Disaster Recovery Plan Template 5.4Business Continuity
|
This Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. Version 5.4 - Release Date May 18, 2009
Version 5.3 – Release date January 2, 2009
Version 5.2 – Release date August 1, 2008
Version 5.1 – Release date July 1, 2008
Version 5.0 – Release date February 21, 2008
Version 4.5 – Release date November 1, 2007
Version 4.4 – Release date September 4, 2007
Version 4.3 – Release date July 26, 2007
Version 4.2 – Release date February 1, 2007
Version 4.1 – Release date August 28, 2006
Version 4.0 - Release date March 5, 2006
Version 3.1 - Release date January 2, 2006
|
This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Template, Disaster Recovery
Disaster Recovery / Business Continuity News
Minimun and Standard Power Protection for Workstations for DRP and BCP
Personal computers and remote servers often are damaged by
subtle anomalies that users never see, such as sags, surges, spikes, brownouts,
line noise, frequency variation, switching transients and harmonic distortion. A
business on typical utility power is subjected to these hidden power problems
every day and complete outages several times a year. Solutions that you should
implement for all such equipment include:
-
Minimum - Surge suppressors address the power surges, but have no effect on the under-voltage and variance conditions that can erode equipment health over time or zap it in an instant.
-
Standard - Uninterruptible Power Systems (UPSs) protect your IT systems by conditioning incoming power to smooth out the sags and spikes that are all too common on the grid and other primary sources of power Providing ride-through power to cover for sags or short-term outages (30 60 minutes, typically).
Disaster planning, emergency preparedness, or business continuity
Disaster planning, emergency preparedness, or business continuity (and experts note that there are differences) - the goals are ultimately the same: to get an organization back up and running in the event of an interruption. The problem causing the interruption could be one computer crashing or an entire network crashing. Or it could be an electrical outage or the result of a terrorist activity. The goal is to have some contingency plans in the event of a problem. A disaster recovery plan exists to preserve the organization so that it can continue to offer its services.
A disaster recovery plan is a users' guide - the documentation - for how to preserve an organization. In order for a plan to be useful, it must be created before an interruption occurs. Business continuity is disaster recovery. Lost revenue is a driving force in business continuity. The reason to do a recovery plan is essentially to keep the funding coming in and the services going, and the clients being served.
-
Emergency planning are those procedures and steps done immediately after an interruption to business.
-
Disaster recovery are the steps taken to restore some functions so that some level of services can be offered.
-
Business continuity is restoration planning, completing the full circle to get your organization back to where it was before an interruption.
In order to write your plan, you have to do some planning. This planning is the process that will get you to the step where you then commit your plan to paper - you cant write a plan until you do the preparation. The most difficult thing is getting started; the second most difficult task is keeping the plan current.
- more infoThe Difference Between Disaster Recovery Planning and Business Continuity Planning Defined
Disaster Recovery Planning (DRP) is the process by which you resume business after a disruptive event. This typically means that you can get the enterprise computers, networks, and data base operational. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.
Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. However Janco has found that over one third of all enterprises have had to activate their Disaster Plans in the last few years.
Business Continuity Planning (BCP) suggests a more comprehensive approach to making sure you can keep the enterprise going and meet it business objectives. This goes beyond the enterprise computers, networks and data bases. However, the two terms are married under the acronym DR/BC or DRP/BCP. At any rate, Disaster Recovery Planning and/or Business Continuity Planning facilitate how a company will keep functioning after a disruptive event until its normal facilities are restored.
- more infoDisaster Recovery Business Continuity Scope
Recognizing the scope of the requirements, Janco suggests that you purchase the Disaster Recovery Business Continuity Template and the do the following:
- Conduct a business impact assessment. This involved a crossfunctional team to evaluate the business requirements and tier data based on the importance to our business operations.
- Protect data and
applications. It was important to back up data frequently to
ensure records are kept, so we needed to upgrade
our backup equipment to a faster version to reduce the time it took to complete a backup cycle. - Review power and connectivity options. We needed to add uninterrupted power supplies (UPS) and connectivity for critical servers, network connections and selected personal computers to keep the most essential applications running in case of a power outage.
- Document, test and update the disaster preparedness plan. Part of the Janco Disaster Recovery and Business Continuity Template plan needs you to include updated configuration diagrams of the hardware, software and network components to be used in the recovery. The plan also needed to include logistical details, such as travel to backup sites and spending authorization for emergency needs.
- Consider telecommunications alternatives. Often taken for granted, telecommunications backup involving redundancy and alternatives needed to be in place - and in the case of spot outages, redundancy may be enough. For larger outages, alternative communications vehicles, including wireless phones, wireless data cards and satellite phones, had to be considered.
Testing is Critical to Disaster Recovery Planning
Importance of testing is critical to the disaster recovery and business continuity planning.
All good disaster recovery and contingency plans start with having a good solid backup of data. Although systems and applications can be reinstalled and reconfigured, data cannot be rebuilt out of thin air. The key to having a good backup is to make sure the data is correct and can be successfully restored. This is not always as easy as it seems. One company had such an issue. Their backup administrator did not correctly follow procedures and when he thought he was doing a backup, he actually was not writing anything. When they tried to restore a database, they found out all the tapes were blank.
- more infoCost of Disaster Recovery Backup Is High For Many Enterprises
The need for de-duplication is increasing for many organizations as they gather ever-growing volumes of data. At the same time, they are looking for ways to reduce storage costs, improve efficiencies and provide adequate disaster recovery capabilities. The key benefit is the ability to lessen the Total Cost of Ownership (TCO) of storage hardware by eliminating redundant blocks of data and then allowing organizations to replicate that data -- if required -- to a second system for offsite storage. That can remove the need for tape. Data de-duplication not only allows companies to reduce the disk space needed for backup and restore, but it can increase performance and reliability while reducing demands for rack space, power and cooling. Further, it can reduce the bandwidth requirements for data transfer by 90 percent or more. - more infoPandemic Alert Level 5 Requires DRP/BCP Plans be Activated
The World Health Organization has raised the pandemic alert over the spread of swine flu to phase 5.
WHO says that based on assessment of all available information and following several expert consultations raised the current level of influenza pandemic alert from phase 4 to 5.
While making the annoucement, WHO stated that all countries should immediately activate their pandemic preparedness plans. At this stage, effective and essential measures include heightened surveillance, early detection and treatment of cases, and infection control in all health facilities.
- more infoDisaster Planning for a Pandemic
In disaster planning when a pandemic occurs the data center exists but people are in separate locations. The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities in addition before the pandemic occurs the following planning needs to take place:
- Define necessary staff levels for critical business processes
- Identify who can work remotely and who has to be in the office
- Validation of vaccinations for key staff members
- Identify the lights out processing issues for computer operations staff
- Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
- Train and test of users and IT staffs in how to operate from remote locations Require key employees to work from remote site at least once a month
- Validate broadband capacity to remote sites (home users)
- Have copies of disaster plan available in remote site
- Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
- Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
- Define change management and version control processes to be used and how they will be controlled during the pandemic.












