Disaster Recovery Planning Tips

Almost 60% of North American businesses do not have a disaster recovery plan in place to resume IT services in case of crisis - a recipe for possible business failure. Janco Associates has found that 50% of companies that lose their data due to disasters go out of business within 24 months, while the U.S. Bureau of Labor indicates that 93% are out of business within five years.

Tips for Disaster Recovery Planning

1. Devise a disaster recovery plan: IT disaster recovery planning can be a daunting undertaking, with many scenarios to analyze and options to pursue. It is important to start with the basics and add to the plan over time. To begin, define what is important to keep the business running - i.e., email and application access, database back-up, computer equipment - and the "recovery time objective" or how quickly the company needs to be up and running post-disaster. Other key plan components to consider are determining who within the organization declares the disaster, how employees are informed that a disaster has occurred, and the method of communication with customers to reassure them that the company can still service their needs.
   
   
2. Monitor implementation: Once a disaster recovery plan has been established, it is critical to monitor the plan to ensure its components are implemented effectively. A disaster recovery plan should be viewed as a living, breathing document that can and should be updated frequently, as needed. Additionally, proactive ongoing monitoring and remediation of processes, such as back-up data storage and data replication, results in fewer IT issues and less downtime should a crisis occur.
   
   
3. Test disaster recovery plan: An eWeek survey of more than 500 senior IT professionals revealed that a whopping 89% of companies test their disaster recovery/fail over systems only once per year or not at all, leaving their enterprises vulnerable to massive technology and business failures in the event of a disaster. An under-tested plan can often be more of a hindrance than having no plan at all. The ability of the disaster recovery plan to be effective in emergency situations can only be assessed if rigorous testing is carried out one or more times per year in realistic conditions by simulating circumstances that would be applicable in an actual emergency. The testing phase of the plan must contain important verification activities to enable the plan to stand up to most disruptive events.
   
   
4. Perform off-site data back-up and storage: Any catastrophe that threatens to shutter a business is likely to make access to on-site data back-up impossible. The primary concerns for data back-up are security during and accessibility following a crisis. There is no benefit to creating a back-up file of valuable data if this information is not transferred via a secure method and stored in an off site data storage center with foolproof protection. As part of establishing a back-up data solution, every company needs to determine its "recovery point objective" (RPO) - the time between the last available back-up and when a disruption could potentially occur. The RPO is based on tolerance for loss of data or reentering of data. Every company should back-up its data at least once daily, typically overnight, but should strongly consider more frequent back-up or "continuous data protection" if warranted.
   
   
5. Perform data restoration tests: Using tape back-up for data storage has been integral to IT operations for many years, however this form of back-up has not been the most reliable. Today, disk to disk systems are gaining popularity. With either type of system, the back-up software and the hardware on which it resides needs to be checked daily to verify that back-up is completed successfully and that there are no pending problems with the hardware. With tape back-up, companies need to store the tapes in an off-site location that is secure and accessible, while disk systems need to have an off-site replication if the back-up is not run off-site initially. Moreover, companies need to perform monthly test restoration to validate that a restoration can be accomplished during a disaster.
   
   
6. Back-up laptops and desktops: Although many companies have policies requiring employees to store all data on the company's network, it is not prudent to assume that the policy is being followed. Users often store important files on local systems for a host of reasons, including the desire to work on files while traveling and the need to protect sensitive data from the eyes of even the IT staff. Backing up laptops and desktops protects this critical data in the event of a lost, stolen or damaged workstation. Using an automatic desktop and laptop data protection and recovery solution is ideal.
   
   
7. Be redundant: Establishing redundant servers for all critical data and providing an alternate way to access that data are essential components of an organization's disaster recovery planning. Having these redundant services in place at a secure, off site location can bring disaster recovery time down to minutes rather than days.
   
   
8. Invest in theft recovery and data delete solutions for laptops: IDC reports that more than 70% of the total workforce in the U.S. will be considered mobile workers by 2009. Accordingly, laptops are increasingly replacing the traditional desktop PCs. Unlike desktops, however, laptops are more easily misplaced or stolen, thus requiring organizations to secure data deletion and theft recovery options for their users' laptops. Theft recovery solutions can locate, recover and return lost or stolen computers, while data delete options can enable companies to delete data remotely from lost or stolen computers thereby preventing the release of sensitive information.
   
   
9. Install regular virus pattern updates: IT infrastructure is one of those realities of business life that most companies take for granted. Companies often do not focus on email security until an incipient virus, spyware or malware wreaks havoc on employees' desktops. Organizations need to protect its data and systems by installing regular virus pattern updates as part of disaster recovery planning, which may even help prevent a crisis from happening.
   
   
10. Consider hiring a managed services provider: For small- to medium-sized businesses, it is often cost prohibitive to implement a sound disaster recovery plan. Frequently these organizations lack the technical professionals to accomplish this. Managed services providers (MSPs) have emerged in recent years to perform this role. MSPs have the technical personnel to design, implement and manage complex disaster recovery projects. Additionally, MSPs have the server, storage and network infrastructure in place to manage a true disaster recovery plan. To keep costs manageable and make disaster recovery services, such as data storage and redundant servers, available to small- to medium-sized businesses, MSPs build shared, multi-tenant IT infrastructures that host multiple companies on the same hardware and network equipment which helps keep costs affordable and advantageous for its customers.

• DRP Standard
• Premium
• Gold
• DRP/Security Standard
• Premium
• Gold

Disaster Recovery Business Continuity Standard Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations
  • Plan Distribution

  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

Disaster Recovery Business Continuity Premium Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory,
  • Location Contact Numbers,
  • Off-Site Inventory,
  • Personnel Locations,
  • Plan Distribution,
  • Remote Location Contact Information,
  • Team Call List, and
  • Vendor Contact Information.
• 15 Full Job Descriptions (WORD)
  • Chief Information Officer,
  • Chief Security Officer,
  • Chief Compliance Officer,
  • VP Strategy and Architecture,
  • Director Disaster Recovery and Business Continuity,
  • Director e-Commerce,
  • Director Media Communications,
  • Manager Disaster Recovery,

  • Manager Disaster Recovery and Business Continuity,
  • Disaster Recovery Coordinator,
  • Disaster Recovery - Special Projects Supervisor,
  • Manager Database,
  • Capacity Planning Supervisor,
  • Manager Media Library Support,
  • Manager Site Management, and
  • Pandemic Coordinator.

Disaster Recovery Business Continuity Gold Edition

• Disaster Recovery Business Continuity Template
  
  
• 243 IT Job Descriptions including all of the job descriptions contained in the Premium edition

Disaster Recovery Business Continuity & Security Manual Templates Premium Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations
  • Plan Distribution
  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

• Security Manual Template (Word)
• HIPAA Audit Program
• ISO 2700 Security Audit
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Tool
• Sarbanes-Oxley Section 404 Checklist
• Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
  • Blog Policy Compliance
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgment
  • Employee Termination Checklist
  • Internet Access Request
  • Internet Use Approval
  • Internet & Electronic Communication - Employee Acknowledgment

  • Mobile Device Access and Use Agreement
  • Employee Security Acknowledgement Release
  • Preliminary Security Audit Checklist
  • Security Access Application
  • Security Audit Report
  • Security Violation Reporting
  • Sensitive Information Policy Compliance Agreement
  
  
  
• 25 Full Job Descriptions
  • Chief Information Officer (CIO); Chief Compliance Officer (CCO); Chief Security Officer (CSO);VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

Disaster Recovery Business Continuity & Security Manual Templates Premium Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations
  • Plan Distribution
  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

• Security Manual Template (Word)
• HIPAA Audit Program
• ISO 2700 Security Audit
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Tool
• Sarbanes-Oxley Section 404 Checklist
• Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
  • Blog Policy Compliance
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgment
  • Employee Termination Checklist
  • Internet Access Request
  • Internet Use Approval
  • Internet & Electronic Communication - Employee Acknowledgment

  • Mobile Device Access and Use Agreement
  • Employee Security Acknowledgement Release
  • Preliminary Security Audit Checklist
  • Security Access Application
  • Security Audit Report
  • Security Violation Reporting
  • Sensitive Information Policy Compliance Agreement
  
  
  
• 25 Full Job Descriptions
  • Chief Information Officer (CIO); Chief Compliance Officer (CCO); Chief Security Officer (CSO);VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

Disaster Recovery Business Continuity & Security Manual Templates Gold Edition

• Disaster Recovery Business Continuity Template (WORD)
• Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
• Disaster Recovery Manager Job Description
• Manager Disaster Recovery & Business Continuity Job Description
• Application Inventory and Business Impact Analysis Questionnaire
• Incident Communication Plan and Policy with BEST PRACTICES for
  • News Conferences
  • Media Relations
• Social Network Checklist
• Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
  • LAN Inventory
  • Location Contact Numbers
  • Off-Site Inventory
  • Personnel Locations

  • Plan Distribution
  • Remote Location Contact Information
  • Team Call List
  • Vendor Contact Information

Security Manual Template (Word)

• HIPAA Audit Program
• ISO 2700 Security Audit
• Business and IT Impact Questionnaire
• Threat and Vulnerability Assessment Tool
• Sarbanes-Oxley Section 404 Checklist
• Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:
  • Blog Policy Compliance
  • Company Asset Employee Control Log
  • Email - Employee Acknowledgment
  • Employee Termination Checklist
  • Internet Access Request
  • Internet Use Approval
  • Internet & Electronic Communication - Employee Acknowledgment

  • Mobile Device Access and Use Agreement
  • Employee Security Acknowledgement Release
  • Preliminary Security Audit Checklist
  • Security Access Application
  • Security Audit Report
  • Security Violation Reporting
  • Sensitive Information Policy Compliance Agreement

243 Full Job Descriptions which includes all of the job descriptions in the premium edition