 72 84 Elapsed Time in Hours NOTE: Clients should not expect any production COMPANY X computing services to be available within the first 48 hours after a disaster declaration. All client business recovery plans should include this as a basic planning assumption. 1.5. Assumptions This Disaster Recovery Plan has been prepared with these assumptions: Facilities The recovery will be controlled from an IT Control Centre in Head Office. An alternative IT Control Centre location will be established if Head office is unavailable. A contingency site will be established and will become the interim office Headquarters for Company X under Scenarios A and B (i.e. Head Office unavailable for general office accommodation). The steps involved in establishing this site are not included in this Disaster Recovery Plan. 7 of 48

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information