1 / 12

Disaster Recovery Planning (DRP)

Disaster Recovery Planning (DRP). DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation of strategies for reducing the likelihood of interruption or its consequences. Component steps of DRP: Define the process

kellerrobert
Télécharger la présentation

Disaster Recovery Planning (DRP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disaster Recovery Planning (DRP) • DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation of strategies for reducing the likelihood of interruption or its consequences. • Component steps of DRP: • Define the process • Identify what supports the process and its tolerance to interruptions • Determine and implement strategies that would reduce the likelihood and cosequences of interruptions.

  2. Disaster Recovery Planning (DRP) • Assessing potential losses: Disaster Impact Analysis • What disasters the firm is likely to face? • What is the probability of each type of disaster? • What is the impact of the disaster on the firm?

  3. Disaster Recovery Planning (DRP) • Value-based recovery planning • Definition of criticality and criteria to determine criticality • Identification of critical business processes and their supports • Identification of the role of information systems resources in the critical process • Determination of process owners and process customers • Determination of the amount of time the business can survive without the process post-disaster • Identify interdependencies between the process and the rest of the business processes and systems • To find critical processes, consider attributes such as importance, key users, tolerance to outage, waiting time between cycles, possibility of data recovery.

  4. Disaster Recovery Planning (DRP) • Disaster recovery strategies • How do we recover a system given its priority? • Address the question by system components. • Data (e.g., designate off-site storage) • Processing (e.g., backup and store offsite current copies of the software) • Network and communication (e.g., backup and store offsite a copy the current network configuration) • Dependencies with other systems (e.g., identify how these processes will be interfaced post-disaster)

  5. DRP: Recovery Locations • Recovery location: A site(s) where processes and systems will be recovered post-disaster. • Hot sites: Near-perfect replicas of the operations. • Cold sites: Just the infrastructure (computer operations room, platform for installing hardware, power and communication lines, cabling, etc.). • Warm sites: More than just a cold site, but not quite as ready as a hot site. For example, it may include commonly used computers and operating system. • Reciprocal agreements: Sharing of similar resources by those in the same or similar computing enviornments. • Colocations: Recovery is planned using availability of computing resources at the firm’s many locations.

  6. DRP: Teams • Purpose of forming teams is to ensure that recovery tasks are accomplished in an orderly and responsible manner. • The number and nature of teams could vary across organizations. • However, each team should include knowledge and skills necessary to perform its assigned tasks. • Recovery teams can be organized by recovery phases. • Flexibility in assignments is necessary, for an actual disaster may need adjustments to the team. Non-availability of some team members when disaster strikes is also likely.

  7. DRP: Disaster Readiness • Meaning of readiness: Having the assurance that if and when a disaster strikes, the firm has a high likelihood of recovering from the disaster. Testing of the plan is crucial to get this assurance. Disaster readiness practices include: • Walkthroughs: Having a plan preparer walk though others to show how the plan leads from point A to point B. • Rehearsals: An “as-if” exercise to simulate a disaster’s impact and have people responsible recreate recovery of “lost” processes and systems. • Compliance (Live) testing: Actual test of recovery with a simulated disaster.

  8. Business Continuity Planning (BCP) • BCP: The totality of plans made to recover the business operations following a disaster. • Recovery of all operations is involved, not just information assets. • Methods and strategies adopted for BCP are comparable to, and often overlap with, those used in DRP.

  9. Business Continuity Planning (BCP) • Business impact analysis is an exercise in risk assessment. • Identify vulnerabilities of the firm. • Assess the business impact • Focus on a particular disaster and determine processes that might be affected, and/or • Analyze all business processes to assess probable business impact in the event that a disaster strikes. • Initiate a planning process to develop methods and strategies to mitigate risk. • Business recovery • Approaches and methods for business recovery are similar to those discussed in disaster recovery planning.

  10. Assurance Considerations • Any assurance that BCP/DRP will be effective requires an examination of such plans from three angles: • Method: Review the method followed in the development of the plan. A sound planning process make possible a plan that is complete and reliable. • Content: Should have been collected from “right” participants, and the instruments and methods used to collect data must be valid. The plan should be current. • Testing: Critical components of the plan should be tested, results should be documented, and corrective action, where necessary, should follow.

More Related