Title: Business Continuity Planning and Disaster Recovery Management Special Interest Group A SIG of LISTne
1Business Continuity Planning and Disaster
Recovery Management Special Interest GroupA SIG
of LISTnet
- Principles of Disaster Recovery Planning
A Presentation For TechMelt LITE Wednesday, June
11, 2003
2Principles of Disaster Recovery Planning
- What is Business Continuity and Disaster Recovery
Planning? - The process of creating plans, processes and/or
procedures to resume or re-establish mission
critical business functions within an acceptable
time frame - A Disaster Recovery Plan recovers technology
platforms and associated technology functions (ie
servers, mainframes, networks, etc) - A Business Continuity Plan focuses on recovery of
business functions and workgroup functions (ie
infrastructure departments, Call Centers,
customer-facing areas)
3Principles of Disaster Recovery Planning
- Okay, where did it come from?
- Disaster Recovery evolved from Data Center
functions - Used to be focused only on centralized processors
and platforms - Strictly a technical solution
- It was realized that recovery of the computer
platform did not mean recovery of the business! - Who is responsible for each plan?
- Since a Disaster Recovery plan is a technology
process, then IT personnel should create and
maintain the plan - A Business Continuity plan is a business recovery
that should be driven by business needs and
decisions, therefore created by business personnel
4Principles of Disaster Recovery Planning
- What are the risks?
- Risks are numerous, from weather, to man-made to
hate risks. - Understand the risks, but plan for the effect,
not the event. - The effect is that you cannot perform regular
business functions for a certain amount of time. - Disaster risks differ from day-to-day risks
(but these can escalate into disasters
themselves).
5Principles of Disaster Recovery Planning
- An ounce of prevention
- Minimize the risks (ie fire suppressions systems,
security, education) - Know where your systems are
- Make sure outsourcing company or external
resource has a plan
6Principles of Disaster Recovery Planning
- How do I build one of these plans? (Simplified
version) - First, a commitment from upper management helps
(commitment for resources in manpower and
funding) - Now, gather information through a Business Impact
Analysis (BIA) to determine critical operations - Determine strategies and objectives for
recovering the critical functions - Document the findings as steps to follow in the
event you have to declare a disaster - Include information you take for granted (ie
vendor phone numbers, product types, employee
call tree, financial information
7Principles of Disaster Recovery Planning
- How do I know if I should declare a disaster?
- Notify/alert key personnel and vendors of
disaster event - Perform a damage assessment
- Bring teams together to determine extent of
damage and impact to operations - If outage is to be longer than predetermined time
frame, declare disaster and enact plan
8Principles of Disaster Recovery Planning
- What are some recovery strategies?
- Do nothing assume the risk
- Revert to manual processing
- Self recoverable/multiple sites
- Hot-site/cold-site vendor
- Mobile recovery facility
- Quick ship
- Reciprocal agreement
9Principles of Disaster Recovery Planning
- Okay, I have a plan, now what?
- Train your personnel and participants
- Test the plan to determine if it works
- Do not be surprised if it is not perfect the
first time - Testing can consist of a table-top exercise,
component testing, or full execution - Update/modify the plan with the results of the
testing
10Principles of Disaster Recovery Planning
- What else do I need to consider?
- Several things, but first and foremost, make sure
your critical data/vital records, as in tape
files, mirrored disk, paper archives, etc., are
stored in a safe location(off-site storage) and
can be retrieved - Without your data, your plan will not work
- Maintain the plan on a regular basis
- Think out of the box!
11Principles of Disaster Recovery Planning
- Sure, but (common misconceptions)
- We are immune to disasters
- That never happens here
- We have an insurance policy, thats enough
- We never had a disaster before
- Learn from other situations
- Floods (Chicago)
- Tornados
- Hurricanes (Andrew, Floyd)
- Fires
- WTC/Sept. 11
- Bio-terrorism (anthrax)
12Principles of Disaster Recovery Planning
- Why plan?
- Corporate/Brand survival
- Insurance/Auditing requirements
- Regulatory requirements
- Due diligence
- Obligation to shareholders/employees/others
13Principles of Disaster Recovery Planning
- Where else can I get information?
- LISTnets BCPDRM SIG
- Free publications
- Disaster Recovery Journal
- Contingency Planning Management
- Web Sites
- dri.com
- contingencyplanning.com
- globalcontinuity.com
- fema.gov
- Professional Organizations
14Principles of Disaster Recovery Planning