|
No, it needn't be difficult. Much of a DRP initiative is common sense. The rest
is greatly simplified through simple to use proven tools and templates.
This Disaster Planning Template was use by consultants who created the
Disaster Recovery Plan and Business Resumption plan that Merrill Lynch used
after 9/11. It is a proven process and set of tools.
This site is designed to catalog the easiest yet most effective approaches and products... to make disaster recovery planning less of a trauma and more of a business process.
The creation of the plan itself is the first port of call, but we also examine contingency audit and risk analysis from a simplification perspective.
|
|
|
|
|
|
|
Risk analysis
is inextricably linked with disaster
recovery. Assessment of the risks which may
lead to disaster is essential in the
determination of what controls are
appropriate to the situation. Again,
however, risk analysis is often made more
difficult than necessary.
Do you really
need a complicated piece of software to
create your plan? Do you need 20 years
experience in business continuity planning?
Do you need to divert untold resources into
the plan creation exercise? Certainly, if
you employ the
Disaster Recovery Planning Template the answer
is... NO!
|
|
|
How do you ensure that your disaster recovery plan meets your actual needs? How do you know that it will all work? Do you audit it, and if so, how?
Equally fundamentally, do you know what your resource/service dependencies are and what their time criticalities are? What of your actual everyday contingency practices - do they measure up?
To determine and ensure all of this with minimum fuss, a comprehensive but extremely simple to use product is now available.... the
Disaster Recovery Toolkit
- Business and IT Impact Analysis.
|
|
|
|
|
Disaster Planning Information |
|
Risk
analysis is inextricably linked with
disaster recovery. assessment of the
risks which may lead to disaster is
essential in the determination of
what controls are appropriate to the
situation. Again, however, risk
analysis is often made more
difficult than necessary.
The
Threat & Vulnerability Assessment
Tool Kit
and tool was designed to simplify
matters, and to make risk analysis
more widely accessible through
automation. It is now probably the
most widely used product and method
in the world
|
|
For more information on disaster recovery plans and business continuity we are pleased to introduce our online
IT Productivity Center.
 |
|
Disaster Planning News
Core backup and recovery concerns
CIOs and IT Managers need to consider manadated compliance
requirements
- Question that need to be answered are:
- Is our data safe in transit and at rest?
- What prevents hackers from gaining access to our data?
- Is our data properly handled, stored, and deleted?
- Who can access our data?
- What are the benchmark measurements?
- Is our data backup strategy compliant?
- Will our recovery be successful?
more info
How long should it take to create a business continuity plan?
Business continuity planning is a continual process, and not something that
is done once and filed away to be used in an emergency. In error many
organisations treat the creation of a business continuity plan as a normal
project, subsequently deploying the plan and handing over to an operational
department for maintenance.
In most organizations, DR is the quintessential complex, unfamiliar task.
Disasters happen so rarely that recovery operations are the opposite of routine.
What's more the myriad, interconnected data, application and other resources
that must be recovered after a disaster make recovery an exceptionally difficult
and error-prone effort.
How
to create a business continuity plan...
more info
Which states had the fewest major weather disasters
The U.S. has sustained 112 weather/climate disasters over the past quarter
century in which overall damages/costs reached or exceeded $1 billion. The total
standardized losses for the 112 events exceed $750 billion, according to The
National Oceanic and Atmospheric Administration (NOAA), National Climatic Data
Center.
more info
Foundation necessary for disaster recovery and business continuity
As an essential foundation step toward disaster recovery and business
continuity readiness, are these best practices:
- Extending management technologies that automate the process of asset
management, system configuration, and software distribution (This reduced the
number of steps that required hands-on intervention and reduced IT staff
time.)
- Constraining their environment to a finite number of standard processors,
operating systems, database products - making it easier to maintain and
update
- Consolidating servers over a long-term road map, reducing the number of
server "footprints" that had to be maintained and updated
- Standardizing IT practices, especially management of settings and
configurations
- Providing protected storage space within the organization's storage
resources and establishing rules for backup of mission-critical data (This
ensured adequate capacity for backup and recovery procedures and for restart
of applications.)
more info
Information security incident management - 27035:2011
ISO has announced the official launch of the new International Standard
entitled 'Information technology – Security techniques – Information security
incident management', the standard gives ‘how to’ guidance on detecting,
reporting and assessing information security incidents and vulnerabilities.
ISO says that
ISO/IEC 27035:2011 will help organizations respond to information security
incidents, including the activation of appropriate controls for the prevention
and reduction of, and recovery from, impacts, and, in so doing, learn and
improve their overall approach.
Edward Humphreys, whose team developed the original version of the standard,
ISO/IEC TR 18044:2004, commented: “Effective and timely handling of major
incidents can make the difference between the survival or death of an
organization. The new ISO/IEC 27035 standard provides tried and tested advice on
the processes and methods that need to be deployed for ensuring effective
management of information security incidents.
Incidents can vary from the minor, which may have an impact on an isolated
business system to a major incident, which affects all business systems. Some
incidents have the effect of disrupting an organization and the use of its
business resources for 24-72 hours or more; some cause a serious loss and/or
destruction of data and some can leave the organization with a serious crime on
their hands. ISO/IEC 27035:2011 offers a solution.
ISO/IEC 27035:2011, which replaces technical report ISO/IEC TR 18044:2004,
supports the general concepts specified in ISO/IEC 27001:2005.
The new standard is applicable to any organization, irrespective of size. It
covers a range of information security incidents, whether deliberate or
accidental, and whether caused by technical or physical means.
more info
