|
No, it needn't be difficult. Much of a DRP initiative is common sense. The rest
is greatly simplified through simple to use proven tools and templates.
This Disaster Planning Template was use by consultants who created the
Disaster Recovery Plan and Business Resumption plan that Merrill Lynch used
after 9/11. It is a proven process and set of tools.
This site is designed to catalog the easiest yet most effective approaches and products... to make disaster recovery planning less of a trauma and more of a business process.
The creation of the plan itself is the first port of call, but we also examine contingency audit and risk analysis from a simplification perspective.
|
|
|
|
|
|
|
Risk analysis
is inextricably linked with disaster
recovery. Assessment of the risks which may
lead to disaster is essential in the
determination of what controls are
appropriate to the situation. Again,
however, risk analysis is often made more
difficult than necessary.
Do you really
need a complicated piece of software to
create your plan? Do you need 20 years
experience in business continuity planning?
Do you need to divert untold resources into
the plan creation exercise? Certainly, if
you employ the
Disaster Recovery Planning Template the answer
is... NO!
|
|
|
How do you ensure that your disaster recovery plan meets your actual needs? How do you know that it will all work? Do you audit it, and if so, how?
Equally fundamentally, do you know what your resource/service dependencies are and what their time criticalities are? What of your actual everyday contingency practices - do they measure up?
To determine and ensure all of this with minimum fuss, a comprehensive but extremely simple to use product is now available.... the
Disaster Recovery Toolkit
- Business and IT Impact Analysis.
|
|
|
|
|
Disaster Planning Information |
|
Risk
analysis is inextricably linked with
disaster recovery. assessment of the
risks which may lead to disaster is
essential in the determination of
what controls are appropriate to the
situation. Again, however, risk
analysis is often made more
difficult than necessary.
The
Threat & Vulnerability Assessment
Tool Kit
and tool was designed to simplify
matters, and to make risk analysis
more widely accessible through
automation. It is now probably the
most widely used product and method
in the world
|
|
For more information on disaster recovery plans and business continuity we are pleased to introduce our online
IT Productivity Center.
 |
|
Disaster Planning News
ISO 17799 - disaster recovery - business continuity defined
SO 17799 is often used as a generic term to
describe what are actually two different documents: ISO17799 (also ISO 27002),
which is a set of security controls (a code of practice), and ISO 27001
(formerly BS7799-2), which is a standard 'specification' for an Information
Security Management System (an ISMS).
ISO 17799 establishes guidelines and general
principles for initiating, implementing, maintaining, and improving information
security management in an organization. The objectives outlined provide general
guidance on the commonly accepted goals of information security management.
ISO/IEC 17799:2005 contains best practices of control objectives and controls in
the following areas of information security management:
- security policy;
- organization of information security;
- asset management;
- human resources security;
- physical and environmental security;
- communications and operations management;
- access control;
- information systems acquisition, development and
maintenance;
- information security incident management;
- business continuity management;
- compliance.
The control objectives and controls in ISO/IEC
17799 are intended to be implemented to meet the requirements identified by a
risk assessment. ISO/IEC 17799 is intended as a common basis and practical
guideline for developing organizational security standards and effective
security management practices, and to help build confidence in
inter-organizational activities
more info
Disaster Planning is Complex
An
increasing number of professionals know that small-scale emergencies can be
contained if staff members are prepared to react quickly. Damage can be limited
even in the face of a large-scale disaster. For example, cultural institutions
in Charleston, South Carolina, formed a consortium that focused on disaster
preparedness several years before they were hit by a hurricane. Many of those
institutions sustained only minor damage because they were able to put their
early warning procedures into operation.
Disaster planning is
complex; the written plan is the result of a wide range of preliminary
activities. The entire process is most efficient if it is formally assigned to
one person who acts as the disaster planner for the institution and is perhaps
assisted by a planning team or committee. The enterprise's director may play
this primary role or may delegate the responsibility, but it is important to
remember that the process must be supported at the highest level of the
organization if it is to be effective. The planner should establish a timetable
for the project and should define the scope and goals of the plan, which will
depend largely on the risks faced by the enterprise.
more info
Disaster recovery business continuity team leader tasks
The tasks that the leader of a disaster recovery business
continuity project needs to complete are:
- Establish BC program lifecycle processes within your
organization
- Assess business and technology requirements for a BC plan
- Evaluate business continuity risks to your organization
- Identify and select cost-effective BC recovery strategies
- Organize an effective BC team
- Develop a BC plan document
- Coordinate BC plan with external entities
- Develop an effective test plan for testing the BC plan
- Organize and conduct successful BC plan tests
- Establish a process for maintaining the BC plan
- Implement a BC plan change management process
- Understand the main differences between a disaster recovery plan,
emergency response plan, crisis management plan, and business continuity
plan
more info
Business continuity after a terroist attack or a pandemic
Most aspects of business continuity and disaster recovery planning
apply to terrorist attacks and pandemics just as much as to fires, hurricanes,
floods, earthquakes, and other natural and manmade disasters. However, there are a number of areas that
need to be re-visited because of the uniqueness of these types of
interruptions.
-
Communication - While communication is
important in any disaster recovery scenario, it is particularly critical in
the event of a terrorist attack or a pandemic. Employees and their families
may be personally threatened, and they may be exposed to rumors and panics, it
is particularly important that they receive accurate, up-to-date information
on safety and health issues. Employees also need detailed information on
company policies and procedures for working in the new environment, and open
communication channels to company officials to help resolve personal and
work-related issues in high-stress situations.
-
Security and Connectivity - Enterprises
must plan to provide secure and reliable access to corporate networks for
employees who work in their homes, hotels, or other remote locations.
Administrators must have a plan for distributing software to remote computers,
ensuring security on computers outside of the corporate firewall, and
providing backup and data encryption capabilities to mitigate the risk of
mobile devices with sensitive data being lost or stolen.
-
Collaboration and Re-Engineered
Processes - Planners and developers must re-engineer business
processes so they can continue without face-to-face interaction between
employees.
more info
Business continutiy defined
In the simplest of terms,
it is good business for a company to secure its assets. CIO under the direction
of CEOs and enterprise shareholders must be prepared to budget for and secure
the necessary resources to support business continuity.
It is necessary that an appropriate administrative
structure be created to effectively deal with crisis management. This will
ensure that all concerned understand who makes decisions, how the decisions are
implemented, and what the roles and responsibilities of participants are.
Personnel used for crisis management should be assigned to perform these roles
as part of their normal duties and not be expected to perform them on a
voluntary basis. Regardless of the organization - for profit, not for profit,
faith-based, non-governmental - its leadership has a duty to stakeholders to
plan for its survival.
With the explosion of technology into every facet
of the day-to-day business environment there is a need to define an effective
infrastructure to support operating environment; have a strategy for the
deployment and technology; and clearly define responsibilities and
accountabilities for the use and application of technology.
The template comes as both a WORD document
utilizing a CSS style sheet that is easily
modifiable.
more info
