Facebook Follow



XLM News Janco News Feed

Reddit  Del.icio.us  Stumble Upon  Facebook  

DRP/BCP Tutorial
Disaster Recovery Defined
DRP BCP Basics
ISO 27031
Types of Disasters
Why Plans Fail
10 Commandments of DR & BC Planning
Cloud Backup
Disaster Preperation
Pandemic
Risk Assessment Process
Interruption
Life Cycle

Best Practices
Compliance Requirements
Media
Communication

Facility Loss
Remote Sites
Clean up - How To
What to do after an explosion, terrorist attack, or random act of violence
Disaster Recovery and Business Continuity
Metrics
Funding
Funding Request Presentation
Maximum Tolerable Period of Disruption
Disaster Recovery Guide
Common Mistakes
Why Disaster Recovery Business Continuity is not complete and or inaccurate
Weather

Disaster Recovery Manyal Disaster Recovery Manual

The Disaster Recovery Business Continuity Manual is what over 3,000 enterprise world wide have chosen as their standard.

ISO 27000, SOX,
PCI-DSS & HIPAA Compliant

The Standard for Disaster Recovery and Business Continuity

The Disaster Recovery Manual (DRP) can be used as a Disaster Planning template for any size of enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The Disaster Planning Template comes as both a Word document and a static fully indexed PDF document and includes:

  • Disaster Recovery Manual and Business Continuity Template
  • Business and IT Impact Analysis Questionnaire
  • Work Plan
  • Disaster Recovery / Business Continuity Audit Program
  • Pandemic Planning Checklist

Preparation for Disaster Recovery / Business Continuity in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DRP exists and will appropriately protect the data.

Order DRPEnterprise & World LicenseSample DRP

New in recent addition to the DRP BCP Template:

  • Backup & Backup Retention Policy
  • Disaster Recovery Audit Program
  • Compliance with the ISO 27000 Series Standards (formerly ISO 17799 now ISO 27001 & ISO 27002), Sarbanes-Oxley, PCI-DSS, and HIPAA
  • Web Site Disaster Recovery Planning Form
  • Project Status Report Form
  • Personnel Location Report
  • Department Disaster Recovery Activation Workbook
    • Quick Reference Guide
    • Team Alert List (Form)
    • DRP Team Responsibilities
    • DRP Team Checklist
    • Critical Function(s) Definition
    • Normal Business Hour Response Procedures
    • After Hours Response Procedures
    • DRP Location(s) Definition
    • DRP Recovery Procedures
    • Notification Procedures
    • Notification Call List (Form)
  • Updated Business and IT Impact Analysis Questionnaire
  • Vendor Disaster Recovery Questionnaire
  • Vendor Phone List Form Updated
  • Key Customer Notification Form
  • Critical Resources to be Retrieved Form
  • Business Continuity Off-Site Materials Form
  • Business Continuity Audit Program
The Disaster Recovery Business Continutiy template can be purchased as an individual item or bundled with job descriptions and or the Security Manual Template. The options are:

Disaster Recovery Business ContinuityDisaster Recovery Business Continuity Standard Edition

  • Disaster Recovery Business Continuity Template (WORD)
    • Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
    • Disaster Recovery Manager Job Description
    • Manager Disaster Recovery & Business Continuity Job Description
    • Application Inventory and Business Impact Analysis Questionnaire
    • Incident Communication Plan and Policy with BEST PRACTICES for
      • News Conferences
      • Media Relations
    • Social Network Checklist
    • Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
      • LAN Inventory
      • Location Contact Numbers
      • Off-Site Inventory
      • Personnel Locations
      • Plan Distribution
      • Remote Location Contact Information
      • Team Call List
      • Vendor Contact Information

Disaster Recovery Business ContinuityDisaster Recovery Business Continuity Premium Edition

  • Disaster Recovery Business Continuity Template (WORD)

  • 15 Full Job Descriptions (WORD)
    • Chief Information Officer
    • Chief Security Officer
    • Chief Compliance Officer
    • VP Strategy and Architecture
    • Director Disaster Recovery and Business Continuity
    • Director e-Commerce
    • Director Media Communications
    • Manager Disaster Recovery
    • Manager Disaster Recovery and Business Continuity
    • Disaster Recovery Coordinator
    • Disaster Recovery - Special Projects Supervisor
    • Manager Database
    • Capacity Planning Supervisor
    • Manager Media Library Suppor
    • Manager Site Management
    • Pandemic Coordinator

Disaster Recovery Business ContinuityDisaster Recovery Business Continuity Gold Edition

  • Disaster Recovery Business Continuity Template (WORD)

  • 243 IT Job Descriptions (WORD) including all of the job descriptions contained in the Premium edition

DR BC SecurityDisaster Reovery Business Continuity & Security Manual Templates Standard Edition Includes

  • Disaster Recovery Business Continuity Template in MS WORD format
  • Disaster Recovery Business Continuity Audit Program
  • Security Manual Template in MS WORD format
  • Business and IT Impact Questiononaire - 21 pages
  • Threat and Vulnerability Assessment Form

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Premium

  • Disaster Recovery Business Continuity Template (WORD)

  • Security Manual Template (Word)

  • 25 Full Job Descriptions
    • Chief Information Officer (CIO); Chief Compliance Officer (CCO); Chief Security Officer (CSO);VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows

DR BC SecurityDisaster Recovery Business Continuity & Security Manual Templates Gold Edition

  • Disaster Recovery Business Continuity Template (WORD)
    • Disaster Recovery Business Continuity Audit Program - Compliant with ISO 27031 and ISO 22301
    • Disaster Recovery Manager Job Description
    • Manager Disaster Recovery & Business Continuity Job Description
    • Application Inventory and Business Impact Analysis Questionnaire
    • Incident Communication Plan and Policy with BEST PRACTICES for
      • News Conferences
      • Media Relations
    • Social Network Checklist
    • Included with the template are Electronic Forms which have been designed to lower the cost of maintenance of the plan. Electonic Forms that can be emailed, completed via a computer or tablet, and stored electronically including:
      • LAN Inventory
      • Location Contact Numbers
      • Off-Site Inventory
      • Personnel Locations
      • Plan Distribution
      • Remote Location Contact Information
      • Team Call List
      • Vendor Contact Information
  • Security Manual Template (Word)
    • HIPAA Audit Program
    • ISO 2700 Security Audit
    • Business and IT Impact Questionnaire
    • Threat and Vulnerability Assessment Tool
    • Sarbanes-Oxley Section 404 Checklist
    • Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including:

      • Blog Policy Compliance
      • Company Asset Employee Control Log
      • Email - Employee Acknowledgment
      • Employee Termination Checklist
      • Internet Access Request
      • Internet Use Approval
      • Internet & Electronic Communication - Employee Acknowledgment
      • Mobile Device Access and Use Agreement
      • Employee Security Acknowledgement Release
      • Preliminary Security Audit Checklist
      • Security Access Application
      • Security Audit Report
      • Security Violation Reporting
      • Sensitive Information Policy Compliance Agreement
  • 243 Full Job Descriptions which includes all of the job descriptions in the premium edition
  • Order DRP BCPSample DRP BCPDRP Customers

    The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement.  The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

    • Plan Introduction
    • Business Impact Analysis - including a sample impact matrix
    • DRP Organization Responsibilities pre and post disaster - DRP / BCP checklist
    • Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
    • Recovery Strategy including approach, escalation plan process and decision points.
    • Disaster Recovery Procedures in a check list format
    • Plan Administration Process
    • Technical Appendix including definition of necessary phone numbers and contact points
    • Job Descriptions
      • Disaster Recovery Manager
      • Manager Disaster Recovery and Business Continuity
      • Pandemic Coordinator
    • Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)
    There is a extensive section that shows how a full test of the DRP can be conducted.  It includes

    • Disaster Recovery Manager Responsibilities
    • Distribution of the Disaster Recovery Plan
    • Maintenance of the Business Impact Analysis
    • Training of the Disaster Recovery Team
    • Testing of the Disaster Recovery Plan
    • Evaluation of the Disaster Recovery Plan Tests
    • Maintenance of the Disaster Recovery Plan

    Click on the link below to get the DRP/BC sample pages now and make it part of your disaster recovery toolkit.

    Order DRP BCPSample DRP BCP

    Backup Matrix - Sample from Disaster Recovery Manual

    Backup Matrix

    Order DRP BCPSample DRP BCP

     

     

     

     

     

     

    Disaster Recovery Manual News




    Business Continuity Planning 101

    Disaster Business Continuity

    The basic process for developing a business continuity plan is:

    • Create a business continuity planning team: Members should be from operations management, the chief security officer, the IT department, legal staff, and human resources.
    • Define leadership roles: Determine which executives and employees are critical to operating the business (and supporting customers) that need to have access to key systems and information at all time.
    • Assume the worst and plan for needed extra capacity: Before an event occurs, businesses need to plan ahead for increased network bandwidth and secured remote access requirements.
    • Define emergency voice and data communications solutions: There are many to choose from, but a SSL VPN is one of the leading solutions to provide flexible, remote access, which is essential to any business continuity plan.
    • Define access points for operations, network and IT: Create a business continuity portal for employees and partners. If the company has an Intranet, this site becomes command central from which employees can access information - HR policies, emergency contacts and a "start here" feature should be included.
    • Contract for a secondary back-up site: Should the primary site be unavailable, companies should have a real-time mirror of data and staff housed at a secure facility.
    • Backup data: In the event that the secondary site is unavailable, organizations should plan for multiple layers of failover.
    • Plan to utilize smartphones and tablets: With mobile devices and "wireless networks", IT departments can leverage these tools to ensure complete connectivity in times of emergencies.
    • Pre-arrange Internet meeting capabilities: In the event of an office closure, employees still need to communicate internally or with external parties (i.e. suppliers, customers). Implement the technology before it is needed
    • Review number of sites and VPN gateways: Conducting an annual audit to provide a complete picture of your network and the ability to address problem areas before a disaster strikes.
    • Test and  test again: These 'fire drills' enable the business continuity team to see how the current system is working, especially when employees are accessing information from remote locations (i.e. from home, a relative's house, and hotel). Once complete, those in management, IT and human resources can modify their business continuity plan accordingly.
    - more info



    Core backup and recovery concerns

    Backup PolicyCIOs and IT Managers need to consider manadated compliance requirements

    • Question that need to be answered are:
    • Is our data safe in transit and at rest?
    • What prevents hackers from gaining access to our data?
    • Is our data properly handled, stored, and deleted?
    • Who can access our data?
    • What are the benchmark measurements?
    • Is our data backup strategy compliant?
    • Will our recovery be successful?
    - more info



    How long should it take to create a business continuity plan?

    Disaster Business Continuity

    Business continuity planning is a continual process, and not something that is done once and filed away to be used in an emergency. In error many organisations treat the creation of a business continuity plan as a normal project, subsequently deploying the plan and handing over to an operational department for maintenance.

    In most organizations, DR is the quintessential complex, unfamiliar task. Disasters happen so rarely that recovery operations are the opposite of routine. What's more the myriad, interconnected data, application and other resources that must be recovered after a disaster make recovery an exceptionally difficult and error-prone effort.

    How to create a business continuity plan...

    - more info



    Which states had the fewest major weather disasters

    The U.S. has sustained 112 weather/climate disasters over the past quarter century in which overall damages/costs reached or exceeded $1 billion. The total standardized losses for the 112 events exceed $750 billion, according to The National Oceanic and Atmospheric Administration (NOAA), National Climatic Data Center.

    Disaster Types

    Order Disaster Plan TemplateDisaster Plan Template
    - more info



    Foundation necessary for disaster recovery and business continuity

    As an essential foundation step toward disaster recovery and business continuity readiness, are these best practices:

    Preparing for Disaster
    Order Disaster PlanDisaster Plan Template
    • Extending management technologies that automate the process of asset management, system configuration, and software distribution (This reduced the number of steps that required hands-on intervention and reduced IT staff time.)
    • Constraining their environment to a finite number of standard processors, operating systems, database products - making it easier to maintain and update
    • Consolidating servers over a long-term road map, reducing the number of server "footprints" that had to be maintained and updated
    • Standardizing IT practices, especially management of settings and configurations
    • Providing protected storage space within the organization's storage resources and establishing rules for backup of mission-critical data (This ensured adequate capacity for backup and recovery procedures and for restart of applications.)
    Backup PolicyBlog PolicyCommunication PlanElectronic CommunicationMobile Device UseOutsourcing Policy
    Records Management
    Sensitive InformationSLA PolicySocial Networking PolicyTelecommutingTravel Laptop PDA
    Disaster PlanningSecurity Policies ProceduresJob DescriptionsIT Infrastructure, Strategy, & Charter TemplateIT Salary SurveyDRP Security
    - more info



    Information security incident management - 27035:2011

    ISO has announced the official launch of the new International Standard entitled 'Information technology – Security techniques – Information security incident management', the standard gives ‘how to’ guidance on detecting, reporting and assessing information security incidents and vulnerabilities.

    Information technology – Security techniques – Information security incident managementISO says that ISO/IEC 27035:2011 will help organizations respond to information security incidents, including the activation of appropriate controls for the prevention and reduction of, and recovery from, impacts, and, in so doing, learn and improve their overall approach.

    Edward Humphreys, whose team developed the original version of the standard, ISO/IEC TR 18044:2004, commented: “Effective and timely handling of major incidents can make the difference between the survival or death of an organization. The new ISO/IEC 27035 standard provides tried and tested advice on the processes and methods that need to be deployed for ensuring effective management of information security incidents.

    Incidents can vary from the minor, which may have an impact on an isolated business system to a major incident, which affects all business systems. Some incidents have the effect of disrupting an organization and the use of its business resources for 24-72 hours or more; some cause a serious loss and/or destruction of data and some can leave the organization with a serious crime on their hands. ISO/IEC 27035:2011 offers a solution.

    Order PolicySample Policy

    ISO/IEC 27035:2011, which replaces technical report ISO/IEC TR 18044:2004, supports the general concepts specified in ISO/IEC 27001:2005.

    The new standard is applicable to any organization, irrespective of size. It covers a range of information security incidents, whether deliberate or accidental, and whether caused by technical or physical means.

    - more info



    Business Continuity Experts Do Not Agree on a Key Definition

    The maximum tolerable period of disruption (MTPD) is the term used for the requirement within which a recovery time objective (RTO) needs to be set. It is not universally accepted by business continuity practitioners and still seems to cause a great deal of confusion.

    Disaster Business Continuity

    The Business Continuity Institute's Good Practice Guidelines defines MTPD as "The duration after which an organization's viability will be irreparably damaged if a product or service delivery cannot be resumed." This seems straightforward and unambiguous enough, but it's only when you look closely at the definition and try to think about how it might be applied in practice that you'll see that not only is it of very little use, but it is also different from what was originally intended.

    If something does not work in practice then the theory is wrong. The idea that there is some point beyond which an organization's viability will be irreparably damaged if a product or service delivery cannot be resumed would be an extremely useful concept if such a thing existed. However, in practice, you will never really know if an organization's viability has been irreparably damaged until the organization fails, let along the point at which this happens.

    - more info



    Disasters can occur any where at any time

    Disasters are unpredictable by nature and can strike anywhere at anytime with little or no warning. Recovering from one is expensive and time consuming, particularly for those who have not taken the time to think ahead and prepare for such possibilities.

    Disaster Planning - Janco has found that 80% of all enterprises that do not have a disaster recovery / business continuity plan in place before a disaster occurs never reopen.  However, when disaster strikes, those who have prepared and made recovery plans survive with comparatively minimal loss and/or disruption of productivity.

    Disaster Business Continuity

    Disasters can take several different forms. Some primarily impact individuals -- e.g., hard drive meltdowns -- while others have a larger, collective impact. Disasters can occur such as power outages, floods, fires, storms, equipment failure, sabotage, terrorism, or even epidemic illness. Each of these can at the very least cause short-term disruptions in normal business operation. But recovering from the impact of many of the aforementioned disasters can take much longer, especially if organizations have not made preparations in advance.

    Most of us recognize that these potential problems as possibilities. Unfortunately the randomness of some of these disasters lulls some organizations into a sense of false security-"that's not likely to happen here." However, if proper preparations have been made, the disaster recovery process does not have to be exceedingly stressful. Instead the process can be streamlined, but this facilitation of recovery will only happen where preparations have been made. Organizations that take the time to implement disaster recovery plans ahead of time often ride out catastrophes with minimal or no loss of data, hardware, or business revenue. This in turn allows them to maintain the faith and confidence of their customers and investors.

    Disaster Recovery Planning is the factor that makes the critical difference between the organizations that can successfully manage crises with minimal cost and effort and maximum speed, and those that are left picking up the pieces for untold lengths of time and at whatever cost providers decide to charge; organizations forced to make decision out of desperation.

    - more info



    Reducing recovery time

    Rather than thinking of a recovery effort as a sequence of three steps performed in a more or less linear way - first, data recovery, then application re-hosting, then user reconnection.

    Janco suggests an alternative. First, sufficient data (including application software) is used to re-host the application and users are reconnected to the recovery platform where they can proceed with order taking, email, and other functions. At the same time, more and more of the production system’s historical data is recovered.

     Order Disaster PlanDisaster Plan Sample

    Such a strategy has the potential to abbreviate time-to-recovery by making critical application functionality available to workers sooner, enabling work to continue almost immediately after an
    interruption event occurs and while the impact of the event is being reduced.

    This strategy has enormous potential to improve business continuity strategies without significantly increasing their costs.

    - more info



    Disaster Planning for international enterprises

    Disaster recovery and business continutiy plans for internationaly base organizations need to take in to account limitiations that various counties place on location of data.

    Many parts of Europe forbid some data from being transmitted or stored outside of the country. Canada also has some rules that prohibit some data being stored in the United States due to the U.S. Patriot Act's provisions that let the federal government examine corporate records.

    It's important to note that the legal issues are local to where your customer resides. You have to understand the laws and make sure that personally identifiable data and some financial records are kept local if required by the law.

    This could be an issue as cloud computing systems become more distributed. Indeed, while the primary facility may be in-country, the failover site, or perhaps the site used when the primary site is under maintenance, could be across the border and, thus, noncompliant.

    - more info