---

DRP / BCP Issues

What is
Disaster Recovery?

Why Plans Fail

Are You Prepared
for a Disaster?

Pandemic

Risk Assessment

Process

Best Practices

Clean up - How To

What to do after
an explosion,
terrorist attack, or
random act of violence

Disaster Recovery
and Business Continuity

Metrics

Funding

Funding Request
Presentation

Maximum Tolerable
Period of Disruption

Disaster Recovery Guide

Common Mistakes

Why Disaster Recovery
Business Continuity
is not complete
and or inaccurate

---

News

 

Disaster Recovery
Business Continuity Audit Program

ISO 27001 - ISO 27002
HIPAA - SOX - PCI-DSS Compliant
 

Janco has found that over 30% of all Disaster Recovery Business Continuity Plans are in-complete or in-accurate

This Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program.  There are 36 specific items that the audit covers in the 13 page audit program.  Included are references to specific Janco products that directly address the areas the audit covers.  This program can be used as standalone audit program or in concert with the following Janco offerings:

• Disaster Recovery / Business Continuity Template
• Security Manual Template
• Security Audit Program Template
• Business and IT Impact Questionnaire
• IT Service Management for Service Oriented Architecture
• Metrics for the Internet and Information  Technology

The Disaster Recovery / Business Continuity Audit program covers the following control objectives are:

• Ensure that adequate and effective contingency plans have been established to support the prompt recovery of crucial enterprise functions and IT facilities in the event of major failure or disaster;
• Ensure that all mandated disaster recovery, business continuity, and security requirements have adequate compliance policies and procedures in place;
• Ensure the survival of the business and to minimize the implications of a major enterprise and/or I T failure;
• Ensure that all the potential risks to the enterprise and its IT facilities are identified and assessed in preparation of the contingency plans;
• Ensure the optimum contingency arrangements are selected and cost effectively provided;
• Ensure that an authorized and documented disaster recovery / business continuity plan is created, maintained up-to-date, and securely stored;
• Ensure that the recovery plan is periodically tested for its relevance and effectiveness;
• Ensure that all internal and external parties to the recovery process are fully aware of their responsibilities and commitments;
• Ensure that appropriate liaison is maintained with external parties (i.e. insurers, emergency services, suppliers, etc.);
• Ensure that both the damaged and recovery sites are secure and that systems are securely operated in support of the enterprise;
• Ensure that systems and procedures are adequately and accurately documented to aid the recovery process; and
• Ensure that public and media relations would be effectively addressed during an emergency in order to minimize adverse publicity and business implications.

Included with this program are Microsoft (2003 and 2007 format) Word Documents and an a PDF version of the Audit Program.

 

 

Best offer

 

 

 

 

 

 

 

 

 

 

 

 

Disaster Recovery / Business Continuity Auditing News

---

Bank of America site goes down....

Bank of America was investigating an outage that affected an unknown number of customers but had ruled out a cyberattack, a representative said. Their disaster recovery plan was not activated.

"Our online-banking service is available," spokeswoman Anne Pace said in a telephone interview on Friday afternoon. "We ruled out a cyberattack, but are working with partners to determine the root cause."

Disaster Recovery Plan Template Business Continuity

The Standard - Over 3,000 Companies World Wide have chosen this DRP/BCP Template

Checks  found the site down during the morning and afternoon, as late as 2:50 p.m. PST. Several people reported the outage to and Business Insider reported that the site was down most of the morning. Several others reported that they were able to get through to the site, although at least one said it was sluggish.

Bank of America's Twitter account was reporting that "Our Web site is available. However, some customers are having intermittent issues with access. We are working to determine the root cause."

One person reported that he discovered a work-around: "I tried going to the site via my mobile device, and it works! So then I typed the URL that my mobile device uses into my desktop browser, and I can get in. So it doesn't seem that the Web site, per se, is down, only the 'normal' entry portal?"

- more info

---

DR Plan tools defined in Janco DR Template

Your DR plan should be updated with tools that are collaborative in nature, enable teams and people to communicate remotely at any time, over any channel, and without dependency upon your IT infrastructure.

Emergency notification and communication technology should provide not only an automated solution for message delivery, but also:

• Enable companies to reach end users and allow them to respond anytime and from anywhere.
• Enable notification over any text enabled or voice enabled device (inbound/outbound).
• Provide local and global notification capabilities.
• Provide a centralized, interactive tool for executing your DR plan, monitoring tasks and enabling real time coordination of resources and status updates.

Many organizations' DR efforts fall short once initial notifi cation has occurred. Rarely do organizations have a centralized method for employees, DR teams, executives, customers, etc., to access the DR Plan, task lists, or documents necessary to recovery efforts such as contracts and purchase orders. Prior to purchasing the Janco Disaster Recovery Plan Template, one large regional health care provider complained that once notifcation occurred, they were not able to coordinate the simplest of tasks. In a crisis situation, often times employees have no method to stay apprised of information. Stories abound of disaster recovery teams that become occupied answering employee phone calls and answering basic questions about a crisis, and are unable to focus on their primary task  - managing through a crisis to recovery.

- more info

---

How a CIO should chose a backup site

 Disasters cost money, interrupt business operations and may cause the enterprise or government agency to fail, which makes planning a business continuity issue. Disasters can interfere with or even terminate IT and communications services. It does not matter whether the disaster affects the enterprise, government or service provider. Floods, fire, volcanoes, earthquakes and other events can destroy a primary and backup site if they are too close together.

Telecom service providers can offer expert advice on where to locate a backup facility and should position themselves with CIOs to offer both consulting and services. After all, they have experience planning for their own primary and backup facilities, as well.

A CIO's selection of the backup site location will always have risks and liabilities attached to the decision. Adequate and reliable communications to the backup site and communications between the primary and backup sites are what most service providers can successfully offer to the CIO.

      

In choosing a backup site, CIO's must first determine how big a disaster plan for and budget for it. The level of disaster planning increases as you goes down the following list:

• Building closed/evacuated
• Loss of power
• Loss of communications
• Facility damaged/destroyed
• Community disaster (10-to-30 mile range)
• Regional disaster (30-to100 mile range)

- more info

---

Cloud backup as a strategy for Disaster Planning

One of the biggest challenges of managing a backup infrastructure is that no one wants the job. In large companies, the backup administrator position is an ever-revolving door often staffed with junior people. In smaller companies, backing up the infrastructure is a peripheral duty that is often ignored. The result is the same in both cases: bad backups.

One potential solution to this problem is cloud backup services - or managed backup services, depending on your preferred terminology. The idea is simple: Outsource this undesirable part of IT to a company whose staff specializes in it and you’ll never look back.

  

Cloud backup services take advantage of many of the technologies mentioned here, but allow customers to use the service without having to manage the process. Instead, customers simply install a piece of software on the systems being backed up, and the cloud backup service does the rest. But as with any backup system, make sure you have a way to verify that backups are working the way they’re supposed to be working.

The unglamorous world of backups is like the rest of IT: You never hear from anyone until something goes wrong. Modernizing your infrastructure, when planned and executed carefully, can reduce your liability dramatically. But as you make those improvements, remember the backup mantra: Test everything and believe nothing.

- more info

---

Backing up now much faster

Seagate Technology LLC today at the Consumer Electronics Show (CES) in Las Vegas released its first USB SuperSpeed 3.0-enabled external hard disk drive, the BlackArmor PS110, which has up to three times the performance of its previous USB 2.0 products.

  

The BlackArmor all-in-one USB 3.0 toolkit packages a 500GB 7200rpm, 2.5-inch portable hard drive, power cable and PC express card to enable USB 2.0-enabled laptops to perform with the 4.8Gbit/sec speed that USB 3.0 specifications allow.

While USB 3.0 theoretically represents a 10-fold improvement in I/O

speed over USB 2.0, Seagate said the data speed of its BlackArmor USB 3.0 portable drive is based on "real-world testing." The SuperSpeed USB 3.0 interface allows transfer of large files to and from the external drive at sustained transfer rates of 100MB/sec.

For example, Seagate claims that a 25GB high-definition movie can be transferred in just four minutes on the BlackArmor USB 3.0 drive. That compares to the 14 minutes the transfer would take using a traditional USB 2.0 drive.

- more info

---

More than 75% of all American firms have DRPs in place

According to AT&T's 2008 Business Continuity Study, more than 75 percent of American companies have a business continuity plan (BCP) in place, with the largest enterprises leading the way at 88 percent and the smallest (100 employees or fewer) at 75 percent.

These percentages are significantly higher than just four years ago, according to the same study. That is not surprising, given the dire predictions of business failure following a major disruption or loss of data. Although current figures are not readily available, past studies indicated that many small to mid-size businesses never reopen following a major data loss, and more than half close within two years after the event. And that was during a period of economic expansion. For companies locked into one of the sluggish or soft areas of today's economy, failure rates would almost certainly be higher.

- more info

---

Security and DRP play a role in CIO Infrastructure Design

Designing IT Infrastructure requires CIOs to consider the globalized world they are now in. It is necessary and valuable for CIOs to understand the fundamental trends that are pushing businesses to redesign their operations around this new reality.  Factors they need to consider are:

• Security - With the growing importance of digital applications and data, the sources of threats to enterprise data have multiplied dramatically. Everything from natural disasters to criminals to corrupt sources within the company might try to steal or corrupt data. While businesses do everything that they can to stop these threats in the first place, they still must be prepared to recover from these threats as quickly as possible.
• Business Continuity and Disaster Planning - As businesses have expanded the need for anytime, anywhere application access has become a requirement. At the same time, “follow the sun” (global 24/7) operations have shrinking maintenance windows and a need for applications to be running at all times. Delay or loss of data for any reason – system failure, natural disasters – has a domino-like effect across the entire organization, at any time of the day or night.
• Flexibility - Most businesses now operate across international borders and CIOs must be able to respond to opportunities and challenges faster than ever before. CIOs are usually battling well-resourced organizations that may be based where the opportunity originated, or another globalizing company that is reaching out for new opportunities. In order to compete, a business has to be faster to deliver a product or service as good, or better, than that of potentially any other company in the world.
• Simplicity - Increases in technology have typically led to increased complexity. While per unit costs of technology are always decreasing, in aggregate companies see an increase in cost. With the pressure on IT to act less as a cost center and more as a way to increase the profitability of business units, just adding more storage, more bandwidth, or additional technologies throughout the organization is no longer an acceptable approach to managing information technology. Successful CIOs are investing in numerous technologies including; continuous data protection, virtualization, and wireless connectivity.  They are trying slim down IT’s footprint while increasing their business’s competitive advantages. The CIO is typically in a difficult position, assessing where to try and cut costs while still moving forward with a plan to continually enhance IT services to the business.

- more info

---

Encryption continues to be a key issue

Encryption continues to be key issue  on every CIO's front burner. No one wants to end up in the news as the next victim of a privacy breach or the next company that did not protect its customers' information. If you conduct a news search using the words "personal data breach," you will be alarmed at the number of instances where personal information such as social security and credit-card numbers have been exposed to possible theft. In a recent breach, a state government site allowed access to hundreds of thousands of records, including names, addresses, social security numbers and documents with signatures.

  

Whether it is government agencies, research facilities, banking institutions, credit card processing companies, hospitals' – or your company's computers - the risk of compromising private information is very high.  At the recent conference an attorney described the relationship business has with technology. In his presentation, he stated that since "business relies so heavily on technology today, business risk becomes technology dependent." The possibility of litigation is part of business. It has always been a risk of doing business, but because technology and today's business are so intertwined, business risk has a higher threat level. This has prompted many to encrypt workstations and mobile computers in order to protect critical business data.

If you have rolled out encryption, how do you maintain your IT service quality when the hard disk drive fails? How do you plan and prepare for a data loss when the user's computer is encrypted?  These are all issues that should be considered when putting together a data disaster plan. In addition, data recovery, one of the more common missing elements of a disaster recovery plan, should also be factored in because it can serve as the "Hail Mary" attempt when all other options have been exhausted.

- more info

---

Google applications can help in a disaster

Google Inc. has launched a feature in its Maps Web site that lets U.S. residents find nearby locations for getting seasonal and H1N1 flu shots, the company announced.  When thinking of disaster planning and business continuity this a very interesting concept that can be applied to any disaster or pandemic, any where in the world.

Google previously launched a site where people can monitor current flu-infection levels in the U.S. and abroad.

In launching the flu-shot finder, Google warned that the service doesn't yet have comprehensive data on all providers because it is still gathering that information.

Google Maps also won't say whether a particular provider has run out of vaccines, a big issue right now with the H1N1 shot, whose production isn't keeping up with demand. Thus, people are advised to call the providers before heading to their location.

- more info

---

Disaster Recovery Plan Ensures Survival

Every IT manager knows the importance of having an effective and fast disaster recovery plan (DRP) and Business Continuity Plan (BCP). Organizations without an adequate plan may find themselves out of business quickly after experiencing a major disaster. Janco Associates has found that over 80% of all enterprises that do not have these plans never open their doors after a disaster strikes.

Organizations that ensure survival following a disaster understand the basics of creating a good plan; however, there are many obstacles and pitfalls that can easily be avoided.

Based on working with thousands of customers, Janco Associates has developed a Disaster Recovery and Business Continuity Template that includes everything that you need to create a custom Disaster Plan.

You can download a full copy of the table of contents by going to http://www.e-janco.com/Register_drp.asp.

- more info

---

Apple bug distroys user data

Several posts on the Apple Support forums dating back to the middle of September indicate that some users have been losing all their data due to a nasty bug in Snow Leopard, a.k.a. Mac OS 10.6.

IT was reported that the bug which rears its head when a user logs into their Mac's Guest account and then tries to log back into their regular account.

In some cases, users have reported finding their regular account empty of data, as though it were a brand new account ...  The home directory still exists under "/Users/username" but is completely empty.

Affected users report that data is unrecoverable and cannot be found on the hard drive. The only way to recover is from a backup on external media. You do make regular backups, right?

Apple acknowledged the problem stating: "We are aware of the issue, which occurs only in extremely rare cases, and we are working on a fix," an Apple representative said in a prepared statement Monday.

Backup and Backup Retention Policy

The Backup and Backup Retention policy is an 11 page sample policy that is a complete policy which can be implemented immediately. 

The document is provided in both Word 2003 and Word 2007 formats and is easily modified.  This policy is included in the Disaster Recovery / Business Continuity Template.

  

 

Below is a table from the policy.

- more info

---

Telecommuting workers add disaster recovery and business continuity requirments

Telecommuting  is not just an arrangement; it is a way of life. It requires changes in behavioral patterns that go beyond the usual. It also requires a lot of creativity to stay in touch with people inside and outside the organization. Most telecommuting  workers have two lifelines to their organization - remote VPN access (for access to e-mail, calendar, and Intranet documents) and a telephone (for real-time communication). With no technical on-site support, a failure of even one of these lifelines leads to serious problems.

Experienced teleworkers therefore prepare for disaster planning and business continuity while all systems are working. For example, workers frequently:

• Add redundancy to their communication links
• Configure multiple VPN servers
• Make sure they get e-mail on their PDAs (in case VPN over Internet fails).
• Prepare for worst-case scenarios, such as a computer crash, due to a virus, bad configuration, or hardware failure by backing up data religiously and even keeping a backup computer in case something goes wrong with their primary one.
  

- more info

---

Backup requirments defined

CIOs, CSO's, Disaster Recovery Managers, and Business Continuity Mangers constantly are working to improve their recovery point objective (RPO) and recovery time objectives (RTO) by performing fast, non-disruptive backups, and by performing data restoration.  All comprehensive data protection solutions involve many considerations and contingencies.

Here are some of the things that can go wrong with your data and the backup requirements that need to be addressed:

• Accidental or malicious deletion of critical data - Requirement that provides the ability to quickly and easily restore individual files and folders.
• Data that is lost or corrupted over a period of time - Requirement to roll back individual records to fix  database corruptions. The ability to recover data from any previous point in time, and have it as granular as possible.
• A crashed disk - Requirement to recover a disk volume is different than recovering a single file, but it should be done just as quickly, and with automation to help keep operational disruptions to a minimum.
• A server failure - Requirement to restore operations when replacing a broken server may be complicated by the need to install different drivers on the new system if the hardware is not an exact match. It helps to have the capability to move the application workload to a standby server (with different hardware) or virtual server while the system is being replaced or repaired.
• A local or regional disaster - Requirement when you lose an entire office to fire, flood, or other disaster, have a current copy of your important information in another location that is outside the disaster zone.
• Remote offices and branch offices - Requirement  to have a process in place to restore with minimal technical support as remote and branch offices often do not have the luxury of having an on-site technical resource to assist in backups and restores.
• Resource-intensive backup processes - Requirement frequent or even continuous backup that is not resource-intensive .
•  Security breaches - Requirement to secure data. When moving data between sites, it needs to be protected from potential security breaches. A breach of data security, whether actual damage is done or not, can be devastating to your company's reputation, as dozens of large enterprises and government agencies have found in recent years.

- more info

---

DRP Critical Component of Risk Management

Disaster Recovery (DR) is a critical component of IT and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. How can you get creative in protecting more data, recovering more swiftly, but also saving some money?

Download this outline learn how the Janco Disaster Recovery Business Continuity Template can reduce RPOs and RTOs even more. 

Disaster Recovery Guide
Business Continuity Planning

ISO 27001, ISO 27002, ISO 17799, Sarbanes-Oxley, and HIPAA Compliant

         

What is Disaster Recovery and how does the Disaster Recovery Planning Template help?

This DRP Template can be used for any sized enterprise.  

The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The complete package includes:

• Disaster Recovery Planning and Business Continuity Template
• Business and IT Impact Analysis Questionnaire
• Work Plan
• Disaster Recovery / Business Continuity Audit Program

With lost data being a competitive liability, there is no room for downtime in today's business world.

- more info

---

Disaster Recovery Business Continuity Basics

The basics of a Disaster Recovery Business Continuity Plan are defined in the Janco Disaster Recovery Business Continuity Template. They are:

• Develop the contingency planning policy statement. A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.
• Conduct the business impact analysis (BIA). The BIA helps to identify and prioritize critical IT systems and components.
• Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
• Develop recovery strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
• Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system.
• Plan testing, training and exercises. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.
• Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.

- more info

---

Successful Disaster Planning and Business Continuity Planning Processes

The success of most business depends on Information Technology. However, business and technology environments are becoming more complex. Being prepared to respond to non-typical events - both planned and unexpected - that threaten to disrupt essential business systems and processes, is a major corporate concern.

A recent survey found that disaster recovery planning is a priority for many organizations. Eighty-six percent of IT executives said they have a disaster recovery plan in place at their organization. While the economy has affected IT budgets overall, 43 percent of IT respondents indicated the economy has not affected their disaster recovery investment (including planning) - with another 33 percent, saying investment in disaster recovery has become more important.

Organizations cannot control whether or not they will be affected by a natural disaster, power outage or other unplanned incident, but they can work to help ensure their business is prepared to respond to and recover from these events with minimal impact. Disaster recovery planning is an organizational requirement that can help reduce risk and help companies effectively respond to situations that threaten to disrupt essential business processes.

Janco Associates has found that enterprises that are successful:

• Focus on employee safety. Every disaster recovery plan needs to begin by addressing the physical safety and psychological well-being of employees. That means the plan must include alternative locations where employees can go if a primary work site is unavailable, as well as incident notification and escalation strategies. In addition, the plan needs to be well communicated throughout the organization so everyone knows how to respond in a disaster situation.
•   Conduct a business and IT impact analysis. Carry out a thorough analysis of people, information, application, and other resources to build an understanding of the consequences - financial and operational - of losing vital components. Take particular care to uncover interdependencies across the organization that is critical to staying in business. This analysis will provide a solid foundation for establishing recovery priorities and timeframes in your plan, allowing you to make informed decisions on where and how much to invest in disaster recovery.
•  Plan with business operations in mind. Involve all key stakeholders in the planning process, including IT, business leaders, human resources, corporate communications, and physical and information security managers. Be sure that in planning you coordinate with other business units in your organization to avoid potential conflicts, such as multiple business units depending on the same facility as a secondary site in response to an interruption.
•  Make the disaster recovery plan a living document. Business processes and IT systems undergo constant change in every organization. Your disaster recovery plan needs to keep pace with new workflows, business applications, and computer systems. Disaster recovery planning software can provide best practice methodologies to help you navigate through planning decisions and plan updates. In addition, regular testing will help you demonstrate your ability to recover and pinpoint areas for plan improvements.

- more info

---

Disaster recovery and business continuity planning issues

Disaster recovery and business continuity management and contingency planning are essential especially in these economic times. However, the creation, testing, and updating  of a sound disaster recovery and continuity and contingency plan is costly and complex.

For example, initially it is necessary to understand the underlying risks and the potential impacts of disaster. This is the primary building block upon which sensible and cost effective business continuity plan or disaster recovery plan is built. When the plan itself is created, there are the maintenance and testing phases, to ensure that the plan remains current. Even having arranged all these matters there are the external auditors to consider - and of course, there is the not so small matter of ISO 27000, SOX, HIPAA, and PCI-DSS compliance.

The industry standard solution is the Disaster Recovery and Business Continuity Template by Janco Associates. The template includes all of the right tools to assist with business impact analysis and risk analysis. You can quickly create a core plan (some of Janco’s clients have created an operational plan in less than thirty days), maintain the plan, audit the DRP BCP, and create a cost effective budget to support the disaster recovery business continuity process.

- more info

---

How to request funding for DRP BCP

In these tough economic times how can CIOs get the budget necessary to support Disaster Recovery and Business Continuity Planning.

The following steps should be taken when planning a presentation seeking to gain management support of a Disaster Recovery and Business Continuity program.

• Define the scope, objectives, and requirement - It is not enough to have an objective of getting more funding or gaining executive support.  Define exactly how much funding is needed, or exactly what form the executive support should take.
• Verify expectations - Define what management's expectations for the meeting are.
• Focus on business continuity - It makes more sense to get the commitment for resources to achieve a 24-hour recovery time objective (RTO) than to demand the resources for a two-hour RTO and get nothing.
• Anticipate objections - realize that the number one objection is the cost, and prepare accordingly. Let the results of the business impact analysis (BIA) justify the "investment" (not "cost").
• Prepare a competitive analysis - Executives care what their competition is doing. Annual benchmark studies and surveys are good sources of information on the investments in DPR/BCP being made by industry, by size of organization, etc.
• Prepare examples of what has happened to others - Remind the executives of the regulations that affect their business, and the impact of not complying with them. Examples of such regulations are Sarbanes-Oxley, HIPAA, Foreign Corrupt Practices Act, and Gramm-Leach-Bliley. In addition,  research companies that have been damaged significantly in highly publicized news stories because of their failure to act responsibly.
• Define the Risk/Reward of DRP/BCP - Research and develop the business continuity program's return on investment.
• Package Resources - Work with vendors like Janco Associates who can package infrastructure solutions like the Disaster Recovery Business Continuity Template to accelerate the process and minimize the cost.
• Get buy-in for key decision makers before you meet to ask for a decision - The effort will have greater success if key decision makers and other departments within the organization support the DRP/BCP program. The power of a presentation supported by key executives, marketing, IT security, physical security, human resources, facilities, and risk management is highly significant.

- more info

---

Simple factors can cause a business interruption

Gmail was down for over 30 minutes. Isn't Gmail supposed to have multiple points of failure? Well yes, Gmail has thousands and thousands of overlapping mail servers that can pick up the slack if any one fails because the data is replicated and spread all around. Nevertheless, there are also request servers that do nothing but route the requests for email to whichever server (with the right emails on it) happens to be available.

     

It turns out that Google took down some regular email servers for routine maintenance, and because of some recent changes, that overloaded the request servers.   A VP at Google said, "...we had slightly underestimated the load which some recent changes placed on the request routers, ... a few of the request routers became overloaded and in effect told the rest of the system 'stop sending us traffic, we're too slow!.' This transferred the load onto the remaining request routers, causing a few more of them also to become overloaded, and within minutes nearly all of the request routers were overloaded. "

 

- more info

---

UPS is a first step in a basic DRP

An extended power outage, which can strike at any time, can prevent unprotected computers from initiating their required shutdown procedure. PC and Server operating systems are not designed to support abrupt losses of power known as “hard” shutdowns, but rather rely on a set of built-in processes that prepare a computer for shut down such as saving memory, stopping applications and services, etc. Shutting down in this manner is often referred to a "graceful" shutdown. Hard shutdowns, on the other hand can result in lost or corrupted data and a lengthier time-to-recovery after power returns.

An Uninterruptible Power Supply (UPS) can protect the system from damaging power problems and improve server availability by allowing users to continue working without interruption during a short power outage. During an extended power outage, defined as any outage that might outlast the UPSs runtime, if the system is equipped with UPS shutdown software, it can communicate with the UPS and perform a graceful, unattended system shutdown before the UPS battery is exhausted.

- more info

---

Continental backup data center located underground

Continental leases 2,000 sq. feet underground and another 12,500 sq. feet of office space above ground, in a hardened building complete with 3-inch-thick bulletproof windows. The airline can house its entire operations staff of up to 125 people at the backup site.

Locating a backup data center in an underground bunker may seem like overkill, even in a hurricane zone. But the facility met all of the airline's requirements -- including cost. The bunker, run by real estate partnership Montgomery Westland, has been converted into 33,000 square feet of rack-ready data center space complete with air conditioning, redundant network and power sources, uninterruptible power supply systems and backup generators.

- more info

---

Nature can distroy anything that man can make

Nothing man-made can withstand the forces of nature. In certain regions of the country, natural disasters are not a question of if, but of when. The main headquarters of many companies are located in North Carolina, right in the heart of Hurricane Alley. In addition, Southern California is earthquake and brush fire central.

 

 

They know a hurricane, earthquake, or brush fire is going to be coming along at some point; it is inevitable.  At the worst, you are looking at physical damage to facilities and systems, or flooding. At minimum, it will knock out power and your network circuit. Even if power and network stay up, just the fact that you do not have physical access to your system may prevent you from doing a crucial operational task.

- more info

---

Public Sector Exposed to Disasters

(Continuity Central) -  A new report launched by the city of  Zurich on the issue of supply chain risk in the public sector warns of the potentially catastrophic implications on local government services as councils dramatically increase reliance on back office outsourcing and frontline partnership working.

The report, 'Public sector supply chain: risks, myths and opportunities'calls for urgent action to improve risk readiness in the sector. Without proper management, the potential financial, legal and reputational ramifications for local authorities of supply chain failure - such as supplier cost overruns, data privacy breaches or mismanaged social care contracts - could be disastrous.

 

A survey of risk managers conducted in tandem with the report shows that whilst the vast majority acknowledge that partnership and outsourced working have generated new types of risk, few are considering non-traditional risks before contracting a partner, changing practices to embrace these risks or amending their disaster recovery or risk management plans. Furthermore, risk managers confess to feeling distanced from the day-to-day management of partnerships and claim the issue needs greater recognition and increased integration at a senior management level, particularly amongst those heading-up partnership activity.

Independently authored by David Kaye, a leading global expert in supply chain risk, the report marks the launch of Zurich Municipal’s ‘New World of Risk’ campaign to provide local authority executive leaders, managers and service providers with leading edge advice and guidance about managing risk within the dramatically changing local government landscape. Local authorities are taking on new roles and responsibilities as well as an outsourced business model that, in many cases, is leading to an entirely new risk profile and serious challenges.

 

The recent and rapid migration of local authorities from service providers to strategic commissioners has engendered initial cost and efficiency savings, but also given rise to new risks that could mean higher costs in the end. Outsourcing services or outcome delivery to a selected partner(s) does not automatically devolve contractual, legal or moral responsibilities; if anything it heightens the importance of direct and thorough risk management. Our research and discussions with customers reveals a disparity in current risk understanding and preparedness. To ensure local authorities continue to reap the benefit, rather than suffer the burden, of outsourcing, chief executives, risk managers and partnership directors alike need work together to manage risk at a strategic level.

Outsourcing a critical service need is so much more than subcontracting and delivery dates. It is a process littered with reputational and political pitfalls as well as statutory and legal risk. These risks need to be actively managed, early on in the process, with clear exit strategies and business continuity plans in place. Without imposing this sort of control environment, at a senior level, both the risk and cost of partnerships could spiral.

 

According to the report, the most common supply chain risks encountered by local authorities are:

• Partner or supplier failure
• Hidden costs and budget overruns
• Losing control over service delivery and standards
• Potential loss of quality of service
• The ability to remain compliant with legislation
• Threats to reputation

- more info

---

After Disaster Recovery and Business Continuity Plan Completed Testing is Critical

Once your Disaster Recovery Business Continuity Plan (see Disaster Recovery Plan Template Business Continuity - http://www.e-janco.com/DisasterPlanning.htm) is set, test it at least semi-annually. The enterprise will need to perform a component-level restoration of your largest databases to get a realistic assessment of your recovery procedure, but a periodic walk-through of the procedure with the recovery team will assure that everyone knows their roles. Test the systems you are going to use in recovery regularly to validate that all the pieces work. Always record your test results and update the Disaster Recovery Business Continuity Plan to address any shortcomings.

As your business environment changes, so should the Disaster Recovery Business Continuity Plan. Reexamine the plan every year on a high level. Conduct a risk assessment annually and determine if you still need every part of the plan? Do you need to add to it? Will the budget need to be adjusted to accommodate changes to the plan? As applications, hardware, and software are added to your network, they must be brought into the plan. New employees must be trained on recovery procedures. New threats to business seem to pop up every week and a sound DRP takes all of them into account.

- more info

---

Business Continuity Must Include Extended Outages

To withstand an outage of up to 30 days, companies must streamline emergency management, notification and incident management techniques for quicker response improve cross-training efforts. That's what [business continuity] is about. If you do not have have people to manage and excute an enterprise's function the plan is useless.

Events have shown that many business continuity plans can not withstand massive regional disasters because they are built to overcome severe outages lasting onlt a few days.

Janco has found that most organizations must "mature" their business continuity and disaster recovery strategies to enable IT operations and staffers to endure outages of at least 30 days. Such efforts would require additional IT budget spending and collaboration across enterprise business units at most corporations, she noted.

In addition most enterprises focus on recovering from internal IT disruptions, not from regional disasters that could also damage facilities. A very shortsighted tactic, when considering damage caused by Hurricane Katrina in 2005,  Add to this the potential harm from outages such as terrorist attacks, pandemics, service provider outages, civil unrest or other unpredictable event.

If planners look at some of the events that have occured over the last few years, companies must plan for events that actually take much longer to recover from.

- more info

 

 

 

News Feed   Safe Shopping

Copyright © 1999 - Copyright - Janco Associates, Inc. - ALL RIGHTS RESERVED