Guide to Disaster Recovery

1
Guide to Disaster Recovery
2
Introduction to Disaster Recovery

• Chapter 1

3
You Will Learn How To

• Develop a disaster recovery philosophy
• Describe the basic principles of disaster
  recovery planning
• Describe and establish a business continuity and
  disaster recovery function
• Understand the steps of disaster recovery
  planning
• Understand the role of IT and network management
  in disaster recovery

4
Disasters and Disaster Recovery

• Disaster strikes often
• Everyday life is filled with incidents that can
  disrupt business
• A disaster recovery plan allows for
• Business continuity during a disaster
• Restoration of normal operations

5
Developing a Disaster RecoveryPhilosophy

• A disaster recovery philosophy is rooted in
• An organizations desire to protect and preserve
  its positive public image
• An organizations physical assets
• The lives of the organizations employees
• The image includes
• High levels of customer satisfaction
• Faith of stockholders
• Other stakeholders for an organization

6
Organizations and Disasters

• Many organizations have suffered through a
  disaster
• The ones that have not are not immune
• Out of 250 organizations surveyed, three of every
  10 organizations surveyed for this book have been
  through a disaster

7
Disaster Recovery Planning

• The process of assessing risks that an
  organization faces
• Developing, documenting, implementing, testing,
  and maintaining procedures
• Minimize losses after a disaster

8
Status of Disaster Recovery Planning

• Nearly three of every four organizations have a
  disaster recovery plan in place
• Disaster recovery planning is still a new process
  in many organizations

9
Disaster Recovering Planning Process

• Too many people consider disaster recovery
  planning a mechanical process
• There are certainly tedious and laborious aspects
  to developing a plan
• Organizations have cultures, spirits, and images
  that permeate relationships with
• The organization
• Customers
• Business partners
• The public at large

10
Customers

• A customers view of an organization is crucial
  to the organizations success
• Marketing managers hope customers see products as
  high quality and a good value
• New customers are difficult and costly to gain
• Less costly to keep current customers satisfied
• Customer satisfaction is a prime marketing tool
• A good public image is an asset that takes years
  to achieve and considerable diligence to maintain

11
Stockholder and Investor Relations

• Maintaining investor faith is extremely important
• Institutional investor confidence is important
• Considerable effort is exerted to develop the
  faith and trust of investors
• Efforts to maintain faith are less expensive than
  those required to regain lost faith
• Organizations want to be viewed in the most
  positive light possible
• Backup computers, emergency networks, and
  temporary quarters are only tools

12
Disaster Recovery Planning

• Intensified since September 2001
• Three of every 10 organizations surveyed report
  that their spending for disaster recovery
  planning has increased
• One of every 10 organizations reports that
  spending has increased dramatically

13
Disaster Recovery Planning
14
Basic Principles of Disaster Recovery Planning

• No off-the-shelf disaster recovery plan can meet
  the needs of all organizations
• An effective plan recognizes an organizations
  size and other defining characteristics

15
Planning Principles

• A solid plan requires the support and
  participation of
• Upper-level management
• All business unit managers
• Legal counsel
• Directors of all functional departments such as
  Human Resources, Facilities Management, IT, and
  Corporate security
• Assessing risk requires time consuming, detailed
  analysis

16
Planning Principles

• All policies and procedures must
• Support the critical needs of business operations
• Comply with all relevant laws and regulations
• Be understood by the parties responsible for
  implementing hem
• Be approved by upper management
• The plan must clearly delineate and document
  chain of command of the managers responsible for
  declaring, responding to, and recovering from a
  disaster

17
Planning Principles

• The disaster recovery system must facilitate and
  allow control of communications among
• Decision makers
• Managers
• Staff
• External support organizations
• Law enforcement
• Emergency services
• Media
• All policies and procedures must be available to
  all departments, managers, and staff during
  response and recovery

18
Planning Principles

• All employees involved in disaster response and
  recovery must be trained to
• Implement documented procedures
• Address unanticipated problems
• Procedures must be tested and rehearsed
• Planners must continually evaluate new threats
  and business conditions as they develop
• During disaster response and recovery, the
  organization must
• Evaluate the effectiveness of its procedures
• Monitor the physical safety and mental health of
  employees

19
Process of Disaster Recovery Planning

• Implementing the plan and responding to disaster
  is an organization-wide effort
• Plan development requires many types of knowledge
  and skills
• Every organization-wide effort is laden with
  social and political obstacles that need to be
  addressed
• Each step of planning is interrelated and builds
  upon the others
• The disaster recovery planning team is
  responsible for developing the plan

20
Establishing Continuity and Recovery Function

• Disaster recovery function consists of the
  people, departments, and support organizations
  that implement the plan and facilitate disaster
  recovery
• How this function is organized depends on
• The geographical dispersal of facilities within
  an organization
• The type of facilities occupied
• The number of employees
• Other factors

21
Staff of an Organizations Disaster Recovery
Function

• A centralized authority or group
• Coordinates the development of disaster recovery
  plans
• Plays a role in disaster response and recovery
• Managers and staff in functional departments have
  enterprise-wide roles in disaster response and
  recovery
• Department managers and representatives from
  business units have roles in disaster response
  and recovery to ensure the continued function of
  their business units

22
Understanding the Steps of Disaster Recovery
Planning

• Disaster recovery planning consists of eight
  major steps
• Smaller organizations may be able to develop and
  document a plan in a few months
• In larger organizations, initial planning can
  take many months and sometimes years
• Management and all other members of the planning
  team need to understand
• The steps involved in developing a plan
• How these steps build upon each other and fit
  together as a whole

23
Step One

• The first step is organizing the disaster
  recovery planning team
• The team must be a well-rounded group that
  represents all the functions of an organization
• Requires a high-level manager as a champion
• Ideally, the champion should be the CEO or a
  high-level manager designated by the CEO

24
Step One

• The team must also have a designated leader, or
  two people who act as co-leaders
• Each participating department should assign a
  primary representative and an alternate to the
  team for continuity
• The team should be trained in disaster recovery
  planning
• Once in place, it should establish a schedule of
  activities, including meeting times and dates for
  completing the eight steps of planning
• There should be an awareness campaign about
  disaster recovery planning within the organization

25
Step Two

• Assessing the risk that an enterprise faces is
  the next step
• A business impact analysis is a method of
  assessing risks and determining the potential
  economic loss that could occur as a result of
  these risks
• All business processes must be identified and
  analyzed
• The planning team should review legal and
  contractual requirements to determine the
  consequences of business disruption
• The results help guide disaster recovery planning
  and help the team develop procedures for
  recovering from various types of incidents

26
Worst Disasters
27
Step Three

• The third step is establishing the roles that
  each department, business partner, and outside
  service organization plays in disaster recovery
• The planning team determines the contribution
  that each department can make to the plan and
  disaster recovery
• Organization with multiple locations must
  identify local departments and employees who can
  participate in disaster recovery planning
• The planning team also determines the role that
  other organizations should play in the plan

28
Step Four

• Developing actual disaster recovery policies and
  procedures is the next step
• Disaster recovery policies are the guidelines
  that govern the development of disaster recovery
  procedures
• Disaster recovery procedures are step-by-step
  methods designed to restore an organizational
  function or business process
• Developing policies and procedures to recover
  from disasters requires attention to detail and
  thorough analysis
• Procedures must be established for each step of
  disaster recovery and response

29
Step Five

• The fifth step of the disaster recovery plan is
  to document the policies and procedures developed
  in the previous step
• Part of this documentation is done in conjunction
  with drafting, reviewing, and approving policies
  and procedures
• The approved documentation is included in the
  actual disaster recovery plan
• A group must be established to manage
  documentation and the cycles of reviews,
  approvals, and updates
• The document must include all contact information

30
Step Six

• Implementing the disaster recovery plan is next
• During this step
• The final plan is distributed to all of the
  departments, organizations, and employees
  involved in disaster response and recovery
• The planning team begins to intensify the
  internal and external awareness programs to
  ensure that all parties know about the plan
• Executives are briefed on the plan and their
  roles in disaster response and recovery
• Staff in all departments are trained on general
  and department specific procedures
• Any outside services or equipment is purchased or
  contracted

31
Step Seven

• The next step is to test and rehearse parts of
  the plan, and eventually to run a live simulation
  of a disaster
• A disaster recovery rehearsal is a live
  simulation in which all departments and support
  organizations run through the entire disaster
  recovery process, just as they would during an
  actual disaster
• Managers in eight of every 10 organizations
  surveyed think that testing and rehearsing
  disaster recovery plans is beneficial

32
Plan Testing and Rehearsal
33
Step Eight

• The final step is often called the maintenance
  phase
• Once the plan is developed and tested, the
  planning team must continually
• Assess the emergence of new threats
• Adjust for changes in organizational structure
• Determine the impact of new technology on
  recovery procedures
• In many industries, planning teams may also need
  to monitor changes in laws and regulations that
  may affect their disaster recovery requirements
• When procedures are changed and documentation is
  updated, training requirements and staff skills
  must be updated as well

34
Frequency of Plan Updates
35
Role of IT and Network Management in Disaster
Recovery

• Most organizations rely heavily on their computer
  systems and communications networks
• The IT and network management in every
  organization have essential roles in disaster
  recovery planning and response
• Knowledgeable representatives from IT and network
  management need to be assigned to the team

36
IT Representation

• At least one representative is needed for each of
  the following functions
• Data center operations
• Network management
• Desktop computing
• Voice communications
• At least one person is needed for each major IT
  application, including
• Financial management support
• Supply chain systems
• Enterprise resource planning (ERP)
• Human resources support

37
IT Representation

• During risk assessment and business impact
  analysis, IT and network managers need to
• Help the team answer critical questions about the
  potential consequences of system downtime
• Assist in developing and documenting procedures
  for end-user departments and the IT departments
  that facilitate disaster response and recovery

38
IT Representation

• During risk assessment and business impact
  analysis, IT and network managers need to
• Help develop and deliver training to department
  managers and employees who will assist in
  recovery procedures for computer systems and
  networks
• Help test and rehearse procedures to ensure that
  their organization can effectively recover from a
  disaster

39
IT Managers Role

• IT and network managers have a key role in
  supporting and managing the ongoing disaster
  recovery plan
• Plans and procedures must be updated
• IT and network managers must determine
• How each new upgrade or additional application
  affects these plans and procedures, then
• Inform the staff who maintain disaster recovery
  documents of the necessary changes to keep the
  plan current
• Develop new training materials as needed

40
Chapter Summary

• Disaster recovery planning is the process of
  assessing risks that an organization faces, then
  developing procedures to return to normal
  operations quickly
• No off-the-shelf disaster recovery plan can
  possibly meet the needs of all organizations
• Understanding the basic principles of disaster
  recovery planning can keep team members from
  getting lost in the long process

41
Chapter Summary

• The disaster recovery function consists of the
  people, departments, and support organizations
  that implement the disaster recovery plan and
  facilitate recovery
• There are eight steps in the process of
  developing a disaster recovery plan
• Most organizations rely heavily on computer
  systems and communication