|
No, it needn't be difficult. Much of a DRP initiative is common sense. The rest
is greatly simplified through simple to use proven tools and templates.
This Disaster Planning Template was use by consultants who created the
Disaster Recovery Plan and Business Resumption plan that Merrill Lynch used
after 9/11. It is a proven process and set of tools.
This site is designed to catalog the easiest yet most effective approaches and products... to make disaster recovery planning less of a trauma and more of a business process.
The creation of the plan itself is the first port of call, but we also examine contingency audit and risk analysis from a simplification perspective.
|
|
|
|
|
|
|
Risk analysis
is inextricably linked with disaster
recovery. Assessment of the risks which may
lead to disaster is essential in the
determination of what controls are
appropriate to the situation. Again,
however, risk analysis is often made more
difficult than necessary.
Do you really
need a complicated piece of software to
create your plan? Do you need 20 years
experience in business continuity planning?
Do you need to divert untold resources into
the plan creation exercise? Certainly, if
you employ the
Disaster Recovery Planning Template the answer
is... NO!
|
|
|
How do you ensure that your disaster recovery plan meets your actual needs? How do you know that it will all work? Do you audit it, and if so, how?
Equally fundamentally, do you know what your resource/service dependencies are and what their time criticalities are? What of your actual everyday contingency practices - do they measure up?
To determine and ensure all of this with minimum fuss, a comprehensive but extremely simple to use product is now available.... the
Disaster Recovery Toolkit
- Business and IT Impact Analysis.
|
|
|
|
|
Disaster Planning Information |
|
Risk
analysis is inextricably linked with
disaster recovery. assessment of the
risks which may lead to disaster is
essential in the determination of
what controls are appropriate to the
situation. Again, however, risk
analysis is often made more
difficult than necessary.
The
Threat & Vulnerability Assessment
Tool Kit
and tool was designed to simplify
matters, and to make risk analysis
more widely accessible through
automation. It is now probably the
most widely used product and method
in the world
|
|
For more information on disaster recovery plans and business continuity we are pleased to introduce our online
IT Productivity Center.
 |
|
Disaster Planning News
Backup and Recovery Policy is Requried for an IT Disaster Recovery Plan
Backup and recovery policy is required a first step in and
Information Technology disaster
plan. In addition the
disaster recovery policy must be reviewed at least annually to assure its
relevance. Just as in the development of such a policy, a planning team that
consists of upper management, and personnel from information security,
information technology, human resources, or other operations should be assembled
to review the disaster policy. Roles and responsibilities of the planning team
should be as follows:
-
Perform an initial risk assessment to determine current
information systems vulnerabilities.
-
Perform an initial business impact analysis to document and
understand the interdependencies among business processes and determine how
the business would be affected by an information systems
outage.
-
Take an inventory of information systems assets such as computer
hardware, software, applications, and
data.
-
Identify single points of failure within the information systems
infrastructure.
-
Identify critical applications, systems, and
data.
-
Prioritize key business functions.
more info
Creating a Disaster Plan For Your Remote Offices
When
remote offices are operational then Disaster Planning and Contingency Planning
need to take them into consideration. The Janco Disaster Recovery /
Business Continuity Plan Template has specific section dedicated to this.
It includes everything needed:
- Work Plan - The first
step is to select the group of people who will form your disaster recovery /
contingency planning committee. Include high-level managers, consider
representatives from all the departments within your business, and, if
possible, include a human resources representative as well.
- Current contact list with multiple
methods of contact - Not only should you keep a list of the names of
all employees, but that contact list should include alternate ways that people
can communicate with each other. Include home phone numbers, pager numbers,
non-work e-mail addresses, and cell phone numbers. Create
a formal phone tree that can be activated should you need to get in touch
with your employees quickly.
- Organizational Succession Plan -
What if several members of your management team were in an accident
and couldn' t perform their regular responsibilities? What if key members of
your company simply couldn' t be contacted for a period of time when you need
to make some critical decisions? To prepare for this kind of circumstance, you
need to consider a clear chain of command and authority. If key personnel are
missing, who' s in charge? Who makes decisions?
- DRP/BCP Organizational Chart -
Have a single decision-maker. That person needs to know the steps to
take in a crisis, and how to reach all employees and other essential contacts
(clients, customers, etc). And employees need to know who to take direction
from in the chaos that frequently follows a disaster.
- Physical work space
alternatives - If something happened to your offices, what would you
do? Can employees work out of their homes? Is there another company that would
share their facilities with you temporarily until you can rent or buy space at
a new location?
- Risks and vulnerabilities -
Make a checklist. Do you live in tornado alley? Put tornado damage on
that list. Do you work in an office with no alarm system? Put building
security on the list. Might layoffs occur sometime in the future? Add
workplace violence. What if the phones get disconnected? What if your key
supplier can' t get shipments to you?
- Backup your data - Most
people have thought about backing up their computer data. Where are your
important papers and files - both print and electronic? If your office
computers or servers are destroyed, you' d better have your data recently
backed up off site.
more info
Backup Strategies for Disaster Recovery Plans
Here is a
set of common disaster recovery techniques for backup and data
recovery:


-
Bulk copy with CIFS, NFS and FTP - For many
scenarios, backup and recovery is no more complicated than scripted file
copies. However, these protocols are notorious under-performers when it comes
to WANs – even on Quality of Service (QoS) guaranteed MPLS links. If they are
even copied at all; the combination of byte caching and object caching means
that only the changed parts of files need cross the wire. For most bulk
transfers a 10x increase in performance is common.
-
Differential Backup applications - These
applications keep track of file changes and only pass changes between
locations. However, they, too, can be dramatically compressed using byte
caching technology and are subject to the same bandwidth contention issues of
any other application if a traffic control solution like MACH5 is not in
place. Although some use proprietary protocols for transmission, those that
use the underlying operating system benefit from protocol optimization. For
most backup applications, a 3x performance increase is
common.
-
Database Replication using native SQL
replication - Oracle replication and Microsoft DTS use complex
SQL statements to automate data transfer. Byte caching and compression removes
the inherent redundancy of this data, while user-aware bandwidth management
can separate database use from database backup and allocate bandwidth
accordingly. For most SQL automated transfers, a 3x performance increase is
common.
-
Database Replication using log shipping - Once
the database files are dropped to flat files, they are usually transported as
part of a bulk copy. These files are highly redundant, and byte caching and
compression can improve their transfer dramatically. Further enhancements from
optimizing the underlying transport protocols help as well. For log shipping,
a 10x performance increase is common.
-
Data Replication using web services as part of a Service
Oriented Architecture - As SOA gains popularity, transporting
data from different parts of the organization as XML over HTTP and HTTPS will
become more common. Use internal and external SSL encrypted Web services.
more info
Budgeting Critical for Disaster and Business Continuity Planning
Once
the risk assessment (see Threat Vulnerability Assessment -
Sarbanes Oxley Compliance Tool - http://www.e-janco.com/threat.htm) is complete determine what can be done to
minimize the risk and what the cost to do that will be. How does a company
minimize its
exposure to the threat? How does the
company minimize the impact disaster event to the business? For example, our
small distribution company could employ an emergency power supply to mitigate
its power outage threat and have all its data backed (see Backup and Backup
Retention Policy -
http://www.e-janco.com/backuppolicy.html), which are stored at a remote site when the hurricane occurs. The
more preventative measures you establish upfront the better. Janco Associates
say, "Money spent in preparation and testing are worth more than dollars spent
in recovery." 
The results
of risk assessment should be a comprehensive list of possible threats, each with
its corresponding solution and cost. The disaster and business continuity
planner must present all of these threats to the business operations management,
so they can make informed decisions regarding the disaster recovery budget.
The disaster and business
continuity planner needs to communicate the risks the business faces from
disasters. Business operations can fail to budget funds but they must do so
knowing what risk they face and accept in doing so.

A good place to begin is by
presenting the cost of downtime to the business. How long can your business
afford to be without its computer systems should one of your threats occur?
Ultimately, the business operations unit decides which threats the
business can tolerate. When developing a DRP (see Disaster Recovery Plan
Template Business Continuity - http://www.e-janco.com/DisasterPlanning.htm),
disaster and business continuity planners are shooting in the dark without those
business indications. Both the disaster and business continuity planner and the
business units must agree on which data and applications are most critical to
the business and need to be recovered most quickly in a disaster. The management
of our small distribution company, for example, may decide they can budget only
for the emergency generators and the company will have to assume the risk of an
minor hurricane.
Disaster recovery budgets vary from company to company but they typically
run between 3% to 15% percent of the overall IT budget. Companies for which
system availability is crucial usually are on the higher end of the scale, while
companies that can function without it are on the lower end. However, these
percentages may be too small. more info
Network Communication Plan Is Part of the Disaster Plan
A
complete disaster recovery plan needs to include a way to implement an emergency
communications network. It needs to
be able to be rapidly deployed when a disaster takes place. Such a plan must
take into account worst case possibilities regarding the disaster affected area
without making any assumptions as to what infrastructure the affected area could
provide. The entire network must therefore work independent of the existing
networking present at the site, if any.
It should
include:
-
Adequate communication coverage of the affected area.
-
Mobile
communication devices and terminals for disaster recovery personnel with voice
and data capabilities.
-
Group
voice communications among on-site personnel with push-to-talk support for
voice.
-
Voice
and data communications between disaster recovery personel at a remote
location as well as with a 'disaster-management command
center'.
-
Internet service to provide information exchange with the outside
world.
-
A
satellite uplink for the network's entire external
traffic.
more info