Disaster Recovery Plan Template Business Continuity

DRP BCP Template

ISO 27000, SOX, PCI-DSS & HIPAA Compliant

The Standard for Disaster Recovery and Business Continuity - Over 3,000 Companies World Wide have chosen this DRP/BCP Template

     

In most organizations, DR is the quintessential complex, unfamiliar task. Disasters happen so rarely that recovery operations are the opposite of routine. What's more the myriad, interconnected data, application and other resources that must be recovered after a disaster make recovery an exceptionally difficult and error-prone effort. Even if you have never built a DR plan before, you can achieve great results. Just follow the DR Template that Janco has created and you will have a functioning plan before you know it.

All Business Continuity / Disaster Recovery plans need to encompass how employees will communicate, where they will go and how they will keep doing their jobs. The details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus on the plan. For others, information technology may play a more pivotal role, and the Business Continuity / Disaster Recovery plan may have more of a focus on systems recovery.

But the critical point is that neither element can be ignored, and physical, IT and human resources plans cannot be developed in isolation from each other. (In this regard, Business Continuity / Disaster Recovery has much in common with security convergence.) At its heart, Business Continuity / Disaster Recovery is about constant communication.

Janco's Disaster Recovery Plan (DRP) is that tool which can be used as a Disaster Planning template for any size of enterprise. The Template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The template comes as both a Word document and a static fully indexed PDF document. The DRP/BCP Template includes:

• Disaster Recovery Plan and Business Continuity Template (WORD and PDF)
• Business and IT Impact Analysis Questionnaire
• Work Plan
• Disaster Recovery / Business Continuity Audit Program
• Pandemic Planning Checklist
• Incident Communication Plan and Policy

Preparation for Disaster Recovery / Business Continuity in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DRP exists and will appropriately protect the data.

 

 

Included in the Disaster Recovery Business Continuity Template are:

• Backup & Backup Retention Policy
• Disaster Recovery Audit Program
• Compliance with the ISO 27000 Series Standards (formerly ISO 17799 now ISO 27001 & ISO 27002), Sarbanes-Oxley, PCI-DSS, and HIPAA
• Web Site Disaster Recovery Planning Form
• Project Status Report Form
• Personnel Location Report
• Department Disaster Recovery Activation Workbook
  • Quick Reference Guide
  • Team Alert List (Form)
  • DRP Team Responsibilities
  • DRP Team Checklist
  • Critical Function(s) Definition
  • Normal Business Hour Response Procedures
  • After Hours Response Procedures
  • DRP Location(s) Definition
  • DRP Recovery Procedures
  • Notification Procedures
  • Notification Call List (Form)
• Updated Business and IT Impact Analysis Questionnaire
• Vendor Disaster Recovery Questionnaire
• Vendor Phone List Form Updated
• Key Customer Notification Form
• Critical Resources to be Retrieved Form
• Business Continuity Off-Site Materials Form
• Business Continuity Audit Program

DRP BCP Template General Description

The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement.  The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

• Plan Introduction
• Business Impact Analysis - including a sample impact matrix
• DRP Organization Responsibilities pre and post disaster - DRP / BCP checklist
• Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
• Recovery Strategy including approach, escalation plan process and decision points.
• Disaster Recovery Procedures in a check list format
• Plan Administration Process
• Technical Appendix including definition of necessary phone numbers and contact points
• Job Descriptions
  • Disaster Recovery Manager
  • Manager Disaster Recovery and Business Continuity
  • Pandemic Coordinator
• Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)

There is a extensive section that shows how a full test of the DRP can be conducted.  It includes

• Disaster Recovery Manager Responsibilities
• Distribution of the Disaster Recovery Plan
• Maintenance of the Business Impact Analysis
• Training of the Disaster Recovery Team
• Testing of the Disaster Recovery Plan
• Evaluation of the Disaster Recovery Plan Tests
• Maintenance of the Disaster Recovery Plan

Click on the link below to get the DRP/BC sample pages now and make it part of your disaster recovery toolkit.

Backup Matrix - Sample from Template

---

Testimonials

Testimonial - Dave Baker - City of Hamilton -I have found the DRP template invaluable!

Testimonial - Bob Rifenbury -MCSE/CCNA Launch Testing Lab -The DRP Template saved me about 6 months of work!

Testimonial -  Kelly Keeler - Martin's Point Health Care -I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from.  weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!

Testimonial - Juan Stamos - Mexico City Corporation -We had a DRP in place, but needed a more user friendly structure.  The Disaster Recovery Template (Gold edition) has that structure.  It was very easy to quickly move our DRP into Janco's DRP Template -- a real added value.

---

This template is not for resale or re-distribution - Disaster Plan Template, Disaster Recovery Planning Template Disaster Recovery Template, Disaster Recovery

 

 

 

 

 

Disaster Recovery / Business Continuity - DRP / BCP News

---

Cloud computing makes disaster recovery easier for SMBs

Cloud computing has completely revolutionizing business continuity for small to mid-sized businesses (SMBs). The United States Small Business Administration stated that SMBs fall into one of two categories: those that have endured a disaster and those that will. They go on to say that nearly 40 percent of those who go through a disaster will not be able to recover. The threat is real, and SMB owners are aware of it. However with tight budgets, there is little room for hardware infrastructure and specialized staff to maintain it. Still, SMBs rely heavily on technology like Websites, inventory, point-of-sale software, staff scheduling programs, email, and record keeping. In the case of legal and medical (also, financial and some manufacturing), there are strict compliance regulations about things like how long records must be kept and how much time businesses are allotted to produce a record on demand. If one of these businesses loses access to its technology for a day, or even an hour, serious consequences (fines, lost revenue, lost customer data and confidence)
could occur that are difficult to recover from. It remains critical that SMBs have a current copy of their data stored somewhere safe and accessible. In the past decade, this process was so expensive that many SMBs resorted to dodgy tape-based backup systems - or, worse, they’ve done nothing and hoped for the best.

With the advent of cloud computing, instead of just crossing their fingers or paying for the hardware, software, space, and staff required for storage, an entire mid-sized corporation can rent enough cloud space to keep a real-time, full-server backup copy of all its data, applications, and operating systems. Real time means that every keystroke, every email, every bit and byte is safe, and full-server means that every application and even the whole operating system is safe and available. And it gets better: it's also now possible to copy data into the cloud in real time, and it’s possible to retrieve it from the cloud... just as fast.

What this means for SMBs is that if the store burns down or is flooded, daily operations can resume in minutes instead of days…or never.

more info

---

DRP versus BCP

Disaster recovery planning is one of the most important jobs of the IT professional. It includes working with upper management and winning the cooperation of all departments to make a working recovery plan. The two main parts are the Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP). These have to go hand-in-hand procedurally. The BCP focuses more on the schedule and timing of the DRP, so that in the event of a disaster the business can function normally. The three stages of a DRP are Prevent, Detect and Correct.

 

more info

---

Disaster Recovery Business Continuity Basics

The basics of a Disaster Recovery Business Continuity Plan are defined in the Janco Disaster Recovery Business Continuity Template. They are:

• Develop the contingency planning policy statement. A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.
• Conduct the business impact analysis (BIA). The BIA helps to identify and prioritize critical IT systems and components.
• Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
• Develop recovery strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
• Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system.
• Plan testing, training and exercises. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.
• Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.

more info

---

Successful Disaster Planning and Business Continuity Planning Processes

The success of most business depends on Information Technology. However, business and technology environments are becoming more complex. Being prepared to respond to non-typical events - both planned and unexpected - that threaten to disrupt essential business systems and processes, is a major corporate concern.

A recent survey found that disaster recovery planning is a priority for many organizations. Eighty-six percent of IT executives said they have a disaster recovery plan in place at their organization. While the economy has affected IT budgets overall, 43 percent of IT respondents indicated the economy has not affected their disaster recovery investment (including planning) - with another 33 percent, saying investment in disaster recovery has become more important.

Organizations cannot control whether or not they will be affected by a natural disaster, power outage or other unplanned incident, but they can work to help ensure their business is prepared to respond to and recover from these events with minimal impact. Disaster recovery planning is an organizational requirement that can help reduce risk and help companies effectively respond to situations that threaten to disrupt essential business processes.

Janco Associates has found that enterprises that are successful:

• Focus on employee safety. Every disaster recovery plan needs to begin by addressing the physical safety and psychological well-being of employees. That means the plan must include alternative locations where employees can go if a primary work site is unavailable, as well as incident notification and escalation strategies. In addition, the plan needs to be well communicated throughout the organization so everyone knows how to respond in a disaster situation.
•   Conduct a business and IT impact analysis. Carry out a thorough analysis of people, information, application, and other resources to build an understanding of the consequences - financial and operational - of losing vital components. Take particular care to uncover interdependencies across the organization that is critical to staying in business. This analysis will provide a solid foundation for establishing recovery priorities and timeframes in your plan, allowing you to make informed decisions on where and how much to invest in disaster recovery.
•  Plan with business operations in mind. Involve all key stakeholders in the planning process, including IT, business leaders, human resources, corporate communications, and physical and information security managers. Be sure that in planning you coordinate with other business units in your organization to avoid potential conflicts, such as multiple business units depending on the same facility as a secondary site in response to an interruption.
•  Make the disaster recovery plan a living document. Business processes and IT systems undergo constant change in every organization. Your disaster recovery plan needs to keep pace with new workflows, business applications, and computer systems. Disaster recovery planning software can provide best practice methodologies to help you navigate through planning decisions and plan updates. In addition, regular testing will help you demonstrate your ability to recover and pinpoint areas for plan improvements.

more info

---

Major Disaster Recovery Failure with an Outsource Provider

Virginia's Department of Motor Vehicles along with 25 other state agencies  hasn't been able to process requests for licenses and ID cards. These systems are supposed to be up and running six days after the outages started to appear.Northrop Grumman  manages Virginia's IT infrastructure under a $2.3 billion IT services contract.

The Virginia Information Technologies Agency (VITA) said in a statement that teams have been working throughout the weekend to restore data. In a nutshell, the IT infrastructure of the state of Virginia was reportedly crushed by an EMC storage area network failure. The Richmond Times-Dispatch reports that several systems are still down. The same paper said that Northrop Grumman will have to pay a fine for the failure. And the real kicker is that recently revised its contract with Northrop Grumman and extended the deal for three years. The state paid an additional $236 million for better service from Northrop Grumman.

Highlights of the Revised Contract - Operational Efficiencies

• Consolidates and strengthens Performance Level Standards with a 15% increase in penalties across the board if Northrop Grumman fails to perform on clearly identified and measured performance standards. - PAY-UP 
• Improves Incident Response teams to determine technology failures and expedite repair - FAILED
• Institutes clear performance measurements for Northrop Grumman that agencies can easily track - FAILED
• Adds new services to contract such as improved disaster recovery and enhanced security features - FAILED

Among the key parts of the VITA statement:

Successful repair to the storage system hardware is complete, and all but three or possibly four agencies out of the 26 agency systems have been restored. Agencies continue to perform verification testing.

Progress continues, but work is not yet complete for the three or four agencies that have some of the largest and most complex databases. These databases make the restoration process extremely time consuming. The unfortunate result is the agencies will not be able to process some customer transactions until additional testing and validation are complete.

According to the manufacturer of the storage system (EMC), the events that led to the outage appear to be unprecedented. The manufacturer reports that the system and its underlying technology have an exemplary history of reliability, industry-leading data availability of more than 99.999% and no similar failure in one billion hours of run time.

The outage was blamed on the failure of two circuit boards installed and maintained by EMC. It is a big disconcerting that two circuit boards can bring down a state’s IT infrastructure for nearly a week.

Among the things that don't add up in the Virginia IT outage:

• Why wouldn't these boards be replaced quickly?
• Why was there a single point of failure?
• Service was restored for 16 agencies, but 10 require a lengthy restoration of data. Where was the disaster planning? After all, Northrop Grumman touted its disaster recovery for the state just two years ago.
• Where did the IT management fail?

more info

---

ISO business continuity standard

In 2007 the International Organization for Standardization (ISO), published the ISO/PAS 22399:2007 ‘Societal security – Guideline for incident preparedness and operational continuity management’. This was the first internationally-ratified benchmark addressing incident preparedness and continuity management for both the public and private sector.

It was unanimously passed by the 50 countries that participate in the committee and provides an international agreed upon benchmark for emergency and disaster management for individual organizations.” In the UK the has created BS 25999, the Business Continuity Management Code of Practice offering general guidance, and the Specification for Business Continuity Management, listing the requirements that can be objectively and independently audited.

It goes without saying that every company, regardless of size, needs a concise business continuity plan in case of an emergency. If you don't have a disaster recovery plan or haven't updated yours recently, now is the time to take this critical step to protect your business.

At the same time there are more security requirements that need to be met.  With mandated requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, executive management is depending on you to have the right security policies and procedures in place.

more info

---

Disaster recovery and business continuity planning issues

Disaster recovery and business continuity management and contingency planning are essential especially in these economic times. However, the creation, testing, and updating  of a sound disaster recovery and continuity and contingency plan is costly and complex.

For example, initially it is necessary to understand the underlying risks and the potential impacts of disaster. This is the primary building block upon which sensible and cost effective business continuity plan or disaster recovery plan is built. When the plan itself is created, there are the maintenance and testing phases, to ensure that the plan remains current. Even having arranged all these matters there are the external auditors to consider - and of course, there is the not so small matter of ISO 27000, SOX, HIPAA, and PCI-DSS compliance.

The industry standard solution is the Disaster Recovery and Business Continuity Template by Janco Associates. The template includes all of the right tools to assist with business impact analysis and risk analysis. You can quickly create a core plan (some of Janco's clients have created an operational plan in less than thirty days), maintain the plan, audit the DRP BCP, and create a cost effective budget to support the disaster recovery business continuity process.

more info

---

UPS is a first step in a basic DRP

An extended power outage, which can strike at any time, can prevent unprotected computers from initiating their required shutdown procedure. PC and Server operating systems are not designed to support abrupt losses of power known as "hard" shutdowns, but rather rely on a set of built-in processes that prepare a computer for shut down such as saving memory, stopping applications and services, etc. Shutting down in this manner is often referred to a "graceful" shutdown. Hard shutdowns, on the other hand can result in lost or corrupted data and a lengthier time-to-recovery after power returns.

An Uninterruptible Power Supply (UPS) can protect the system from damaging power problems and improve server availability by allowing users to continue working without interruption during a short power outage. During an extended power outage, defined as any outage that might outlast the UPSs runtime, if the system is equipped with UPS shutdown software, it can communicate with the UPS and perform a graceful, unattended system shutdown before the UPS battery is exhausted.

more info

News Feed   Safe Shopping Copyright © 1999 - Copyright - Janco Associates, Inc. - ALL RIGHTS RESERVED