Business Disaster Recovery Plan

DISASTER RECOVERY

Business continuity programs are designed to keep a business up and running in the face of a disaster, but unfortunately, they don’t always work. Sometimes, continuity controls fail or the sheer magnitude of a disaster overwhelms the organization’s capacity to continue operations. That’s where disaster recovery begins. Disaster recovery is a subset of business continuity activities designed to restore a business to normal operations as quickly as possible following a disruption.

The disaster recovery plan may include:

1. Immediate measures that get operations up and running again temporarily, but the disaster recovery effort is not finished until the organization is completely back to normal operations.

2. Initial Response following an Emergency disruption to an Organisation is designed to:

  • Contain the damage caused by the disaster.
  • Recover whatever capabilities that can be immediately restored. Include a variety of activities depending upon the nature of the disaster and may include activating an alternate processing facility, containing physical damage or calling in contractors to begin an emergency response.

During a disaster recovery effort, the focus of most of the organization shifts from normal business activity to a concentrated effort to restore operations as quickly as possible.

But before we go into detailed recovery plan, we need to consider risk assessment (RA) and business impact analysis (BIA) to identify the IT services that support the academy critical business activities. Which we will then establish the recovery time objectives (RTOs) and recovery point objectives (RPOs).

The recovery time objective, or RTO, is the targeted amount of time that it will take to restore a service to operation following a disruption. The organization must also think about the amount of data that it needs to restore as well. The recovery point objective, or RPO, is the maximum time from which data may be lost as the result of a disaster. Together, the RTO and RPO provide valuable information to disaster recovery planning.

Read also  A Problem Statement Of Robotics Technologies Information Technology Essay

Before we explain more about the planning process we need to follow some strategies that will help us to make a proper planning process. The Disaster recovery strategies, ISO/IEC 27031, the global standard for IT disaster recovery, states, “Strategies should define the approaches to implement the required resilience so that the principles of incident prevention, detection, response, recovery and restoration are put in place.” Strategies define what you plan to do when responding to an incident, while plans describe how you will do it.

Once you have identified your critical systems, RTOs, RPOs, as shown in the table below, we can formulate the disaster recovery strategies that is suitable to protect them.

Critical systems

RTO/RPO

Threat

Prevention strategy

Response strategy

Recovery strategy

Account payable

4hrs/2hrs

Server Failure

Secure equipment room, backup server, UPS

Switch over to backup server, validate UPS running

Fix/replace primary server. fall back to primary server

Building security

2hrs/2hrs

Security systems destroyed

Locate systems in secure area, UPS, install protective enclosures around sensor unit.

Deploy guards at strategic points

Obtain/install replacement units, sensors

We have been able to modify strategy to planning process in this second table below;

Critical systems

Threat

Response strategy

Response action steps

Recovery strategy

Recovery action steps

Account payable

Server Failure

Switch over to backup server, validate UPS running

verify server is down, verify data has been backed up and is safe, test backup server, start switchover to alternate server.

Fix/replace primary server, fall back to primary server.

verify cause of server outage, obtain new server, install new server, test new server, fail systems back to new server.

Security systems destroyed

Deploy guards at strategic points

Verify security system is down, verify security data has been backup and is safe, contact guard agencies to source on-site guards, define guard duties, brief guards on duties, provide communications devices for guards.

Obtain/install replacement units, sensors

verify cause of security system outage, contact supplier to get a replacement, test replacement system, test sensors, restart security systems.

Read also  A Review On Enterprise Resource Planning Systems Information Technology Essay

When developing your organisation Disaster recovery plans, we make sure to review the global standards ISO/IEC 24762 for disaster recovery and ISO/IEC 27035.”This is a standard of requirements which deal with all aspects of information security within your organisation. This can vary from physical to intellectual to electronic security. You will establish what is critical to your business and how you therefore control and protect these aspects.”

http://www.computerweekly.com/feature/How-to-write-a-disaster-recovery-plan-and-define-disaster-recovery-strategies

http://www.cqsltd.com/other-iso-certifications/iso-27001.aspx?gclid=CjwKEAjw5M3GBRCTvpK4osqj4X4SJAABRJNC7bI7foCmSkHGTD9Zq4Q2Mu1emYpUEbahM7EaUDYv_RoCfXDw_wcB

From a staffing perspective;

  • This means that many employees will be working in temporary jobs that may be completely different from their normally assigned duties.
  • Flexibility is key during a disaster response. Also, the organization should plan disaster responsibilities as much as possible in advance and provide employees with training that prepares them to do their part during disaster recovery.
  • Communication is critical to disaster recovery efforts. Responders must have secure, reliable means to communicate with each other and with the organization’s leadership.

This communication includes ;

the initial communication required to activate the disaster recovery process, even if the disaster occurs after normal business hours.

It also includes regular status updates for both employees in the field and leadership and

it should include ad hoc communications capabilities to meet tactical needs.

Order Now

Order Now

Type of Paper
Subject
Deadline
Number of Pages
(275 words)