Documente Academic
Documente Profesional
Documente Cultură
rtyuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
IT DISASTER
RECOVERY PLANNING
hjklzxcvbnmqwertyuiopasdfghjklz
xcvbnmqwertyuiopasdfghjklzxcv
ISM ASSIGNMENT
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyui
SUBMITTED BY:
TARNAV
opasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjklz
xcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmrtyuiopa
INTRODUCTION TO DISASTER RECOVERY PLANNING
As the world has virtually shrunk to become a global village and business opening and closing
times have been replaced with round-the-clock operations and almost all organizations —
whether commercial or governmental — rely on some form of technology to manage the various
parts of their operations. A disruption to the availability of any of these resources, if even for a
few hours, can have serious consequences for their ability to function at normal capacity. For
organizations that provide mission critical services such as power plants, telecommunications
facilities, and national defense agencies, disruptions must be kept to a minimum or, if possible,
avoided altogether.
The threats to an organization, whether from the increase in political uncertainty on a global
scale, decreased stability of national power networks, or the changing climate conditions and
related severe weather, have seemingly been increasing over the past decade. Further, new
threats are continually looming on the horizon, such as the outbreak of highly contagious
diseases, digital blackmail and hacking, and new methods used by terrorists for wide-scale
destruction. And in addition to these, there are of course internal threats, whether damage caused
accidentally through human error or purposeful damage to data by an employee.
Therefore, how an organization responds to threats during and after a crisis will determine
whether they emerge on the other side intact or cause them to cease operations entirely. This is
where disaster recovery planning comes into play.
DISASTER RECOVERY: THE MEANING
Disaster recovery is the process, policies and procedures related to preparing for recovery or
continuation of technology infrastructure critical to an organization after a natural or human-
induced disaster.
Disaster recovery planning is a subset of a larger process known as BUSINESS CONTINUITY
PLANNING and should include planning for resumption of applications, data, hardware,
communications (such as networking) and other IT infrastructure.
A business continuity plan (BCP) includes planning for non-IT related aspects such as key
personnel, facilities, crisis communication and reputation protection, and should refer to the
disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.
4. Establish priorities for core processes and functions of the Business operation
The critical requirements of each area within the business should be carefully and thoroughly
evaluated:
• Functional operations
• Key personnel
• Information and data
• Processing systems
• Customer service
• Documentation
• Vital records
• Policies and procedures
Processing and operations should be analyzed to determine the maximum amount of time that
the department and organization can operate without each critical system. Critical needs are
defined as the necessary procedures and equipment required to continue operations should an
area, main facility, or key resources or any combination of these be destroyed or become
unavailable.
A method of determining the critical needs of a department is to document all the functions
performed by each area. Once the primary functions have been identified, the operations and
processes should be ranked in order of priority: Critical, Essential, or Administrative
(supportive).
Written agreements with vendors or other agencies for the specific recovery alternatives selected
should be prepared. Be sure to consider:
• Cost of contingency arrangement
• Special security procedures
• Notification of systems changes
• Required hours of operation
• Specific hardware and other equipment required for processing
• Personnel requirements-possible temporary staff to accelerate recovery
• Circumstances constituting an emergency
• Issues of availability and terms of use
The planning committee should review and approve the proposed plan.
The plan should be thoroughly developed, including all detailed procedures to be used before,
during and after a disaster. It may not be practical to develop detailed procedures until backup
alternatives have been defined. Procedures should include methods for maintaining and updating
the plan to reflect any significant internal, external or systems changes and as important, allow
for a regular review of the plan by key personnel within the organization.
The disaster recovery plan is best structured using a team approach. Specific roles and
responsibilities should be assigned to the appropriate team for each functional area of the
company. General team categories include administrative functions, facilities, logistics, user
support, computer backup, restoration and other important areas in the organization. The
Management Team is especially important because it coordinates and accomplishes the actual
continuity-recovery process. The Damage Assessment Team should first assess the disaster
followed by activation the recovery plan by the team or the Continuity Coordinator, and contact
other team leaders. The Management Team also documents the efforts and recovery processes
during the event. Management Team members should sit on the Planning Committee to assist in
final decisions, setting priorities, policies and procedures.
Level 0- The disaster can be handled by the personnel of the organization alone.
Level 1- The disaster will require some outside intervention for recovery such as police,
fire, or other professional services.
Level 2- The disaster will require assistance from multiple external organizations.
DISASTER RECOVERY STRATEGIES
Prior to selecting a Disaster Recovery (DR) strategy, the DR planner should refer to their
organization's business continuity plan which should indicate the key metrics of Recovery Point
Objective (RPO) and Recovery Time Objective (RTO) for various business processes (such
as the process to run payroll, generate an order, etc). The metrics specified for the business
processes must then be mapped to the underlying IT systems and infrastructure that support
those processes. Once the RTO and RPO metrics have been mapped to IT infrastructure, the DR
planner can determine the most suitable recovery strategy for each system. An important note
here however is that the business ultimately sets the IT budget and therefore the RTO and RPO
metrics need to fit with the available budget. While most business unit heads would like zero
data loss and zero time loss, the cost associated with that level of protection may make the
desired high availability solutions unpractical.
The following is a list of the most common strategies for data protection.
➢ Backups made to tape and sent off-site at regular intervals (preferably daily).
➢ Backups made to disk on-site and automatically copied to off-site disk, or made directly
to off-site disk.
➢ Replication of data to an off-site location, which overcomes the need to restore the data
(only the systems then need to be restored or synced). This generally makes use of
storage area network (SAN) technology.
➢ High availability systems which keep both the data and system replicated off-site,
enabling continuous access to systems and data.
➢ Wide Area Network Optimization technology - helps improve disaster recovery and
increases network response time. This type of technology will also make sure data still
comes through the network even when it's down.
In many cases, an organization may elect to use an outsourced disaster recovery provider (such
as SunGard Availability Systems or IBM BCRS) to provide a stand-by site and systems rather
than using their own remote facilities.
In addition to preparing for the need to recover systems, organizations must also implement
precautionary measures with an objective of preventing a disaster in the first place. These may
include some of the following:
➢ Local mirrors of systems and/or data and use of disk protection technology such as
RAID.
➢ Surge protectors — to minimize the effect of power surges on delicate electronic
equipment.
➢ Uninterruptible power supply (UPS) and/or backup generator to keep systems going in
the event of a power failure.
➢ Fire preventions — alarms, fire extinguishers.
➢ Anti-virus software and other security measures.
CONCLUSION
Continuity and recovery planning traditionally has information technology roots, but involves
more than off-site storage or backup processing. Agencies need to develop written,
comprehensive continuity recovery plans that address all the critical operations and functions of
its business operations. The plan should include documented and tested procedures, which, if
followed, will either, ensure the ongoing availability of critical resources and continuity of
operations or the efficient and timely recovery of such.
Since the probability of occurrence for any given event is highly uncertain, the plan is not
dissimilar to liability insurance; it represents an ongoing investment in return for a certain level
of protection from financial disaster. In fact, the plan is better protection, because insurance
alone it may not compensate for the incalculable loss of business during the interruption or the
long-term losses due to damage of reputation.
Effective documentation and procedures are extremely important in a continuity recovery plan.
Considerable effort and time are necessary to develop a working plan. A well-organized plan
requires relatively little maintenance and with proper testing and training provides the type of
core stability that cannot be matched by external arrangements or contracts alone.
BIBLIOGRAPHY
• Disaster recovery – Wikipedia, the free encyclopedia.
• How to Create a Disaster Recovery Plan -
www.devx.com/security/article/16390
• Disaster Recovery Journal – Dedicated to Business Continuity –
www.drj.com/new2dr/samples.htm
• The Disaster Recovery Planning Guide: A-Z Business Continuity Plans.
• Disaster Recovery Planning – An Introduction by Shyam Sunder
Kambhammettu.
• IT Infrastructure Management by Anita Sengar.