1 / 41

Guide to Disaster Recovery

Guide to Disaster Recovery. Introduction to Disaster Recovery. Chapter 1. You Will Learn How To…. Develop a disaster recovery philosophy Describe the basic principles of disaster recovery planning Describe and establish a business continuity and disaster recovery function

shad-burgess
Télécharger la présentation

Guide to Disaster Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Guide to Disaster Recovery

  2. Introduction to Disaster Recovery Chapter 1

  3. You Will Learn How To… • Develop a disaster recovery philosophy • Describe the basic principles of disaster recovery planning • Describe and establish a business continuity and disaster recovery function • Understand the steps of disaster recovery planning • Understand the role of IT and network management in disaster recovery

  4. Disasters and Disaster Recovery • Disaster strikes often • Everyday life is filled with incidents that can disrupt business • A disaster recovery plan allows for: • Business continuity during a disaster • Restoration of normal operations

  5. Developing a Disaster RecoveryPhilosophy • A disaster recovery philosophy is rooted in: • An organization’s desire to protect and preserve its positive public image • An organization’s physical assets • The lives of the organization’s employees • The image includes: • High levels of customer satisfaction • Faith of stockholders • Other stakeholders for an organization

  6. Organizations and Disasters • Many organizations have suffered through a disaster • The ones that have not are not immune • Out of 250 organizations surveyed, three of every 10 organizations surveyed for this book have been through a disaster

  7. Disaster Recovery Planning • The process of assessing risks that an organization faces • Developing, documenting, implementing, testing, and maintaining procedures • Minimize losses after a disaster

  8. Status of Disaster Recovery Planning • Nearly three of every four organizations have a disaster recovery plan in place • Disaster recovery planning is still a new process in many organizations

  9. Disaster Recovering Planning Process • Too many people consider disaster recovery planning a mechanical process • There are certainly tedious and laborious aspects to developing a plan • Organizations have cultures, spirits, and images that permeate relationships with • The organization • Customers • Business partners • The public at large

  10. Customers • A customer’s view of an organization is crucial to the organization’s success • Marketing managers hope customers see products as high quality and a good value • New customers are difficult and costly to gain • Less costly to keep current customers satisfied • Customer satisfaction is a prime marketing tool • A good public image is an asset that takes years to achieve and considerable diligence to maintain

  11. Stockholder and Investor Relations • Maintaining investor faith is extremely important • Institutional investor confidence is important • Considerable effort is exerted to develop the faith and trust of investors • Efforts to maintain faith are less expensive than those required to regain lost faith • Organizations want to be viewed in the most positive light possible • Backup computers, emergency networks, and temporary quarters are only tools

  12. Disaster Recovery Planning • Intensified since September 2001 • Three of every 10 organizations surveyed report that their spending for disaster recovery planning has increased • One of every 10 organizations reports that spending has increased dramatically

  13. Disaster Recovery Planning

  14. Basic Principles of Disaster Recovery Planning • No off-the-shelf disaster recovery plan can meet the needs of all organizations • An effective plan recognizes an organization’s size and other defining characteristics

  15. Planning Principles • A solid plan requires the support and participation of • Upper-level management • All business unit managers • Legal counsel • Directors of all functional departments such as Human Resources, Facilities Management, IT, and Corporate security • Assessing risk requires time consuming, detailed analysis

  16. Planning Principles • All policies and procedures must • Support the critical needs of business operations • Comply with all relevant laws and regulations • Be understood by the parties responsible for implementing hem • Be approved by upper management • The plan must clearly delineate and document chain of command of the managers responsible for declaring, responding to, and recovering from a disaster

  17. Planning Principles • The disaster recovery system must facilitate and allow control of communications among • Decision makers • Managers • Staff • External support organizations • Law enforcement • Emergency services • Media • All policies and procedures must be available to all departments, managers, and staff during response and recovery

  18. Planning Principles • All employees involved in disaster response and recovery must be trained to • Implement documented procedures • Address unanticipated problems • Procedures must be tested and rehearsed • Planners must continually evaluate new threats and business conditions as they develop • During disaster response and recovery, the organization must • Evaluate the effectiveness of its procedures • Monitor the physical safety and mental health of employees

  19. Process of Disaster Recovery Planning • Implementing the plan and responding to disaster is an organization-wide effort • Plan development requires many types of knowledge and skills • Every organization-wide effort is laden with social and political obstacles that need to be addressed • Each step of planning is interrelated and builds upon the others • The disaster recovery planning team is responsible for developing the plan

  20. Establishing Continuity and Recovery Function • Disaster recovery function consists of the people, departments, and support organizations that implement the plan and facilitate disaster recovery • How this function is organized depends on • The geographical dispersal of facilities within an organization • The type of facilities occupied • The number of employees • Other factors

  21. Staff of an Organization’s Disaster Recovery Function • A centralized authority or group • Coordinates the development of disaster recovery plans • Plays a role in disaster response and recovery • Managers and staff in functional departments have enterprise-wide roles in disaster response and recovery • Department managers and representatives from business units have roles in disaster response and recovery to ensure the continued function of their business units

  22. Understanding the Steps of Disaster Recovery Planning • Disaster recovery planning consists of eight major steps • Smaller organizations may be able to develop and document a plan in a few months • In larger organizations, initial planning can take many months and sometimes years • Management and all other members of the planning team need to understand • The steps involved in developing a plan • How these steps build upon each other and fit together as a whole

  23. Step One • The first step is organizing the disaster recovery planning team • The team must be a well-rounded group that represents all the functions of an organization • Requires a high-level manager as a champion • Ideally, the champion should be the CEO or a high-level manager designated by the CEO

  24. Step One • The team must also have a designated leader, or two people who act as co-leaders • Each participating department should assign a primary representative and an alternate to the team for continuity • The team should be trained in disaster recovery planning • Once in place, it should establish a schedule of activities, including meeting times and dates for completing the eight steps of planning • There should be an awareness campaign about disaster recovery planning within the organization

  25. Step Two • Assessing the risk that an enterprise faces is the next step • A business impact analysis is a method of assessing risks and determining the potential economic loss that could occur as a result of these risks • All business processes must be identified and analyzed • The planning team should review legal and contractual requirements to determine the consequences of business disruption • The results help guide disaster recovery planning and help the team develop procedures for recovering from various types of incidents

  26. Worst Disasters

  27. Step Three • The third step is establishing the roles that each department, business partner, and outside service organization plays in disaster recovery • The planning team determines the contribution that each department can make to the plan and disaster recovery • Organization with multiple locations must identify local departments and employees who can participate in disaster recovery planning • The planning team also determines the role that other organizations should play in the plan

  28. Step Four • Developing actual disaster recovery policies and procedures is the next step • Disaster recovery policies are the guidelines that govern the development of disaster recovery procedures • Disaster recovery procedures are step-by-step methods designed to restore an organizational function or business process • Developing policies and procedures to recover from disasters requires attention to detail and thorough analysis • Procedures must be established for each step of disaster recovery and response

  29. Step Five • The fifth step of the disaster recovery plan is to document the policies and procedures developed in the previous step • Part of this documentation is done in conjunction with drafting, reviewing, and approving policies and procedures • The approved documentation is included in the actual disaster recovery plan • A group must be established to manage documentation and the cycles of reviews, approvals, and updates • The document must include all contact information

  30. Step Six • Implementing the disaster recovery plan is next • During this step • The final plan is distributed to all of the departments, organizations, and employees involved in disaster response and recovery • The planning team begins to intensify the internal and external awareness programs to ensure that all parties know about the plan • Executives are briefed on the plan and their roles in disaster response and recovery • Staff in all departments are trained on general and department specific procedures • Any outside services or equipment is purchased or contracted

  31. Step Seven • The next step is to test and rehearse parts of the plan, and eventually to run a live simulation of a disaster • A disaster recovery rehearsal is a live simulation in which all departments and support organizations run through the entire disaster recovery process, just as they would during an actual disaster • Managers in eight of every 10 organizations surveyed think that testing and rehearsing disaster recovery plans is beneficial

  32. Plan Testing and Rehearsal

  33. Step Eight • The final step is often called the maintenance phase • Once the plan is developed and tested, the planning team must continually • Assess the emergence of new threats • Adjust for changes in organizational structure • Determine the impact of new technology on recovery procedures • In many industries, planning teams may also need to monitor changes in laws and regulations that may affect their disaster recovery requirements • When procedures are changed and documentation is updated, training requirements and staff skills must be updated as well

  34. Frequency of Plan Updates

  35. Role of IT and Network Management in Disaster Recovery • Most organizations rely heavily on their computer systems and communications networks • The IT and network management in every organization have essential roles in disaster recovery planning and response • Knowledgeable representatives from IT and network management need to be assigned to the team

  36. IT Representation • At least one representative is needed for each of the following functions: • Data center operations • Network management • Desktop computing • Voice communications • At least one person is needed for each major IT application, including • Financial management support • Supply chain systems • Enterprise resource planning (ERP) • Human resources support

  37. IT Representation • During risk assessment and business impact analysis, IT and network managers need to • Help the team answer critical questions about the potential consequences of system downtime • Assist in developing and documenting procedures for end-user departments and the IT departments that facilitate disaster response and recovery

  38. IT Representation • During risk assessment and business impact analysis, IT and network managers need to • Help develop and deliver training to department managers and employees who will assist in recovery procedures for computer systems and networks • Help test and rehearse procedures to ensure that their organization can effectively recover from a disaster

  39. IT Managers Role • IT and network managers have a key role in supporting and managing the ongoing disaster recovery plan • Plans and procedures must be updated • IT and network managers must determine • How each new upgrade or additional application affects these plans and procedures, then • Inform the staff who maintain disaster recovery documents of the necessary changes to keep the plan current • Develop new training materials as needed

  40. Chapter Summary • Disaster recovery planning is the process of assessing risks that an organization faces, then developing procedures to return to normal operations quickly • No off-the-shelf disaster recovery plan can possibly meet the needs of all organizations • Understanding the basic principles of disaster recovery planning can keep team members from getting lost in the long process

  41. Chapter Summary • The disaster recovery function consists of the people, departments, and support organizations that implement the disaster recovery plan and facilitate recovery • There are eight steps in the process of developing a disaster recovery plan • Most organizations rely heavily on computer systems and communication

More Related