420 likes | 850 Vues
Guide to Disaster Recovery. Introduction to Disaster Recovery. Chapter 1. You Will Learn How To…. Develop a disaster recovery philosophy Describe the basic principles of disaster recovery planning Describe and establish a business continuity and disaster recovery function
E N D
Introduction to Disaster Recovery Chapter 1
You Will Learn How To… • Develop a disaster recovery philosophy • Describe the basic principles of disaster recovery planning • Describe and establish a business continuity and disaster recovery function • Understand the steps of disaster recovery planning • Understand the role of IT and network management in disaster recovery
Disasters and Disaster Recovery • Disaster strikes often • Everyday life is filled with incidents that can disrupt business • A disaster recovery plan allows for: • Business continuity during a disaster • Restoration of normal operations
Developing a Disaster RecoveryPhilosophy • A disaster recovery philosophy is rooted in: • An organization’s desire to protect and preserve its positive public image • An organization’s physical assets • The lives of the organization’s employees • The image includes: • High levels of customer satisfaction • Faith of stockholders • Other stakeholders for an organization
Organizations and Disasters • Many organizations have suffered through a disaster • The ones that have not are not immune • Out of 250 organizations surveyed, three of every 10 organizations surveyed for this book have been through a disaster
Disaster Recovery Planning • The process of assessing risks that an organization faces • Developing, documenting, implementing, testing, and maintaining procedures • Minimize losses after a disaster
Status of Disaster Recovery Planning • Nearly three of every four organizations have a disaster recovery plan in place • Disaster recovery planning is still a new process in many organizations
Disaster Recovering Planning Process • Too many people consider disaster recovery planning a mechanical process • There are certainly tedious and laborious aspects to developing a plan • Organizations have cultures, spirits, and images that permeate relationships with • The organization • Customers • Business partners • The public at large
Customers • A customer’s view of an organization is crucial to the organization’s success • Marketing managers hope customers see products as high quality and a good value • New customers are difficult and costly to gain • Less costly to keep current customers satisfied • Customer satisfaction is a prime marketing tool • A good public image is an asset that takes years to achieve and considerable diligence to maintain
Stockholder and Investor Relations • Maintaining investor faith is extremely important • Institutional investor confidence is important • Considerable effort is exerted to develop the faith and trust of investors • Efforts to maintain faith are less expensive than those required to regain lost faith • Organizations want to be viewed in the most positive light possible • Backup computers, emergency networks, and temporary quarters are only tools
Disaster Recovery Planning • Intensified since September 2001 • Three of every 10 organizations surveyed report that their spending for disaster recovery planning has increased • One of every 10 organizations reports that spending has increased dramatically
Basic Principles of Disaster Recovery Planning • No off-the-shelf disaster recovery plan can meet the needs of all organizations • An effective plan recognizes an organization’s size and other defining characteristics
Planning Principles • A solid plan requires the support and participation of • Upper-level management • All business unit managers • Legal counsel • Directors of all functional departments such as Human Resources, Facilities Management, IT, and Corporate security • Assessing risk requires time consuming, detailed analysis
Planning Principles • All policies and procedures must • Support the critical needs of business operations • Comply with all relevant laws and regulations • Be understood by the parties responsible for implementing hem • Be approved by upper management • The plan must clearly delineate and document chain of command of the managers responsible for declaring, responding to, and recovering from a disaster
Planning Principles • The disaster recovery system must facilitate and allow control of communications among • Decision makers • Managers • Staff • External support organizations • Law enforcement • Emergency services • Media • All policies and procedures must be available to all departments, managers, and staff during response and recovery
Planning Principles • All employees involved in disaster response and recovery must be trained to • Implement documented procedures • Address unanticipated problems • Procedures must be tested and rehearsed • Planners must continually evaluate new threats and business conditions as they develop • During disaster response and recovery, the organization must • Evaluate the effectiveness of its procedures • Monitor the physical safety and mental health of employees
Process of Disaster Recovery Planning • Implementing the plan and responding to disaster is an organization-wide effort • Plan development requires many types of knowledge and skills • Every organization-wide effort is laden with social and political obstacles that need to be addressed • Each step of planning is interrelated and builds upon the others • The disaster recovery planning team is responsible for developing the plan
Establishing Continuity and Recovery Function • Disaster recovery function consists of the people, departments, and support organizations that implement the plan and facilitate disaster recovery • How this function is organized depends on • The geographical dispersal of facilities within an organization • The type of facilities occupied • The number of employees • Other factors
Staff of an Organization’s Disaster Recovery Function • A centralized authority or group • Coordinates the development of disaster recovery plans • Plays a role in disaster response and recovery • Managers and staff in functional departments have enterprise-wide roles in disaster response and recovery • Department managers and representatives from business units have roles in disaster response and recovery to ensure the continued function of their business units
Understanding the Steps of Disaster Recovery Planning • Disaster recovery planning consists of eight major steps • Smaller organizations may be able to develop and document a plan in a few months • In larger organizations, initial planning can take many months and sometimes years • Management and all other members of the planning team need to understand • The steps involved in developing a plan • How these steps build upon each other and fit together as a whole
Step One • The first step is organizing the disaster recovery planning team • The team must be a well-rounded group that represents all the functions of an organization • Requires a high-level manager as a champion • Ideally, the champion should be the CEO or a high-level manager designated by the CEO
Step One • The team must also have a designated leader, or two people who act as co-leaders • Each participating department should assign a primary representative and an alternate to the team for continuity • The team should be trained in disaster recovery planning • Once in place, it should establish a schedule of activities, including meeting times and dates for completing the eight steps of planning • There should be an awareness campaign about disaster recovery planning within the organization
Step Two • Assessing the risk that an enterprise faces is the next step • A business impact analysis is a method of assessing risks and determining the potential economic loss that could occur as a result of these risks • All business processes must be identified and analyzed • The planning team should review legal and contractual requirements to determine the consequences of business disruption • The results help guide disaster recovery planning and help the team develop procedures for recovering from various types of incidents
Step Three • The third step is establishing the roles that each department, business partner, and outside service organization plays in disaster recovery • The planning team determines the contribution that each department can make to the plan and disaster recovery • Organization with multiple locations must identify local departments and employees who can participate in disaster recovery planning • The planning team also determines the role that other organizations should play in the plan
Step Four • Developing actual disaster recovery policies and procedures is the next step • Disaster recovery policies are the guidelines that govern the development of disaster recovery procedures • Disaster recovery procedures are step-by-step methods designed to restore an organizational function or business process • Developing policies and procedures to recover from disasters requires attention to detail and thorough analysis • Procedures must be established for each step of disaster recovery and response
Step Five • The fifth step of the disaster recovery plan is to document the policies and procedures developed in the previous step • Part of this documentation is done in conjunction with drafting, reviewing, and approving policies and procedures • The approved documentation is included in the actual disaster recovery plan • A group must be established to manage documentation and the cycles of reviews, approvals, and updates • The document must include all contact information
Step Six • Implementing the disaster recovery plan is next • During this step • The final plan is distributed to all of the departments, organizations, and employees involved in disaster response and recovery • The planning team begins to intensify the internal and external awareness programs to ensure that all parties know about the plan • Executives are briefed on the plan and their roles in disaster response and recovery • Staff in all departments are trained on general and department specific procedures • Any outside services or equipment is purchased or contracted
Step Seven • The next step is to test and rehearse parts of the plan, and eventually to run a live simulation of a disaster • A disaster recovery rehearsal is a live simulation in which all departments and support organizations run through the entire disaster recovery process, just as they would during an actual disaster • Managers in eight of every 10 organizations surveyed think that testing and rehearsing disaster recovery plans is beneficial
Step Eight • The final step is often called the maintenance phase • Once the plan is developed and tested, the planning team must continually • Assess the emergence of new threats • Adjust for changes in organizational structure • Determine the impact of new technology on recovery procedures • In many industries, planning teams may also need to monitor changes in laws and regulations that may affect their disaster recovery requirements • When procedures are changed and documentation is updated, training requirements and staff skills must be updated as well
Role of IT and Network Management in Disaster Recovery • Most organizations rely heavily on their computer systems and communications networks • The IT and network management in every organization have essential roles in disaster recovery planning and response • Knowledgeable representatives from IT and network management need to be assigned to the team
IT Representation • At least one representative is needed for each of the following functions: • Data center operations • Network management • Desktop computing • Voice communications • At least one person is needed for each major IT application, including • Financial management support • Supply chain systems • Enterprise resource planning (ERP) • Human resources support
IT Representation • During risk assessment and business impact analysis, IT and network managers need to • Help the team answer critical questions about the potential consequences of system downtime • Assist in developing and documenting procedures for end-user departments and the IT departments that facilitate disaster response and recovery
IT Representation • During risk assessment and business impact analysis, IT and network managers need to • Help develop and deliver training to department managers and employees who will assist in recovery procedures for computer systems and networks • Help test and rehearse procedures to ensure that their organization can effectively recover from a disaster
IT Managers Role • IT and network managers have a key role in supporting and managing the ongoing disaster recovery plan • Plans and procedures must be updated • IT and network managers must determine • How each new upgrade or additional application affects these plans and procedures, then • Inform the staff who maintain disaster recovery documents of the necessary changes to keep the plan current • Develop new training materials as needed
Chapter Summary • Disaster recovery planning is the process of assessing risks that an organization faces, then developing procedures to return to normal operations quickly • No off-the-shelf disaster recovery plan can possibly meet the needs of all organizations • Understanding the basic principles of disaster recovery planning can keep team members from getting lost in the long process
Chapter Summary • The disaster recovery function consists of the people, departments, and support organizations that implement the disaster recovery plan and facilitate recovery • There are eight steps in the process of developing a disaster recovery plan • Most organizations rely heavily on computer systems and communication