Disaster Recovery Hendry Taylor Tayori Limited
Agenda What is Business Continuity planning (BCP) What is Disaster Recovery (DR) and Disaster Recovery Planning (DRP) Overview Lifecycle Analysis Plan design Testing Train the personnel Maintain the plan Questions
What is BCP BCP is Business Continuity Planing. A BCP Manual would contain all information needed to recover the business from a disaster. The DRP is a subset and outlines the IT recovery plan. Some Stats: Fires permanently close 44% of the business affected. In the 1993 World Trade Center bombing, 150 businesses out of 350 affected failed to survive the event. Conversely, the firms affected by the Sept 11 attacks with well-developed and tested BCP manuals were back in business within days.
What is DR and DRP Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. DRP should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure.
Overview With the increasing importance of information technology for the continuation of business critical functions, combined with a transition to an around-the-clock economy, the importance of protecting an organizations data and IT infrastructure in the event of a disruptive situation has become an increasing and more visible business priority in recent years.. It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. Of companies that had a major loss of business data, 43% never reopen, 51% close within two years, and only 6% will survive long-term.* * Hoffer, Jim. "Backing Up Business - Industry Trend or Event." Health Management Technology, Jan 2001
Overview I will cover DRP with a big picture perspective Larger organisations will have a BCP and a DRP Smaller organisations would most likely have both in one Considerations: Mail/parcel delivery redirection Telephone redirection Appointment rescheduling
Lifecycle Business continuity planning lifecycle
Analysis Some considerations for the type of DRP Do you own disaster recovery planning and execution Have DR specialist create DRP and execute self Outsource DR to DR specialist companies DR site consideration Hot site Cold site Secondary office location
Analysis Prior to selecting a Disaster Recovery strategy, refer to the organization's business continuity plan which should indicate the key metrics of Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for various business processes. The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes. RPO will dictate acceptable data loss e.g. if the RPO is 4 hours and data is replicated every 2 hours. If a disaster occurs at 11:59 and the last replication was at 10:00 this would mean 2 hours of data is lost which is within the RPO. RTO will dictate how quickly the said recovery needs to be done in i.e 5 hours to recovery.
Analysis Disaster type consideration IT hardware Failure Utilities Failure Natural Disaster e.g. Flood, Hurricane etc Building Loss e.g. Fire, Terrorism Disasters that are unique to small companies Illness or Injury Absence Service interruptions such as Telephone line, Power etc.
Analysis Preventative Measures UPS Surge Protectors Fire systems Antivirus etc Hosted Services
Plan design Input Recovery Point Objectives Recovery Time Objectives Impact Analysis Including Cost analysis of impact Threat Analysis Cost associated with disaster scenarios Financial Reputational Client
Plan design Plan content Required information Staff contact numbers Recovery location Definition of impact scenarios Recovery requirement per impact scenario
Plan design Plan content (con t) Data recovery strategies Replication Offsite backup storage Raid Hosted Service Application recovery strategies HA design Rebuild Cluster Hosted Service
Plan design Plan content (con t) Communication recovery strategies Network connectivity Network hardware Telecommunications IT infrastructure recovery strategies HA design Standby hardware Cluster Obtain new hardware
Testing Do regular tests at least once a year Tests can be separated into units Do unannounced tests Phone your staff before start of day Do not allow anyone onto site
Train the personnel All staff need to be aware of the DR plan All staff must know and understand their role in the DR plan All staff need to ensure that their contact details are always up to date No single staff member should be a point of failure
Maintain the Plan The plan needs to be reviewed on a regular bases Any changes to the business and IT operations and infrastructure need to be included in the DR plan Tests will highlight any potential problem areas An up to date DR plan is vital to a successful recovery in a disaster
Questions
About me I have been in IT for 23 years in various roles. I have helped plan and test DR plans for many large companies. email: hendry@tayori.co.uk Website: http://www.tayori.co.uk Linkedin profile: http://www.linkedin.com/in/autosys