Section 3 -- Framework Design: Hardware and Software



Similar documents
How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Business Continuity Planning and Disaster Recovery Planning

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Disaster Recovery Planning Procedures and Guidelines

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

CISM Certified Information Security Manager

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

MARQUIS DISASTER RECOVERY PLAN (DRP)

IT Disaster Recovery Plan Template

Why Should Companies Take a Closer Look at Business Continuity Planning?

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

IT Disaster Recovery and Business Resumption Planning Standards

DISASTER RECOVERY PLAN

Page Administrative Summary...3 Introduction Comprehensive Approach Conclusion

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

HA / DR Jargon Buster High Availability / Disaster Recovery

Domain 3 Business Continuity and Disaster Recovery Planning

Best Practices in Developing an IT Disaster Recovery Plan. Vijaykumar Kulkarni AGM Product Management

Emergency Operations California State University Los Angeles

INSIDE. Preventing Data Loss. > Disaster Recovery Types and Categories. > Disaster Recovery Site Types. > Disaster Recovery Procedure Lists

Business Continuity Glossary

Disaster Recovery for Ingres. Abstract

Disaster Recovery Plan

Disaster Recovery Plan

Disaster Recovery & Business Continuity Dell IT Executive Learning Series

Disaster Preparedness & Response

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

University of California Santa Cruz EMERGENCY RESPONSE PLAN

Disaster Recovery Planning Process

Disaster Recovery Remote off-site Storage for single server environment

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

IF DISASTER STRIKES IS YOUR BUSINESS READY?

Creating a Business Continuity Plan for your Health Center

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA

How to Plan for Disaster Recovery and Business Continuity

MEDIAROOM. Products Hosting Infrastructure Documentation. Introduction. Hosting Facility Overview

Disaster Recovery Plan Documentation for Agencies Instructions

DISASTER RECOVERY PLANNING GUIDE

Blackboard Managed Hosting SM Disaster Recovery Planning Document

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Infrastructure & Software

Business Continuity / Disaster Recovery Context

Disaster Recovery Policy

Disaster Recovery (DR) Planning with the Cloud Desktop

GSN Cloud Contact Centre Availability & DR Datasheet

Technology Recovery Plan Instructions

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Plan

Overview of Business Continuity Planning Sally Meglathery Payoff

Overview of how to test a. Business Continuity Plan

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

Simplify Your Data Protection Strategies: Best Practices for Online Backup & Recovery

Fire Department Guide. Creating and Maintaining Business Continuity Plans (BCP)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Assisted Living Facilities & Adult Care Comprehensive Emergency Management Plans

Template Courtesy of: Cloudnition LLC 55 W. 22 nd St Suite 115 Lombard, IL (630)

Running Successful Disaster Recovery Tests

11 Common Disaster Planning Mistakes

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Powering the Cloud Desktop: OS33 Data Centers

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

Datacenter Migration Think, Plan, Execute

Toronto Public Library Disaster Recovery recommended safeguards and controls

Business Resiliency Business Continuity Management - January 14, 2014

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Business Continuity & Recovery Plan Summary

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

OKHAHLAMBA LOCAL MUNICIPALITY

BRYN MAWR COLLEGE EMERGENCY RESPONSE PLAN Revised 3/17/08 (abridged)

Managed Hosting Evaluating Blackboard Managed Hosting Vs. Self Hosting

How To Outsource Your Servers To Sungard

EMERGENCY MANAGEMENT POLICY

Introduction to IT Infrastructure Components and Their Operation. Balázs Kuti

Disaster Recovery & Business Continuity Related, but NOT the Same! Teri Stokes, Ph.D., Director GXP International

Business Continuity and Disaster Recovery Planning

disaster recovery - the importance of having a plan

a Disaster Recovery Plan

Overview. Emergency Response. Crisis Management

Data Center Infrastructure & Managed Services Outline

CoreSite A Carlyle Company. 70 Innerbelt Colocation Services

Incident Management & Communications. Top 8 Focus Areas to Mitigate Risk

Vendor Audit Questionnaire

Transcription:

IT Disaster Recovery Plan Template CONTENTS: Section 1: Determine Scope and Size of DR Plan Section 2: Definitions of Disaster Section 3: Framework Design/Hardware and Software Section 4: Framework Design/Environmental Section 5: Framework Design/Customers and Applications Section 6: Framework Design/Labor Resources Section 7: Framework Design/Networking Section 8: Framework Design/Cultural, Political, Financial Section 9: Administrative Processes Section 10: Logistical Processes Section 11: Testing Processes Section 12: Training Processes Section 13: Maintenance of plan Section 1 -- Scope and Size of Disaster Recovery Plan A. Over-arching considerations Campus issues and checks: Records management requirements by individual state Requirement for business continuity plan (Definition: Business continuity plan is a customer s plan to delivery service manually while IT disaster recovery restores electronic service.) HIPAA requires a disaster recovery plan University is a business and there is a big loss to the student when business is out of order. Do we need a business continuity plan for the students? Need to be practical and usable, not just theoretical Need to be understandable Can t spend a lot of money B. Determine Scope and Size Agree upon level of scope Can a non-it shop person come in and understand the plan? Is the plan practical? Do we outsource the plan? Need to share examples Need to consider in overarching Campus crisis plan Within this, need to include master data center recovery plan Within this, need to include respective customer and individual service plans, e.g., PeopleSoft services, Mainframe services, enterprise storage services, individual customers computers, etc. Section 2 -- Definitions of Disaster A. What are (and what are not) the criteria to determine a disaster? Physical, data, hardware How do we know if a disaster has been detected? 1

B. Examples of a disaster Outage by hours Outage by hours greater than certain level requiring contact of disaster team to declare disaster (for ex., notify campus crisis team) When day-to-day plans no longer work (i.e., day-to-day work drill is gone, or when there is a build-up, escalation procedures are exhausted, and operation no longer meets common baseline planning When there are threats that scope up to become a disaster (i.e., Sept. 11, campus unrest, etc.) When we lose a data center or building that houses the data center When we lose complete staff (labor resources) of data center When we lose a core business service (i.e., email) When we require Risk Mgmt and Insurance to declare a disaster in order to get vendor action in recovery Need to share other examples of disaster in order to clarify for your own institution Need to develop own definitions of disaster that are practical as opposed to industry definitions. Section 3 -- Framework Design: Hardware and Software A. Who is the vendor? Proprietary (Sun Solaris, Linux, windows, AIX) Homegrown (you are the vendor) Mainframes Needs Service Level Agreements (SLA) with vendors to replace the equipment if disaster strikes B. Hardware configured environments (i.e., production, test, crash and burn, etc.) C. What is your hardware asset inventory? (Let s share the data elements we are keeping about your assets.) i.e., Assets Center by Peregrine; LDR Plus by Vendor?; Oracle database/homegrown systems (i.e., SOAPI) Damage assessment by Risk management and insurance Photos of equipment Naming conventions of the hardware D. Change information system (how do you make changes to your hardware environment?) E. Tracking system for problems with hardware, applications, and network F. Categories of operating system software G. Proprietary factors of software H. Redundancy of data I. Backing up the software, data and OS J. Storage Single copy Redundant copy Security of data, software and applications 2

How do you test for this item of disaster? K. Enterprise systems L. Client server services Section 4 -- Framework Design: Environmental A. One data center or Multiple data center sites B. What are your campus building plans? Tag a 2 nd data center into new building plans; C. Hot site (exact duplicate of data center site) D. Warm site (physical site and certain aspects ready, but need servers) E. Run at another site but at a lower capacity (not hot, warm, but operable) F. Cold site (we have a room and everything has to be planned) G. Physical security system for site Re-entry after disaster Protection and Safety of disaster site Silent panic button Who issues building all clear? Check out 911 service in relation to disasters Flood plain of the site Water detection at the site HVAC at the site Cooling glycol inventory run wet (use of chilled water to control room temperature) Fire suppression (Halon) Alternate power sources Diesel generators Check diesel levels Uninterruptable power source (UPS) Batteries Do you have UPS on individual computer systems? (Check out electrical certification of this with local campus electrical shop and then figure out how to test.) (NOTE: This is NOT a good idea.) Section 5 -- Framework Design: Customers A. Business continuity plan (customers should be asked how they will operate their business while they are down) B. Business impact analysis (rate the impact of your services to determine how and when to bring your service back up C. Webification of customers applications, global use versus local client use on campus. D. Priority processing campus customer calendar E. Ranking Business Processes (i.e., Core, T1, T2, T3, etc.) PeopleSoft Student systems Financial systems Payroll Multi-campus based courses/distance education class 3

Research customers (as a Core process) F. Service Level agreements with customers Need customer organization charts for DR Determine amount of money for instantaneous disaster recovery or delayed disaster recovery Section 6 -- Framework Design: Labor Resources A. Staff availability Depends on the disaster; have staff been wiped out by the disaster? (i.e., weather disaster, physical disaster, etc.) B. Staff dependability/reliability Union agreements/labor contracts Who does what in a disaster? Are staff excellent in day-to-day but horrible under pressure? Burnout of staff during disaster Are there any SLA (support level agreement) with peer agencies (state or other IT campus agencies) C. Counseling services availability D. IT Management tier (see cultural, political, financial) E. Top campus mgmt (see cultural, political, financial) F. Mass campus retirement how to replace expertise? How do we teach others before they retire? G. Accounting for labor resources with reorganization processes H. Vendor consulting services do we use vendors as a resource for DR staff (could be for one person or a whole team)? I. Escalation team (separate from DR team or day2day decide when to escalate) J. Disaster recovery team K. Restoration team L. Day-to-day Operation team Section 7 -- Framework Design: Networking A. Topology map of the network Inter-company collaboration Incorporate webification of services over the network Redundancy Each campus expansion within its own state (IN s I-Light project and UW-Mad with WiscNet) B. Other characteristics of networking Duel network feeds to site Dark Fiber requires multiple paths Underground or overhead Satellite feeds? How do you replace the Support equipment to monitor and maintain topology? Section 8 -- Framework Design: Cultural, Political, Financial 4

A. KEY ITEM: Buy-in and support by top mgmt on campus from beginning (i.e., chancellor or provost) B. Money/budget/financial for DR where from?? Who has the purse? Is it funded by infrastructure? Is it funded by each individual customer service? Is it part of technologist s fee? ( tack on ) C. Campus crisis planning IT disaster recovery plan and IT disaster services recovery plan should be an item on campus crisis plan D. Terrorists (Sept. 11, disgruntled grad students?) E. Staff acceptance F. Customer acceptance G. Auditor s acceptance Main doorway for most disaster recovery planning H. Campus records bldg (where do they reside) I. Relation of IT DR to physical plant and other campus infrastructures Section 9 -- Administrative Processes A. IT Organization Chart for DR (and customers Org chart) B. Initial response notification Calling tree No phone service available? Radio communications ; batteries? Which top offices will have radio communications available need to document C. Communication to external media (via IT media person or Campus Crisis media person) D. Who signs off and authorizes which team? E. Each campus needs to define its own administrative processes and protocol. Section 10 -- Logistical Processes A. Temporary Workspace/physical B. Setup a temporary command center C. Provide telephone lines to command center D. Time elements of the plan E. When do Disaster Recovery Operations (for a customer or service) end and day-today operations begin? F. Each campus needs to define logistical processes Section 11 -- Testing Processes A. Each campus needs to define the testing process Define testing process for each aspect of how to test the component pieces IT processes Administrative processes Logistical processes B. Examples of testing include: Structured walk-through (possibly including other IT staff) 5

Once/year annual audit (ex. Payroll checks) Include customers business continuity plan Matrix of options; what is standard or Benchmark for testing? Easier to test everything than to test the parts What about loss of labor (for ex., death, injury, incapacity) and how to test this (See Section 6 Labor Resources) Section 12 -- Training of Staff on Plan A. What is the Objective of training? Heighten awareness So a new person can get through DR education Ensure that it is practically understood. Do you read the book or do you show how B. Who is cross-trained for DR? C. Where is documentation for DR located? (i.e., DR team members homes, trunks of their cars, etc.) D. Could IT Disaster Recovery group assist each other with training? Do individual institutions have an IT training department that could assist? Can our individual institutions IT data center staff train each other? Section 13 -- Maintenance of Plan A. Documentation repository B. Plan must be maintained annually, BUT parts of the plan need to be updated more frequently (for ex., phone lists) Plan should be in a dynamic database that can be updated automatically C. Who does what for DR plan maintenance? Who updates what section? Prints copies of the plan? Who files the plan? Kept with which members at home or in trunk of car? Kept on wallet card? (DRP team instructions) Who keeps log for audit of the maintenance? D. Changes to the asset inventory should automatically update the disaster recovery plan E. Problems with testing the plan should cause an update of plan F. Annual agreement by top campus management to keep plan at level of funding, etc. G. Return to Day-to-Day Operations Have maintenance agreements in place Have customer service level agreements in place (sign-offs) H. Lite version of plan also see Section 1 Scope and Size Provides some preparedness for DR; Drives items for more detail of DR Could be an interim plan; if this, then we do that Could mitigate or lessen disaster Who responds How does it get resolved 6

How can we prevent it A road map to assist with the check-off process to make sure everything has been recovered 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information