Science Fair Project Encyclopedia
Disaster Recovery Plan
Disasters & Information Technology
As information technology systems, networks, and organizations become complex, disaster recovery becomes more essential to the continuity of companies worldwide. The more complex an organization is, the more financial loss it can incur in the event of a disaster. Although some companies can spend up to 25% of its information technology budget on disaster recovery, it is a worthwhile cost to minimize the downtime and reduce potential losses.
Disaster Recovery Plans
A practical disaster recovery plan is one that is proactive, well planned, and most importantly, in place and well tested before a disaster strikes (Robbins Gioia LLC, Preparing for the Worst: A Best-Practices Guide to Disaster Recovery, p. 1).
Organizations should develop written, comprehensive disaster recovery plans that assess all the critical operations and functions of the business. In addition, they should include documented and tested procedures, which, if followed, will ensure the ongoing availability of critical resources and continuity of operations. Even though the probability of a disaster occurring in an organization is highly uncertain, a disaster plan provides a certain level of comfort assuring that if a major catastrophe occurs, financial liability will be limited.
A disaster recovery plan (DRP), is sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP). The plan should outline in detail how a company or organization is to deal with potential disasters, whether naturally occurring or man made. The plan provides ways for a company to prepare for a disaster in order to minimize its effects. It also outlines post disaster actions to ensure the organization can resume operations as soon as possible.
A disaster recovery plan should take into consideration of customers, facilities and knowledge workers, business information, computer equipment, and communications infrastructure. The following addresses the above factors in greater detail.
Customers: Include both end consumers and B2B suppliers and customers. These stakeholders will be reassured if they are involved in the disaster planning process in order for them to plan accordingly.
Facilities: Companies can have more than one site for the company. In case of a physical disaster, the company can be quickly relocated to another site that is also attached to its server so business processes can be quickly resumed.
Types of Facilities:
Hot: Almost a duplicate of the original facility, fully equipped and ready for use immediately after the disaster.
Warm: Contain most of the features of the mother facility, but without the most relevant technology available.
Cold: A mock site for the company to momentarily stabilize itself after a disaster. It is without computer equipment installed.
Knowledge workers: Train workers and provide them with the information and personal care so they have the necessary knowledge to function during and post disaster.
Business Information: All business information should be backed up regularly. Some companies perform this daily; some even do it on an hourly basis. This ensures the most up-to-date information is available as soon as the disaster passes.
Computer Equipment: Large companies have a myriad of different software and operating platforms. Organizational costs for this level of complexity is quite high, however the benefits of being prepared for disaster will greatly outweigh the costs.
Telecommunication infrastructure: This relates to how a company communicates with its external and internal partners. It is important to have a backup telecommunications carrier and portable handheld devices, i.e. blackberries. (The above section is adapted from: Cummings, Donavan, Haag, McCubbrey, Pinsonneault, Management Information Systems: For the Information Age, McGraw-Hill Ryerson. Toronto: 2004)
Steps in Developing Disaster Recovery Plans
1. Obtain support from management & establish a planning committee
Top management must support and be involved in the development of the disaster recovery planning process. They should be taking the lead for coordinating the recovery plan and updating it as conditions change. A planning committee should be established to oversee the plan development and appoint employees from various departments to carry out the plan.
2. Gather requisite documents and information
Having access to the necessary information is a pre-requisite to a workable plan. The expedite the exercise, ensure that these are readily available to the planning team 1.
3. Perform a risk assessment
The company must establish a guideline of what constitutes a harmful loss of data. This is accomplished considering the impact of losing data. For example, in the event of a system mal-function, a company that is client based will suffer substantial loss as client information is an essential part of its daily business activities.
A risk analysis can be completed by the planning committee by assessing possible disasters, such as natural, technical and human disasters. Each functional area of the organization should be analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk assessment process should also evaluate the safety of critical documents and vital records (Wold, G., Disaster Recovery Planning Process).
4. Establish priorities
Next the company should consider the loss of ACCESS to the database itself. What will be consequences of your end users not being able to access information for a period time after a disaster? For example, loss of data in an airline will result in mass confusion regarding the arrival and departure of individuals on board planes. Answering such questions will assist firms in determining priorities in the operations and what the disaster recovery plan should focus on.
Areas of consideration can include and not limited to:
Key operation functions
Documentation and record keeping
Policies and procedures
5. Determine Recovery Strategies
After the organization has concluded what is a harmful loss and the consequences of the inability of accessing certain information, it can then begin to develop a backup strategy.
Alternatives recovery strategies may include a combination of the following:
Hot, warm, and/or cold sites
data and service centres
Vendor supplied equipment
(Chapple, M., SQL Server Disaster Recovery)
6. Perform Data Collection
The recommended data gathering materials and documentation that all organizations should consider include:
Backup position listing
software, equipment and hardware inventory
Insurance Policy inventory
Master call list
Master vendor list
General supplies inventory
Off-site storage location inventory
7. Organize and document a written plan
At this stage, a detailed outline of the contents should be prepared for the review and approval of top management. The benefits of this doing so are that it:
Helps to organize the detailed procedures
Identifies all major steps before the writing begins
Identifies redundant procedures that only need to be written once
Provides a road map for developing the procedures
Ensure consistency in writing styles
The written plan should be composed of the following:
Immediate response after a destructive event
Evacuation of facility and notification to emergency services
Notification sequence for team leaders and backups
Establishing a temporary Business Recovery Command Center
Preliminary and detailed damage assessment
Recall of vital records from off site storage
Handling legal, financial and insurance issues
Dealing with the news media to mitigate misinformation
Locating interim facilities to restart your business
Recovery of PCs, LANs and Mid-range systems
Establishing voice and data communication
Addressing human resource and accounts payable/receivable issues
Replacement of equipment, furniture and supplies
Notification to clients, customers, suppliers and stock holders
Restarting your business
Reconstruction of the damaged or destroyed facility
8. Testing the Plan
An initial test of the plan should be performed by conducting a structured walk-through. Any glitches can then be resolved and further improvements can be made as appropriate.
9. Approve the plan
At the last stage, management should approve the plan and agree to implement in the organizations and accommodate for future improvements to the plan as changes occur.
(Adapted from: Steps in Recovery Process, at http://www.drj.com/new2dr/w2_002.htm)
Chapple, M., SQL Server Disaster Recovery, http://databases.about.com/od/sqlserver/a/disaster.htm, Retrieved on March 19, 2005.
Cummings, Donavan, Haag, McCubbrey, Pinsonneault, Management Information Systems: For the Information Age, McGraw-Hill Ryerson, 2004 http://www.gcn.com/Resource/disaster.pdf, Retrieved on March 19, 2005.
Disaster recovery plan reference list: http://www.disaster-recovery-guide.com/doclist.htm
Robbins Gioia LLC, Preparing for the Worst: A Best-Practices Guide to Disaster Recovery, Sterling Network Services, http://www.sterlingnetwork.com/
Wold, G., Disaster Recovery Planning Process, http://www.drj.com/new2dr/w2_002.htm, Retrieved on March 19, 2005.
Disaster planning website: http://www.brproactive.com/
Disaster recovery guide: http://www.disaster-recovery-guide.com
Background Information: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci752089,00.html
The contents of this article is licensed from www.wikipedia.org under the GNU Free Documentation License. Click here to see the transparent copy and copyright details