Performance Indicators for Disaster Recovery



Similar documents
Cisco Disaster Recovery: Best Practices White Paper

Interactive-Network Disaster Recovery

Disaster Recovery Planning

Disaster Recovery Planning Process

Continuity of Operations Planning. A step by step guide for business

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Business continuity plan

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Statewide Disaster Recovery Coordinator Meeting. October 31, 2012

Business Continuity and Disaster Planning

How To Write A Disaster Recovery Plan

Business Continuity Plan

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Business Continuity Planning (BCP) / Disaster Recovery (DR)

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

FORMULATING YOUR BUSINESS CONTINUITY PLAN

Disaster Recovery and Business Continuity Plan

Draft 8/1/05 SYSTEM First Rev. 8/9/05 2 nd Rev. 8/30/05 EMERGENCY OPERATIONS PLAN

Threat and Hazard Identification and Risk Assessment Guide. Comprehensive Preparedness Guide (CPG) 201

Prepared by Rod Davis, ABCP, MCSA November, 2011

DRAFT Disaster Recovery Policy Template

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business Continuity Planning (800)

Business Continuity Planning and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning

Business Continuity Planning at Financial Institutions

Business Continuity Planning for Risk Reduction

Operational Continuity

Testimony of. Edward L. Yingling. On Behalf of the AMERICAN BANKERS ASSOCIATION. Before the. Subcommittee on Oversight and Investigations.

Threat and Hazard Identification and Risk Assessment

Essential Building Blocks of a Comprehensive Emergency Management Program. April 28, 2015

BUSINESS CONTINUITY PLAN OVERVIEW

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Disaster Recovery Planning

Defense in Depth: Off-Site Storage of Biological Specimens and Biopharmaceuticals. for Risk Mitigation

CISM Certified Information Security Manager

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers

Abhi Rathinavelu Foster School of Business

Ohio Supercomputer Center

ILLINOIS INSTITUTE OF TECHNOLOGY School of Applied Technology. Dave Wallenberg, Mario Russo and Batchum Mataruke Edited by Ray Trygstad

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

ASX SETTLEMENT OPERATING RULES Guidance Note 10

How to Plan for Disaster Recovery and Business Continuity

Emergency Operations California State University Los Angeles

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Disaster recovery planning.

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Plans- Technology. Preparation Instructions. Inventory and Assessment. System Backup Procedures

Western Intergovernmental Audit Forum

Business Continuity Management Program Development Guide

Business Continuity Planning advice for Businesses with employees

How To Back Up A Virtual Machine

Business Continuity and Disaster Recovery Policy

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

The Disaster Recovery Self-Assessment Guide and Validation Model. Jim Kates Cognizant Technology Solutions

Wind, Rain & Fire: Disaster Preparation & Recovery

Threats and Hazards: Event Challenges and Impacts. Event Disruptions Are Always A Possibility Planning Is the Key to Surviving Them

Bus incident management planning: Guidelines

NCUA LETTER TO CREDIT UNIONS

Table of Contents... 1

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

IT Service Continuity Management PinkVERIFY

AUSTRACLEAR REGULATIONS Guidance Note 10

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

Intel Business Continuity Practices

Overview of Business Continuity Planning Sally Meglathery Payoff

Mastering Disaster A DATA CENTER CHECKLIST

Disaster Recovery Plan Checklist

Table of contents. Maintaining Continuity of Operations with a Disaster Tolerance Strategy

ESKITP6032 IT Disaster Recovery Level 2 Role

Our Business Continuity Solutions Ensure Long-Term Success

Business Resiliency Business Continuity Management - January 14, 2014

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

NASCIO STATE RECOGNITION AWARDS 2015

Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

Domain 1 The Process of Auditing Information Systems

Kick Starting your Business Continuity Program

Disaster Recovery Planning. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

a Disaster Recovery Plan

Disaster Planning & Recovery: SHRM Resources. Shelly Trent, SPHR; SHRM Field Services Director

Information Security Management System. Business Continuity and Disaster Recovery Plan Policy. The Smart Cube. Description Change

BUSINESS IMPACT ANALYSIS.5

Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it

Disaster Recovery Plan Documentation for Agencies Instructions

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

Temple university. Auditing a business continuity management BCM. November, 2015

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

EMC VMAX: A Platinum-Level Solution. White Paper

HA / DR Jargon Buster High Availability / Disaster Recovery

Draft Copy. Change Management. Release Date: March 18, Prepared by: Thomas Bronack

Company Management System. Business Continuity in SIA

Technology Recovery Plan Instructions

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Guideline on Business Continuity Management

Transcription:

Disaster Recovery Plan to ISO 17799 Introduction A disaster recovery plan attempts to run associated processes to transition smoothly in the event of a natural or human-caused disaster. To plan effectively, you need to first assess your mission-critical processes and associated processes before creating the full disaster recovery plan. Performance Indicators for Disaster Recovery Performance indicators provide the mechanism by which you can measure the success of your disaster recovery plan. Performance indicators for disaster recovery are somewhat different from those used to measure normal performances, because they are a combination of project status and test runs of infrastructure. Indicators of success include: Periodic reports from the implementation team to senior management. Representation of the planning team in the implementation team. Periodic tests to verify implementation of the disaster recovery plan and reports about gaps and risks. A review process that includes the deployment of new solutions. Analysis of the disaster recovery handling, effectiveness, and impact.

Process Flow for Disaster Recovery The following diagram outlines your workflow for managing disaster recovery.

Management Awareness Management Awareness is the first and most important step in creating a successful disaster recovery plan. To obtain the necessary resources and time required from your area, senior management has to understand and support the impacts and risks. Several key tasks are required to achieve management awareness. Identify Possible Disaster Scenarios First, identify the top ten disasters and analyze their impact. Your analysis should cover effects on communications, the impact on operations, and disruption on key operations. You should complete this pre-study in advance of the disaster recovery planning process, knowing that it will require additional verification during the planning process. The following are examples of possible disasters: fire, storm, water, earthquake, chemical accidents, nuclear accidents, war, terrorist attacks and other crime, cold winter weather, extreme heat, airplane crash, and avalanche. The possibility of each scenario depends on factors such as geographical location and political stability. Assess the impact of a disaster from both a financial and physical (infrastructure) perspective by asking the following questions: How much of the resources could be lost? What are the total costs? What efforts are required to rebuild? How long will it take to recover? What is the overall impact? How are people affected, what is the impact on them? Build Management Awareness Senior management needs to be involved in the disaster recovery planning process, and should be aware of the risks and potential impact. The first study on disaster recovery should include an estimate of possible costs and time to implement a disaster recovery strategy. Once management understands the financial, physical, and costs associated with a disaster, it is then able to build a strategy and ensure that this strategy is implemented across the organization. Obtain Management Sign-Off and Funding The senior management has to agree on the disaster recovery project, as well as provide financial and human resources for the project. The first step is the announcement of the

disaster recovery project and kickoff of a planning group or steering committee, which should be led by a senior management person. Disaster Recover Planning Process In the disaster recovery planning stage, you should identify the mission-critical, important, and less-important processes, systems, and services and put in place plans to ensure these are protected against the effects of a disaster. Key elements of disaster recovery planning include the following: Establish a Planning Group Establish a planning team to manage the development and implementation of the disaster recovery strategy and plan. Key people from each sector, unit or operational area should be members of the team, responsible for all disaster recovery activities, planning, and providing regular monthly reports to senior management. Perform Risk Assessments In order to create the disaster recovery plan, your planning group needs to thoroughly understand the life style, available resources, networks, systems, and services. The disaster recovery planning team should prepare a risk analysis and an impact analysis that includes at least the top ten potential disasters. The risk analysis should include the worstcase scenario of completely damaged facilities and destroyed resources. It should address geographic situations, current design, lead-times of services, and existing service contracts. Each analysis should also include an estimate on the financial impacts of replacing damaged equipment, drafting additional resources, and setting up extra service contracts. Establish Priorities When you've analyzed the risks posed to your area from each disaster scenario, assign a priority level to each segment. Priorities should be based on the following levels: Mission Critical: Destruction that would cause an extreme disruption to life, cause major financial ramifications, or threaten the health and safety of the people. The targeted system or data requires significant effort to restore, or the restoration process is disruptive to the business or other systems. Important: Destruction that would cause a moderate disruption to life, cause minor financial ramifications, or provide problems with access to other systems. The targeted system requires a moderate effort to restore, or the restoration process is disruptive to the system. Minor: Destruction that would cause a minor disruption to life. The targeted systems can be easily restored.

Develop Recovery Strategy Just as the analysis of the operations determine the priorities of the systems, the same analysis should be applied to the planning of the recovery. The site priorities and location of key services contribute to a fault-tolerant design, with resilience built into the infrastructure, and services and resources spread over a wide geography. Develop a recovery strategy to cover the practicalities of dealing with a disaster. Such a strategy may be applicable to several scenarios; however, the plan should be assessed against each scenario to identify any actions specific to different disaster types. Your plan should address the following: people, facilities, services, communication, equipment, and maintenance. Your recovery strategy should include the expected down time of services, action plans, and escalation procedures. Your plan should also determine thresholds, such as the minimum level at which the plan can operate, the systems that must have full functionality and the systems costs that can be minimized. Prepare Documentation It is important to keep your documentation up-to-date and have a complete list of all related officials, locations, devices, services, and contact names. The documentation should be part of the implementation process. Your disaster recovery documentation should include: Complete inventory, including a prioritization of resources. Review process. Risk analysis based on the outcome of the assessments. Implementation plan to eliminate the risks and gaps. Disaster recovery plan containing action and escalation procedures. Develop Verification Criteria and Procedures Once you've created a draft of the plan, you should create a verification process to prove the disaster recover strategy and, if your strategy is already implemented, review and test the implementation. It's important that you test and review the plan frequently. We recommend documenting the verification process and procedures, and designing a proof-of-concept-process. The verification process should include an experience cycle; disaster recovery is based on experience and each disaster has different rules.

Implementation Now it's time to make some key decisions: How should your plan be implemented? Who are the related officials, and what are their roles? Leading up to the implementation of your plan, try to practice for disaster recovery using roundtable discussions, role playing, or disaster scenario training. Again, it's essential that your senior management approves the disaster recovery and implementation plans. Backup Services Backup services form a key part of disaster recovery, and you should review these services to make sure they meet the criteria for your disaster recovery plan. Backup is defined as the ability to recover from any failure or issue whether it is related to any part of the processes. A high availability is often the foundation for disaster recovery and can be sufficient to handle some minor or local disasters. Key tasks for planning backup services include the following: Review and Implement Backup Services Your disaster recovery plan should include a backup services strategy, which needs to be consistent throughout the whole organization. Backup scenarios are important to provide higher availability and access to main sites and/or access to existing parallel disaster recovery sites during a disaster. All backup strategies depend upon networking. Disaster handling requires communication services, and the impact of a disaster could be greatly limited by having available communication services.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information