Home
Search
Templates Kits
Salary Survey
HandiGuides
Job Descriptions
Policies
Compliance
White Papers
Update Service
Bundles
CIO Infrastructure
Promotions

 

Disaster Business Continuity

Security Policies Procedures

Job Descriptions

IT Salary Survey

IT Hiring IT Job Descriptions IT Salary Survey

Metrics Internet IT
Disaster Recovery Planning Template

Disaster Recovery Plan Template 5.4

Business Continuity
ISO 27000 Series, Sarbanes - Oxley,
PCI-DSS, & HIPAA Compliant

Version History

 

This Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant.

     

Version 5.4 - Release Date May 18, 2009

  • Added Pandemic Coordinator job description
  • Added Business Pandemic Planning Checklist
  • Updated organization chart to include Pandemic Coordinator
  • Corrected minor errata

Version 5.3 – Release date January 2, 2009

  • Updated backup and backup retention section
  • Updated style sheet to be CSS Style sheet format
  • Added Disaster Recovery Business Continuity General Distribution Information 
    • What to do after an explosion / terrorist attack
    • How to clean up after a disaster

Version 5.2 – Release date August 1, 2008

  • Replaced WORD 2003 style sheet with WORD 2007 style sheet
  • Updated all forms used in the template

Version 5.1 – Release date July 1, 2008

  • Added Backup & Backup Retention Policy (9 pages)
  • Minor Formatting Changes

Version 5.0 – Release date February 21, 2008

  • Updated  Disaster Recovery / Business Continuity Plan Audit Program to be compliant with ISO 27000 Series (ISO 27001 and ISO 27002)
  • Added a section on Communication Strategy and Policy to be implemented when the Disaster Recovery / Business Continuity Plan is activated
  • Added a section on Disaster Recovery / Business Continuity and Security basics
  • Added Personnel Location Report
  • Added Project Status Report Form

Version 4.5 – Release date November 1, 2007

  • Added Disaster Recovery / Business Continuity Audit Program 
  • Updated excel work plan to refer to sections versus pages

Version 4.4 – Release date September 4, 2007

  • Section added on implications of Sarbanes-Oxley, Treadway Commission, and PCI DSS requirements 
  • Disaster Planning Branch Offices added
  • Back-up strategy table added
  • Back-up strategy for PDA’s updated to reflect smartphones

Version 4.3 – Release date July 26, 2007

  • Defined generic metrics for DR/BC success
  • Business & IT Impact Analysis Questionnaire Updated
  • Updated references to the DRP card
  • Updated formatting to meet WORD 2007 requirements
  • A fully indexed version of the Template in PDF format included with the Word format
  • Now comes in both Office 2003 and Office 2007 formats

Version 4.2 – Release date February 1, 2007

  • Added Section defining the ISO 17799 compliance requirements
  • Review and modified entire DRP/BCP template to ensure compliance with ISO 17799
  • Business & IT Impact Questionnaire updated to meet ISO 17799 compliance requirements
  • Corrected errata
  • Added Best Data Retention and Destruction Practices Section

Version 4.1 – Release date August 28, 2006

  • Department DRP / BCP Activation Workbook Updated in the appendix
  • Correct work plan formatting and numbering for project initiation
  • Web Site Disaster Recovery Planning Form added to the appendix

Version 4.0 - Release date March 5, 2006

  • Vendor Disaster Recovery Planning Questionnaire added to the appendix
  • Department Disaster Recovery Planning Workbook added to the appendix
  • Vendor Phone List form updated
  • Key Customer Notification List form added
  • Critical Resources to be Retrieved form added
  • Business Continuity Off-Site Materials form added

Version 3.1 - Release date January 2, 2006

  • Site Strategy section added (Section 3.1) all other section numbers in Chapter 3 were increased to adjust for this modification.
  • Audit Disaster Recovery Plan Process added (Section 8.13).
  • Manager Disaster Recovery and Business Continuity job description added
  • Entire template reviewed to validate compliance with Sarbanes-Oxley

 


This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Template, Disaster Recovery

 

 

 

 

 

 

 

 

 

Disaster Recovery / Business Continuity News



Minimun and Standard Power Protection for Workstations for DRP and BCP

DRP BCP Power RequirementsPersonal computers and remote servers often are damaged by subtle anomalies that users never see, such as sags, surges, spikes, brownouts, line noise, frequency variation, switching transients and harmonic distortion. A business on typical utility power is subjected to these hidden power problems every day and complete outages several times a year. Solutions that you should implement for all such equipment include:

  • Minimum - Surge suppressors address the power surges, but have no effect on the under-voltage and variance conditions that can erode equipment health over time or zap it in an instant.
  • Standard - Uninterruptible Power Systems (UPSs)  protect your IT systems by conditioning incoming power to smooth out the sags and spikes that are all too common on the grid and other primary sources of power Providing ride-through power to cover for sags or short-term outages (30 – 60 minutes, typically).
- more info


Disaster planning, emergency preparedness, or business continuity

Disaster planning, emergency preparedness, or business continuity (and experts note that there are differences) -  the goals are ultimately the same:  to get an organization back up and running in the event of an interruption.  The problem causing the interruption could be one computer crashing or an entire network crashing.  Or it could be an electrical outage or the result of a terrorist activity.  The goal is to have some contingency plans in the event of a problem.  A disaster recovery plan exists to preserve the organization so that it can continue to offer its services. 

 

A disaster recovery plan is a users' guide - the documentation - for how to preserve an organization.  In order for a plan to be useful, it must be created before an interruption occurs.  Business continuity is disaster recovery.  Lost revenue is a driving force in business continuity.  The reason to do a recovery plan is essentially to keep the funding coming in and the services going, and the clients being served.

 

  • Emergency planning are those procedures and steps done immediately after an interruption to business.
  • Disaster recovery are the steps taken to restore some functions so that some level of services can be offered.
  • Business continuity is restoration planning, completing the full circle to get your organization back to where it was before an interruption.

In order to write your plan, you have to do some planning. This planning is the process that will get you to the step where you then commit your plan to paper - you can’t write a plan until you do the preparation.  The most difficult thing is getting started; the second most difficult task is keeping the plan current.

- more info


The Difference Between Disaster Recovery Planning and Business Continuity Planning Defined

Disaster Recovery Planning (DRP) is the process by which you resume business after a disruptive event.  This typically means that you can get the enterprise computers, networks, and data base operational. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.

Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. However Janco has found that over one third of all enterprises have had to activate their Disaster Plans in the last few years.

Business Continuity Planning (BCP) suggests a more comprehensive approach to making sure you can keep the enterprise going and meet it business objectives. This goes beyond the enterprise computers, networks and data bases.  However, the two terms are married under the acronym DR/BC or DRP/BCP. At any rate, Disaster Recovery Planning and/or Business Continuity Planning facilitate how a company will keep functioning after a disruptive event until its normal facilities are restored. 

- more info


Disaster Recovery Business Continuity Scope

Disaster Recovery Business Continuity Scope

Recognizing the scope of the requirements, Janco suggests that you purchase the Disaster Recovery Business Continuity Template  and the do the following:

  • Conduct a business impact assessment. This involved a crossfunctional team to evaluate the business requirements and tier data based on the importance to our business operations.
  • Protect data and applications. It was important to back up data frequently to ensure records are kept, so we needed to upgrade
    our backup equipment to a faster version to reduce the time it took to complete a backup cycle.
  • Review power and connectivity options. We needed to add uninterrupted power supplies (UPS) and connectivity for critical servers, network connections and selected personal computers to keep the most essential applications running in case of a power outage.
  • Document, test and update the disaster preparedness plan. Part of the Janco Disaster Recovery and Business Continuity Template plan needs you to include updated configuration diagrams of the hardware, software and network components to be used in the recovery. The plan also needed to include logistical details, such as travel to backup sites and spending authorization for emergency needs.
  • Consider telecommunications alternatives. Often taken for granted, telecommunications backup involving redundancy and alternatives needed to be in place - and in the case of spot outages, redundancy may be enough. For larger outages, alternative communications vehicles, including wireless phones, wireless data cards and satellite phones, had to be considered.
- more info


Testing is Critical to Disaster Recovery Planning

Importance of testing is critical to the disaster recovery and business continuity planning.

All good disaster recovery and contingency plans start with having a good solid backup of data. Although systems and applications can be reinstalled and reconfigured, data cannot be rebuilt out of thin air. The key to having a good backup is to make sure the data is correct and can be successfully restored. This is not always as easy as it seems. One company had such an issue. Their backup administrator did not correctly follow procedures and when he thought he was doing a backup, he actually was not writing anything. When they tried to restore a database, they found out all the tapes were blank.

- more info


Cost of Disaster Recovery Backup Is High For Many Enterprises

The need for de-duplication is increasing for many organizations as they gather ever-growing volumes of data. At the same time, they are looking for ways to reduce storage costs, improve efficiencies and provide adequate disaster recovery capabilities. The key benefit is the ability to lessen the Total Cost of Ownership (TCO) of storage hardware by eliminating redundant blocks of data and then allowing organizations to replicate that data -- if required -- to a second system for offsite storage. That can remove the need for tape. Data de-duplication not only allows companies to reduce the disk space needed for backup and restore, but it can increase performance and reliability while reducing demands for rack space, power and cooling. Further, it can reduce the bandwidth requirements for data transfer by 90 percent or more. - more info


Pandemic Alert Level 5 Requires DRP/BCP Plans be Activated

The World Health Organization has raised the pandemic alert over the spread of swine flu to phase 5.

WHO says that based on assessment of all available information and following several expert consultations raised the current level of influenza pandemic alert from phase 4 to 5.

While making the annoucement, WHO stated that all countries should immediately activate their pandemic preparedness plans. At this stage, effective and essential measures include heightened surveillance, early detection and treatment of cases, and infection control in all health facilities.

- more info


Disaster Planning for a Pandemic

In disaster planning when a pandemic occurs the data center exists but people are in separate locations. The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities in addition before the pandemic occurs the following planning needs to take place:

  • Define necessary staff levels for critical business processes
  • Identify who can work remotely and who has to be in the office
  • Validation of vaccinations for key staff members
  • Identify the lights out processing issues for computer operations staff
  • Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
  • Train and test of users and IT staffs in how to operate from remote locations Require key employees to work from remote site at least once a month
  • Validate broadband capacity to remote sites (home users)
  • Have copies of disaster plan available in remote site
  • Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
  • Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
  • Define change management and version control processes to be used and how they will be controlled during the pandemic.
- more info