Disaster Recovery Plan Template
Business Continuity
ISO 27000, SOX,
PCI-DSS & HIPAA Compliant
The Standard for Disaster Recovery and Business Continuity
This Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any size of enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The Disaster Planning Template comes as both a Word document and a static fully indexed PDF document and includes:
- Disaster Recovery Plan and Business Continuity Template
- Business and IT Impact Analysis Questionnaire
- Work Plan
- Disaster Recovery / Business Continuity Audit Program
- Pandemic Planning Checklist
Preparation for Disaster Recovery / Business Continuity in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DRP exists and will appropriately protect the data.
New are (Version History):- Backup & Backup Retention Policy
- Disaster Recovery Audit Program
- Compliance with the ISO 27000 Series Standards (formerly ISO 17799 now ISO 27001 & ISO 27002), Sarbanes-Oxley, PCI-DSS, and HIPAA
- Web Site Disaster Recovery Planning Form
- Project Status Report Form
- Personnel Location Repor
- Department Disaster Recovery Activation Workbook
- Quick Reference Guide
- Team Alert List (Form)
- DRP Team Responsibilities
- DRP Team Checklist
- Critical Function(s) Definition
- Normal Business Hour Response Procedures
- After Hours Response Procedures
- DRP Location(s) Definition
- DRP Recovery Procedures
- Notification Procedures
- Notification Call List (Form)
- Updated Business and IT Impact Analysis Questionnaire
- Vendor Disaster Recovery Questionnaire
- Vendor Phone List Form Updated
- Key Customer Notification Form
- Critical Resources to be Retrieved Form
- Business Continuity Off-Site Materials Form
- Business Continuity Audit Program
- Chief Information Officer
- Chief Security Officer
- Chief Compliance Officer
- VP Strategy and Architecture
- Director Disaster Recovery and Business Continuity
- Director e-Commerce
- Manager Disaster Recovery
- Manager Disaster Recovery and Business Continuity
- Disaster Recovery Coordinator
- Disaster Recovery - Special Projects Supervisor
- Manager Database
- Capacity Planning Supervisor
- Manager Media Library Support
- Manager Site Management
- Pandemic Coordinator
|
The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:
- Plan Introduction
- Business Impact Analysis - including a sample impact matrix
- DRP Organization Responsibilities pre and post disaster - DRP / BCP checklist
- Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
- Recovery Strategy including approach, escalation plan process and decision points.
- Disaster Recovery Procedures in a check list format
- Plan Administration Process
- Technical Appendix including definition of necessary phone numbers and contact points
- Job Descriptions
- Disaster Recovery Manager
- Manager Disaster Recovery and Business Continuity
- Pandemic Coordinator
- Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)
- Disaster Recovery Manager Responsibilities
- Distribution of the Disaster Recovery Plan
- Maintenance of the Business Impact Analysis
- Training of the Disaster Recovery Team
- Testing of the Disaster Recovery Plan
- Evaluation of the Disaster Recovery Plan Tests
- Maintenance of the Disaster Recovery Plan
Click on the link below to get the DRP/BC sample pages now and make it part of your disaster recovery toolkit.
|
Backup Matrix - Sample from Template
Testimonials
Testimonial - Dave Baker - City of Hamilton -I have found the DRP template invaluable!
Testimonial - Bob Rifenbury -MCSE/CCNA Lauch Testing Lab -The DRP Template saved me about 6 months of work!
Testimonial - Kelly Keeler - Martin's Point Health Care -I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from. weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!
Testimonial - Juan Stamos - Mexico City Corporation -We had a DRP in place, but needed a more user friendly structure. The Disaster Recovery Template (Gold edition) has that structure. It was very easy to quickly move our DRP into Janco's DRP Template -- a real added value.
This template is not for resale or re-distribution - Disaster Plan Template, Disaster Recovery Planning Template Disaster Recovery Template, Disaster Recovery
Disaster Recovery / Business Continuity News
Disaster Recovery Business Continuity for Remote Offices
Data residing outside the data center at remote and branch offices (ROBOs) accounts for a significant portion of an enterprise's information store, yet it often either is protected with inefficient backup processes or is not protected at all -- leaving companies at risk on many fronts.
In a recent research report, high priority projects for ROBOs included improving information security measures; ensuring compliance with government, industry or corporate governance mandates; and improving Disaster Recovery Business Continuity processes.
- more infoDisaster Plan & Business Continuity Infrastructure
The key technology
elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP)
infrastructure are the primary data center, a remote site that duplicates the
resources in that primary location and the method used to get files (master and
transaction) between the two sites - such as high-bandwidth network
connections. The best DRP/BCP strategies follow a "redundant every-thing"
philosophy throughout the data center. Multiple mainframes and servers should
run in the production and backup data facilities. Then, if a component in the
production system encounters problems, it immediately fails over to the local
backup as a first line of defense.
Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.
Maximum Tolerable Period of Disruption (MTPOD) is an issue
The concept of Maximum Tolerable Period of Disruption (MTPOD) is an issue with the introduction of British Standard 25999-2. When applied appropriately, MTPOD will improve management's understanding of your disaster recovery business continuity program and clarifies your enterprise's recovery priorities.
BS 25999-2, Section 4 says that the goal of a business impact analysis is to "determine the impact of any disruption of the activities that support the organization's key products and services." A key aspect of determining the impact of a disruption is identifying what BS 25999 calls the "Maximum Tolerable Period of Disruption," or MTPOD. BS 25999 defines MTPOD as the "duration after which an organization's viability will be irrevocably threatened if product and service delivery cannot be resumed." MTPOD is the maximum amount of time that the organization's key products or services can be unavailable or undeliverable before its stakeholders realize unacceptable consequences.
The full application of this concept can mean rethinking how a business impact analysis is approached. While many DRP / BCP professionals start a business impact analysis by gathering data from individual departments, MTPOD forces them to first look at products and services. Disaster Recovery and Business continuity professionals should understand downtime tolerance, taking into account:
-
Customer expectations
-
Regulatory requirements
-
Reputational issues
-
Financial and operational impairment
-
Strategic consequences.
Based on management input, disaster recovery / business continuity professionals can propose preliminary Maximum Tolerable Periods of Disruption for key products or services within the scope of the business continuity program.
Once MTPOD is established for key products and services, the traditional business impact analysis or service. From there, the business impact analysis can either validate or disagree with preliminary MTPOD conclusions. In addition, the business impact analysis does identify the department, function and process details that are needed to achieve the MTPOD.
Perhaps most importantly, the disaster recovery / business continuity professional must understand the amount of time required to perform the process or activity in order to deliver the product or service to its key stakeholders (internal or external). This is referred to as cycle time. For example, in a manufacturing company, cycle time would be how long it takes to obtain the necessary stock, manufacture the product, and deliver it to the customer.
With an understanding of MTPOD and cycle time, the business continuity professional can identify what is commonly accepted as the core output of the business impact analysis - the recovery time objective, or RTO. RTO is the point in time following a disruption when operations must resume (at a minimum level) in order to meet downtime tolerances.
- more infoDefining a Functional Disaster Recovery Business Continuity Plan
What makes a truly functional disaster recovery business continuity solution is the ability to restore full systems and enterprise operations quickly, in a matter of hours or even minutes, using available computing resources, which may be local, but may also be remote.
True disaster recovery and business continuity plans must allow for recovery from site-wide disasters, such as a hurricane. The primary site may be completely down, due to a lack of power and network connectivity. The secondary site located in a non-affected area would be used to restore services until the primary site comes back online.
Many enterprises opt for remote Disaster Recovery Business Continuity site(s) for such scenarios. Many system administrators opt for virtual servers, which use asynchronous replication to replicate both the data and virtual machines to the secondary site, which has several standby servers. That way if they need to activate the secondary site, they just direct the activity to the virtual machines and all the systems are back up and running with the latest data.
- more infoTemplate Tools for CIOs
Disaster planning is an essential component of preserving your institutions collections. With a written disaster plan, libraries, archives, museums, historical societies, and other collection-holding institutions can reduce the risk of disaster and minimize losses. dPlan is perfect for small and medium-sized institutions that do not have in-house preservation staff. dPlan is also valuable for large library systems or museum campuses that need to develop separate but related plans for multiple buildings, locations, or branches.
The Janco Disaster Recovery / Business Continuity Plan Template can help you create a plan for disaster prevention and response. This template will help you:
-
Prepare for the most likely emergencies,
-
Respond quickly to minimize damage if disaster strikes, and
-
Recover effectively from disaster while continuing to provide services to your community.