Disaster Recovery Plan Template


Disaster Planning Template

Disaster Planning Template
  
News HTML

Join Our Email List
Email:  

Disaster Planning Tools and
Recovery Plan Template
ISO 27001 & ISO 27002 Compliant

Home - Links - Site Map

Disaster Recovery Plan Template and
Audit - Assessment

Security Manual

  Buy It:
$499 - $1,299

Sarbanes Oxley
  Buy It: $1,099


Contact Us
Disaster Planning
 IT Productivity
Center

 


No, it needn't be difficult. Much of a DRP initiative is common sense. The rest is greatly simplified through simple to use proven tools and templates.   This Disaster Planning Template was use by consultants who created the Disaster Recovery Plan and Business Resumption plan that Merrill Lynch used after 9/11.  It is a proven process and set of tools.

This site is designed to catalog the easiest yet most effective approaches and products... to make disaster recovery planning less of a trauma and more of a business process.

The creation of the plan itself is the first port of call, but we also examine contingency audit and risk analysis from a simplification perspective.
 

Home      Order Now      How to Use      Contact Us
 

Disaster Recovery Plan

Disaster Recovery Audit

Risk analysis is inextricably linked with disaster recovery. Assessment of the risks which may lead to disaster is essential in the determination of what controls are appropriate to the situation. Again, however, risk analysis is often made more difficult than necessary.

Do you really need a complicated piece of software to create your plan? Do you need 20 years experience in business continuity planning? Do you need to divert untold resources into the plan creation exercise? Certainly, if you employ the Disaster Recovery Planning Template the answer is... NO!

 


How do you ensure that your disaster recovery plan meets your actual needs? How do you know that it will all work? Do you audit it, and if so, how?

Equally fundamentally, do you know what your resource/service dependencies are and what their time criticalities are? What of your actual everyday contingency practices - do they measure up?

To determine and ensure all of this with minimum fuss, a comprehensive but extremely simple to use product is now available.... the Disaster Recovery Toolkit - Business and IT Impact Analysis.

 

Threat / Vulnerability

Disaster Planning Information

Risk analysis is inextricably linked with disaster recovery. assessment of the risks which may lead to disaster is essential in the determination of what controls are appropriate to the situation. Again, however, risk analysis is often made more difficult than necessary.

The Threat & Vulnerability Assessment Tool Kit and tool was designed to simplify matters, and to make risk analysis more widely accessible through automation. It is now probably the most widely used product and method in the world

 

   For more information on disaster recovery plans and business continuity we are pleased to introduce our online IT Productivity Center.

Disaster Planning Audit      Security Audit ISO 27000

 

 

 

Disaster Planning News

Backup and Recovery Policy is Requried for an IT Disaster Recovery Plan

Backup and recovery policy is required a first step in and Information Technology disaster  Backup Policy & Backup Retentiion Policyplan.  In addition the disaster recovery policy must be reviewed at least annually to assure its relevance. Just as in the development of such a policy, a planning team that consists of upper management, and personnel from information security, information technology, human resources, or other operations should be assembled to review the disaster policy. Roles and responsibilities of the planning team should be as follows:

  • Perform an initial risk assessment to determine current information systems vulnerabilities.
  • Perform an initial business impact analysis to document and understand the interdependencies among business processes and determine how the business would be affected by an information systems outage.
  • Record Management PolicyTake an inventory of information systems assets such as computer hardware, software, applications, and data.
  • Identify single points of failure within the information systems infrastructure.
  • Identify critical applications, systems, and data.
  • Prioritize key business functions.

 

 more info 

Creating a Disaster Plan For Your Remote Offices

Disaster PlanWhen remote offices are operational then Disaster Planning and Contingency Planning need to take them into consideration.   The Janco Disaster Recovery / Business Continuity Plan Template has specific section dedicated to this.  It includes everything needed:

  • Work Plan - The first step is to select the group of people who will form your disaster recovery / contingency planning committee. Include high-level managers, consider representatives from all the departments within your business, and, if possible, include a human resources representative as well.
  • Current contact list with multiple methods of contact - Not only should you keep a list of the names of all employees, but that contact list should include alternate ways that people can communicate with each other. Include home phone numbers, pager numbers, non-work e-mail addresses, and cell phone numbers.  Create a formal phone tree that can be activated should you need to get in touch with your employees quickly.
  • Organizational Succession Plan - What if several members of your management team were in an accident and couldn' t perform their regular responsibilities? What if key members of your company simply couldn' t be contacted for a period of time when you need to make some critical decisions? To prepare for this kind of circumstance, you need to consider a clear chain of command and authority. If key personnel are missing, who' s in charge? Who makes decisions?
  • DRP/BCP Organizational Chart - Have a single decision-maker. That person needs to know the steps to take in a crisis, and how to reach all employees and other essential contacts (clients, customers, etc). And employees need to know who to take direction from in the chaos that frequently follows a disaster.
  • Physical work space alternatives - If something happened to your offices, what would you do? Can employees work out of their homes? Is there another company that would share their facilities with you temporarily until you can rent or buy space at a new location?
  • Risks and vulnerabilities - Make a checklist. Do you live in tornado alley? Put tornado damage on that list. Do you work in an office with no alarm system? Put building security on the list. Might layoffs occur sometime in the future? Add workplace violence. What if the phones get disconnected? What if your key supplier can' t get shipments to you?
  • Backup your data - Most people have thought about backing up their computer data. Where are your important papers and files - both print and electronic? If your office computers or servers are destroyed, you' d better have your data recently backed up off site.
 more info 

Backup Strategies for Disaster Recovery Plans

Here is a set of common disaster recovery techniques for backup and data recovery:

 Record Management Policy Disaster Recovery Template Sarbanes OxleySecurity Template Sarbanes Oxley

  • Bulk copy with CIFS, NFS and FTP - For many scenarios, backup and recovery is no more complicated than scripted file copies. However, these protocols are notorious under-performers when it comes to WANs – even on Quality of Service (QoS) guaranteed MPLS links. If they are even copied at all; the combination of byte caching and object caching means that only the changed parts of files need cross the wire. For most bulk transfers a 10x increase in performance is common.
  • Differential Backup applications - These applications keep track of file changes and only pass changes between locations. However, they, too, can be dramatically compressed using byte caching technology and are subject to the same bandwidth contention issues of any other application if a traffic control solution like MACH5 is not in place. Although some use proprietary protocols for transmission, those that use the underlying operating system benefit from protocol optimization. For most backup applications, a 3x performance increase is common.
  • Database Replication using native SQL replication - Oracle replication and Microsoft DTS use complex SQL statements to automate data transfer. Byte caching and compression removes the inherent redundancy of this data, while user-aware bandwidth management can separate database use from database backup and allocate bandwidth accordingly. For most SQL automated transfers, a 3x performance increase is common.
  • Database Replication using log shipping - Once the database files are dropped to flat files, they are usually transported as part of a bulk copy. These files are highly redundant, and byte caching and compression can improve their transfer dramatically. Further enhancements from optimizing the underlying transport protocols help as well. For log shipping, a 10x performance increase is common.
  • Data Replication using web services as part of a Service Oriented Architecture - As SOA gains popularity, transporting data from different parts of the organization as XML over HTTP and HTTPS will become more common. Use internal and external SSL encrypted Web services.
 more info 

Budgeting Critical for Disaster and Business Continuity Planning

Once the risk assessment (see Threat Vulnerability Assessment - Sarbanes Oxley Compliance Tool - http://www.e-janco.com/threat.htm) is complete determine what can be done to minimize the risk and what the cost to do that will be. How does a company minimize its

exposure to the threat? How does the company minimize the impact disaster event to the business? For example, our small distribution company could employ an emergency power supply to mitigate its power outage threat and have all its data backed (see Backup and Backup Retention Policy - http://www.e-janco.com/backuppolicy.html), which are stored at a remote site when the hurricane occurs. The more preventative measures you establish upfront the better. Janco Associates say, "Money spent in preparation and testing are worth more than dollars spent in recovery."

The results of risk assessment should be a comprehensive list of possible threats, each with its corresponding solution and cost. The disaster and business continuity planner must present all of these threats to the business operations management, so they can make informed decisions regarding the disaster recovery budget.  The disaster and business continuity planner needs to communicate the risks the business faces from disasters. Business operations can fail to budget funds but they must do so knowing what risk they face and accept in doing so.

Security Audit Program

A good place to begin is by presenting the cost of downtime to the business. How long can your business afford to be without its computer systems should one of your threats occur?

Ultimately, the business operations unit decides which threats the business can tolerate. When developing a DRP (see Disaster Recovery Plan Template Business Continuity - http://www.e-janco.com/DisasterPlanning.htm), disaster and business continuity planners are shooting in the dark without those business indications. Both the disaster and business continuity planner and the business units must agree on which data and applications are most critical to the business and need to be recovered most quickly in a disaster. The management of our small distribution company, for example, may decide they can budget only for the emergency generators and the company will have to assume the risk of an minor hurricane.

Disaster recovery budgets vary from company to company but they typically run between 3% to 15% percent of the overall IT budget. Companies for which system availability is crucial usually are on the higher end of the scale, while companies that can function without it are on the lower end. However, these percentages may be too small.  more info 

Network Communication Plan Is Part of the Disaster Plan

Disaster PlanA complete disaster recovery plan needs to include a way to implement an emergency communications network.  It needs to be able to be rapidly deployed when a disaster takes place. Such a plan must take into account worst case possibilities regarding the disaster affected area without making any assumptions as to what infrastructure the affected area could provide. The entire network must therefore work independent of the existing networking present at the site, if any.

It should include:

  • Adequate communication coverage of the affected area.
  • Mobile communication devices and terminals for disaster recovery personnel with voice and data capabilities.
  • Group voice communications among on-site personnel with push-to-talk support for voice.
  • Voice and data communications between disaster recovery personel at a remote location as well as with a 'disaster-management command center'.
  • Internet service to provide information exchange with the outside world.
  • A satellite uplink for the network's entire external traffic.
 more info 

 

 

Home | Recovery Plan Template | Contingency Testing | Web | Contact
All Rights Reserved ® 2008 Disaster-Planning-Template.com