Disaster Recovery Plan Template
Business Continuity
ISO 27000 (formerly ISO 17799), Sarbanes - Oxley,
PCI-DSS & HIPAA Compliant
The Standard for Disaster Recovery and Business Continuity
This
Disaster Recovery Plan (DRP) can be used as a Disaster Planning
template for any enterprise. The Disaster Recovery template and
supporting material have been updated to be Sarbanes-Oxley and HIPAA
compliant. The Disaster Planning Template comes as both a Word and
static fully indexed PDF document and includes:
Disaster Recovery Plan and Business Continuity Template
Business and IT Impact Analysis Questionnaire
Work Plan
Disaster Recovery / Business Continuity Audit Program
Preparation for Disaster Recovery / Business Continuity in light of
SOX has two primary parts. The first is putting systems in place to
completely protect all financial and other data required to meet the
reporting regulations and to archive the data to meet future
requests for clarification of those reports. The second is to
clearly and expressly document all these procedures so that in the
event of a SOX audit, the auditors clearly see that the DR plan
exists and will appropriately protect the data.
Compliance with the ISO 27000
Series Standards (formerly ISO 17799 now ISO 27001 & ISO 27002),
Sarbanes-Oxley, PCI-DSS, and HIPAA
Web Site Disaster Recovery Planning Form
Project Status Report Form
Personnel Location Report
Department Disaster Recovery
Activation
Workbook
Quick Reference Guide
Team Alert List (Form)
DRP Team Responsibilities
DRP Team Checklist
Critical Function(s) Definition
Normal Business Hour Response Procedures
After Hours Response Procedures
DRP Location(s) Definition
DRP Recovery Procedures
Notification Procedures
Notification Call List (Form)
Updated Business and IT Impact
Analysis Questionnaire
Vendor Disaster Recovery Questionnaire
Vendor Phone List Form Updated
Key Customer Notification Form
Critical Resources to be Retrieved Form
Business Continuity Off-Site Materials Form
Business Continuity Audit Program
The premium edition contains 14 full job descriptions. They are:
Chief Information Officer
Chief Security Officer
Chief Compliance Officer
VP Strategy and
Architecture
Director Disaster Recovery
and Business Continuity
Director e-Commerce
Manager Disaster Recovery
Manager Disaster Recovery
and Business Continuity
Disaster Recovery
Coordinator
Disaster Recovery -
Special Projects Supervisor
Manager Database
Capacity Planning
Supervisor
Manager Media Library
Support
Manager Site Management
The DRP template is over 200 pages and includes
everything needed to customize the Disaster Recovery Plan to fit your specific
requirement. The electronic document includes proven written text and
examples for the following major sections of a disaster recovery plan:
Plan
Introduction
Business Impact
Analysis - including a sample impact matrix
DRP Organization
Responsibilities pre and post disaster - drp checklist
Backup Strategy
for Data Centers, Departmental File Servers, Wireless Network
servers, Data at Outsourced Sites, Desktops (In office and "at
home"), Laptops and PDA's.
Recovery
Strategy
including approach, escalation plan process and decision points
Disaster
Recovery Procedures
in a check list format
Plan
Administration
Process
Technical
Appendix including definition of necessary phone numbers and
contact points
Job Description
for Disaster Recovery Manager (3 pages long) - entire disaster
recovery team job descriptions are available.
Work Plan
to modify and implement the template. Included is a
list of deliverables for each task. (Risk Assessment and Vulnerability
Assessment)
There is a extensive
section that show how a full test of the DRP can be conducted. It
includes
Disaster
Recovery Manager Responsibilities
Distribution
of the Disaster Recovery Plan
Maintenance
of the Business Impact Analysis
Training
of the Disaster Recovery Team
Testing
of the Disaster Recovery Plan
Evaluation
of the Disaster Recovery Plan Tests
Maintenance
of the Disaster Recovery Plan
Click on the link below to get the
DRP/BC sample pages
now and make it part of your disaster recovery toolkit.
Testimonials
Testimonial -
Dave Baker - City of Hamilton -I have found
the DRP template invaluable!
Testimonial -
Bob Rifenbury -MCSE/CCNA Lauch
Testing Lab -The DRP Template saved me about 6 months of work!
Testimonial - Kelly Keeler -
Martin's Point Health Care -I have received and I began using the template
immediately. IT IS GREAT! Made this process a snap for me. Cut my
documentation time down from. weeks to hours! This document has made,
what began to be an overwhelming process turn into a snap!
Testimonial -
Juan Stamos - Mexico City
Corporation -We had a DRP in place, but
needed a more user friendly structure. The Disaster Recovery Template (Gold
edition) has that structure. It was very easy to quickly move our DRP into
Janco's DRP Template -- a real added value.
* Update service is for 12 months unless it is purchased within 30
days of the purchase of the Template. Janco reserves the right
to validate purchase of the customer was made for the template.
British Oppose Disaster Planning Law
- BBC: Environmental groups are
campaigning against planning
laws they claim will lead to "faceless bureaucrats" taking decisions on
major projects. Opponents of the government's Planning Bill say it sweeps away
local accountability for developments such as motorways and airports. Instead,
they want people to have more say on the decisions that affect
them.
The government says planning laws need reform to
meet long-term challenges, such as those posed by climate change. The bill,
currently going through Parliament, aims to replace the current system of
holding a sometimes lengthy and expensive public inquiry each time a major
infrastructure project is proposed, such as an airport or a power
station.
Â…People living near the proposed projects would
have limited opportunities to object. The government argues that the reform is
needed to ensure the planning system can "meet the long-term challenges we face
as a society."
Â…But the Planning Disaster Coalition, which
include Friends of the Earth, the National Trust and the Campaign to Protect
Rural England says the change will make a "mockery" of democracy, by taking away
the rights of people to have their say on developments in their local
areaÂ….
Threre a a number of ways in which an enterpriser can add value in their
disaster recovery capabilities. For example, storage vendors are enhancing their
replication capabilities, tools for rapid recovery for databases and core
applications like Exchange are finding their way into organizations of all
sizes, and virtualization has opened new disaster recovery opportunities to a
wide range of organizations.
However, before placing the technology cart before the horse, a critical
phase in any form of disaster recovery planning and design is to establish a
solid understanding of applications and their interdependencies. A good initial
step in this process is the establishment of a disaster recovery application
inventory.
What should such an inventory include? While requirements can vary depending
on the organization, a basic listing should include the following items:
Application name and description
Business function -- the business unit or functional area the application
supports
Business process -- the specific business process supported
Recovery objectives -- stated recovery time objective (RTO) and recovery
point objective (RPO) targets for the application
Known related applications -- this includes both applications that act as
sources and targets in the business process
Server details -- a list of the actual servers, both physical and virtual,
on which the application resides, along with configuration details
Storage details -- the actual storage devices and logical unit numbers
(LUN) allocated to the servers
Software requirements -- specific information about the
software
Disk-based vs. Tape Backup:
The Pros and Cons All organizations use tape to back up data nightly. Tape is
fairly inexpensive and low-tech, but managing and administering tape, backing up
to tape and restoring files from it can be time consuming, unreliable and
complex. Disk has always been an easier, more reliable alternative, but until
recently its high acquisition cost has made it untouchable for many
organizations. Fortunately, new disk and data reduction technologies have
recently converged to make disk-based backup available at about the same price
of tape backup systems.
Disaster Planning and Security Management a Real Issue
-
Consider the Herculean efforts today to
protect the network from threats: Intrusion prevention systems scan packets for
potentially damaging content; email security systems check for viruses in email
content and firewalls block unsolicited connections. To stop the onslaught of
threats to corporate and government networks, a host of software and appliances
are being deployed daily . In general, these border police applications are
doing a fairly decent job of stopping unauthorized intrusion at the door to your
network.
But what about organizational insiders? Which
applications or appliances are scrutinizing the information being passed out of
the network? Intrusion prevention systems and firewalls arenÂ’t looking for
intellectual property sliding out the door right under their virtual noses.
Specifically in healthcare organizations, what about patient information sent
unprotected over the Internet to another provider? Add in the always-changing
regulatory environment, and security is a unique challenge. All it takes is one
misstep to compromise sensitive information. These are legitimate, authorized
users communicating in an above-board way – but potentially exposing sensitive
data in the process. This is the core of the immensely complex problem of data
loss.
To address the data loss problem, organizations need to focus now on
content filtering and blocking of electronic communications leaving the network
– and not just email, but instant messaging (IM), webmail, HTTP and FTP
communications as well . All avenues of electronic communication need to be
policed to prevent intellectual property, financial information, patient
information, personal credit card data, and a variety of sensitive information
(depending on the business and the industry) from falling into the wrong
hands.
The global enterprise has a voracious appetite for data, and
little patience for downtime. According to a recent Forrester report, 82 percent
of larger IT organizations rated improving recovery time as a “critical” or
“very critical” business priority. The need for continued focus and investment
is clear, especially when you consider that data-at-rest in enterprises is
growing at a compounded rate of 55 percent a year. Moving all that data is a
mounting challenge, and business simply cannot wait.
To meet these growing demands at a reasonable cost,
organizations are moving to IP-based networks; 70 percent of North American and
79 percent of European organizations use some combination of the Internet, MPLS
or Ethernet to connect to their primary backup datacenter. Bandwidth prices may
be in decline, but that doesnÂ’t mean it comes cheap. Bandwidth, on average, is
29 percent of the total cost of replication, backup and recovery solutions, and
is often constrained by the effects of latency.
End-to-end plans for turning disaster recovery into
full business continuity are very complex, but from an IP-network perspective it
can be reduced to three main
challenges.
Disaster plan need to take into account mainframes, blade
servers as well as distributed file servers. The problem is more complex
as enterprises slowly move away from IT and Business alignment towards IT and
Business convergence.For example,
3mMainframes continue to hold their own against the onslaught of distributed
server architectures, not because they are considered superior to newer
technologies but because they still have a unique role to play in the
enterprise. Recent market research indicates that 90 percent of mainframe users
see the devices as long-term data hub and transaction server solutions fully
suited to expected future workloads, particularly in SOA and Web services
endeavors. Distributed servers, meanwhile, are likely to appeal to specialized
shops with low MIPS requirements.
