guide to disaster recovery. introduction to disaster recovery chapter 1
TRANSCRIPT
Guide to Disaster Recovery
Introduction to Disaster Recovery
Chapter 1
You Will Learn How To…
Develop a disaster recovery philosophy Describe the basic principles of disaster
recovery planning Describe and establish a business continuity and
disaster recovery function Understand the steps of disaster recovery
planning Understand the role of IT and network
management in disaster recovery
Disasters and Disaster Recovery
Disaster strikes often Everyday life is filled with incidents that
can disrupt business A disaster recovery plan allows for:
Business continuity during a disasterRestoration of normal operations
Developing a Disaster RecoveryPhilosophy
A disaster recovery philosophy is rooted in: An organization’s desire to protect and preserve its
positive public image An organization’s physical assets The lives of the organization’s employees
The image includes: High levels of customer satisfaction Faith of stockholders Other stakeholders for an organization
Organizations and Disasters
Many organizations have suffered through a disaster
The ones that have not are not immune Out of 250 organizations surveyed, three of
every 10 organizations surveyed for this book have been through a disaster
Disaster Recovery Planning
The process of assessing risks that an organization faces
Developing, documenting, implementing, testing, and maintaining procedures
Minimize losses after a disaster
Status of Disaster Recovery Planning
Nearly three of every four organizations have a disaster recovery plan in place
Disaster recovery planning is still a new process in many organizations
Disaster Recovering Planning Process
Too many people consider disaster recovery planning a mechanical process
There are certainly tedious and laborious aspects to developing a plan
Organizations have cultures, spirits, and images that permeate relationships with The organization Customers Business partners The public at large
Customers
A customer’s view of an organization is crucial to the organization’s success
Marketing managers hope customers see products as high quality and a good value
New customers are difficult and costly to gain Less costly to keep current customers satisfied Customer satisfaction is a prime marketing tool A good public image is an asset that takes years to
achieve and considerable diligence to maintain
Stockholder and Investor Relations
Maintaining investor faith is extremely important Institutional investor confidence is important Considerable effort is exerted to develop the faith and
trust of investors Efforts to maintain faith are less expensive than those
required to regain lost faith Organizations want to be viewed in the most positive
light possible Backup computers, emergency networks, and temporary
quarters are only tools
Disaster Recovery Planning
Intensified since September 2001 Three of every 10 organizations surveyed
report that their spending for disaster recovery planning has increased
One of every 10 organizations reports that spending has increased dramatically
Disaster Recovery Planning
Basic Principles of Disaster Recovery Planning
No off-the-shelf disaster recovery plan can meet the needs of all organizations
An effective plan recognizes an organization’s size and other defining characteristics
Planning Principles
A solid plan requires the support and participation of Upper-level management All business unit managers Legal counsel Directors of all functional departments such as
Human Resources, Facilities Management, IT, and Corporate security
Assessing risk requires time consuming, detailed analysis
Planning Principles
All policies and procedures must Support the critical needs of business operations Comply with all relevant laws and regulations Be understood by the parties responsible for
implementing hem Be approved by upper management
The plan must clearly delineate and document chain of command of the managers responsible for declaring, responding to, and recovering from a disaster
Planning Principles
The disaster recovery system must facilitate and allow control of communications among Decision makers Managers Staff External support organizations Law enforcement Emergency services Media
All policies and procedures must be available to all departments, managers, and staff during response and recovery
Planning Principles
All employees involved in disaster response and recovery must be trained to Implement documented procedures Address unanticipated problems
Procedures must be tested and rehearsed Planners must continually evaluate new threats and
business conditions as they develop During disaster response and recovery, the organization
must Evaluate the effectiveness of its procedures Monitor the physical safety and mental health of employees
Process of Disaster Recovery Planning
Implementing the plan and responding to disaster is an organization-wide effort
Plan development requires many types of knowledge and skills
Every organization-wide effort is laden with social and political obstacles that need to be addressed
Each step of planning is interrelated and builds upon the others
The disaster recovery planning team is responsible for developing the plan
Establishing Continuity and Recovery Function
Disaster recovery function consists of the people, departments, and support organizations that implement the plan and facilitate disaster recovery
How this function is organized depends on The geographical dispersal of facilities within an
organization The type of facilities occupied The number of employees Other factors
Staff of an Organization’s Disaster Recovery Function
A centralized authority or group Coordinates the development of disaster recovery
plans Plays a role in disaster response and recovery
Managers and staff in functional departments have enterprise-wide roles in disaster response and recovery
Department managers and representatives from business units have roles in disaster response and recovery to ensure the continued function of their business units
Understanding the Steps of Disaster Recovery Planning
Disaster recovery planning consists of eight major steps
Smaller organizations may be able to develop and document a plan in a few months
In larger organizations, initial planning can take many months and sometimes years
Management and all other members of the planning team need to understand The steps involved in developing a plan How these steps build upon each other and fit
together as a whole
Step One
The first step is organizing the disaster recovery planning team
The team must be a well-rounded group that represents all the functions of an organization
Requires a high-level manager as a champion Ideally, the champion should be the CEO or a
high-level manager designated by the CEO
Step One
The team must also have a designated leader, or two people who act as co-leaders
Each participating department should assign a primary representative and an alternate to the team for continuity
The team should be trained in disaster recovery planning Once in place, it should establish a schedule of activities,
including meeting times and dates for completing the eight steps of planning
There should be an awareness campaign about disaster recovery planning within the organization
Step Two
Assessing the risk that an enterprise faces is the next step
A business impact analysis is a method of assessing risks and determining the potential economic loss that could occur as a result of these risks All business processes must be identified and analyzed The planning team should review legal and contractual
requirements to determine the consequences of business disruption
The results help guide disaster recovery planning and help the team develop procedures for recovering from various types of incidents
Worst Disasters
Step Three
The third step is establishing the roles that each department, business partner, and outside service organization plays in disaster recovery
The planning team determines the contribution that each department can make to the plan and disaster recovery
Organization with multiple locations must identify local departments and employees who can participate in disaster recovery planning
The planning team also determines the role that other organizations should play in the plan
Step Four
Developing actual disaster recovery policies and procedures is the next step
Disaster recovery policies are the guidelines that govern the development of disaster recovery procedures
Disaster recovery procedures are step-by-step methods designed to restore an organizational function or business process
Developing policies and procedures to recover from disasters requires attention to detail and thorough analysis
Procedures must be established for each step of disaster recovery and response
Step Five
The fifth step of the disaster recovery plan is to document the policies and procedures developed in the previous step
Part of this documentation is done in conjunction with drafting, reviewing, and approving policies and procedures
The approved documentation is included in the actual disaster recovery plan
A group must be established to manage documentation and the cycles of reviews, approvals, and updates
The document must include all contact information
Step Six
Implementing the disaster recovery plan is next During this step
The final plan is distributed to all of the departments, organizations, and employees involved in disaster response and recovery
The planning team begins to intensify the internal and external awareness programs to ensure that all parties know about the plan
Executives are briefed on the plan and their roles in disaster response and recovery
Staff in all departments are trained on general and department specific procedures
Any outside services or equipment is purchased or contracted
Step Seven
The next step is to test and rehearse parts of the plan, and eventually to run a live simulation of a disaster
A disaster recovery rehearsal is a live simulation in which all departments and support organizations run through the entire disaster recovery process, just as they would during an actual disaster
Managers in eight of every 10 organizations surveyed think that testing and rehearsing disaster recovery plans is beneficial
Plan Testing and Rehearsal
Step Eight
The final step is often called the maintenance phase Once the plan is developed and tested, the planning
team must continually Assess the emergence of new threats Adjust for changes in organizational structure Determine the impact of new technology on recovery procedures
In many industries, planning teams may also need to monitor changes in laws and regulations that may affect their disaster recovery requirements
When procedures are changed and documentation is updated, training requirements and staff skills must be updated as well
Frequency of Plan Updates
Role of IT and Network Management in Disaster Recovery
Most organizations rely heavily on their computer systems and communications networks
The IT and network management in every organization have essential roles in disaster recovery planning and response
Knowledgeable representatives from IT and network management need to be assigned to the team
IT Representation
At least one representative is needed for each of the following functions: Data center operations Network management Desktop computing Voice communications
At least one person is needed for each major IT application, including Financial management support Supply chain systems Enterprise resource planning (ERP) Human resources support
IT Representation
During risk assessment and business impact analysis, IT and network managers need to Help the team answer critical questions about the
potential consequences of system downtime Assist in developing and documenting procedures for
end-user departments and the IT departments that facilitate disaster response and recovery
IT Representation
During risk assessment and business impact analysis, IT and network managers need to Help develop and deliver training to department
managers and employees who will assist in recovery procedures for computer systems and networks
Help test and rehearse procedures to ensure that their organization can effectively recover from a disaster
IT Managers Role
IT and network managers have a key role in supporting and managing the ongoing disaster recovery plan
Plans and procedures must be updated IT and network managers must determine
How each new upgrade or additional application affects these plans and procedures, then
Inform the staff who maintain disaster recovery documents of the necessary changes to keep the plan current
Develop new training materials as needed
Chapter Summary
Disaster recovery planning is the process of assessing risks that an organization faces, then developing procedures to return to normal operations quickly
No off-the-shelf disaster recovery plan can possibly meet the needs of all organizations
Understanding the basic principles of disaster recovery planning can keep team members from getting lost in the long process
Chapter Summary
The disaster recovery function consists of the people, departments, and support organizations that implement the disaster recovery plan and facilitate recovery
There are eight steps in the process of developing a disaster recovery plan
Most organizations rely heavily on computer systems and communication