Basic Steps in Disaster-Recovery Planning

The disaster-recovery planning process may vary from organization to organization, but the basic steps that must be performed in all cases are listed below: Establish a planning committee
Nội dung trích xuất từ tài liệu:
Basic Steps in Disaster-Recovery PlanningBasic Steps in Disaster-Recovery PlanningThe disaster-recovery planning process may vary from organization to organization, butthe basic steps that must be performed in all cases are listed below: Establish a planning committee. The top management of the organization must be involved in the development of the disaster-recovery plan. Management should be responsible for coordinating the disaster-recovery plan and ensuring its effectiveness within the organization. Adequate time and resources must be committed to the development of an effective plan, with the resources under consideration including financial considerations and the effort of all personnel involved. The planning committee should include representatives from all operational areas of the organization. This is essential, since it is common that separate plans exist for each department, and these plans must be coordinated. Failure to do this can result in multiple demands on the same resource, incompatible strategies, time delays, and, in the worst case, the failure to properly carry out the plan in the case of emergency. Identify serious risks. The planning committee should carry out a risk and business-impact analysis that includes a range of possible disasters, including natural, technical, and human threats. Each operational area of the organization should be analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk-assessment process should also evaluate the safety of critical documents and vital records. Traditionally, fire has posed the greatest threat to organizations. Intentional human tampering, however, should also be considered. The plan should provide for the worst case scenario: the destruction of the main building. It is important to assess the impacts and consequences resulting from the loss of information and services. The planning committee should also analyze the costs related with minimizing potential exposures. Establish priorities. Here you should determine what are the most important considerations for processing and operations and carefully evaluate the critical requirements of each department. Determine the maximum amount of time that the department and organization can operate without each critical system. Critical needs are defined as the necessary procedures and equipment required to continue operations should a department, computer center, main facility or a combination of these be destroyed or become inaccessible. Determine recovery strategies. Here, you should consider all aspects of your organizations information system, including the following: Facilities Hardware Software Communications Data files Customer services User operations End-user systems Other processing operationsAssign a disaster team. Once this has been done, you should then develop disasterrecognition and initial-reaction procedures. At a minimum, these must include thefollowing: Initial reaction procedures to a disaster report Notification procedures for police, fire, medical care Notification procedures for management Procedures for mobilizing the disaster team Procedures for assessing the damage and registering critical-events logs for audit purposesTake a complete inventory of all equipment and software. This is an essential partof any recovery plan. At minimum, it should include the following: A listing of all equipment by type and model number. The list should include equipment such as mission-critical servers, mainframe computers, bridges, routers and gateways. Name, address and telephone number of the manufacturer/vendor. Date of purchase and original cost. Locations of third-party equipment suppliers. Associated software packages, including all software required for the operation of mission-critical equipment. The software inventory must include the following information: the purpose of the software; date of acquisition; license and version number; original cost; address and telephone number of the vendor; names, addresses, and phone numbers of service and technical-support centers, etc.Develop recovery procedures. You should take into consideration the followingaspects: Procedures for ensuring and maintaining physical security Coordination of restoration for the original site Restoration of electronic equipment Reloading of software Restoration of power, UPS, common building systems Replacement of fire-suppression systems Rewiring of the building Restoring the LAN Restoring the WAN connections Document the plan. Try to make the plan easily understandable for any technical person or other co-workers who might be called upon to help execute the plan or support recovery efforts. Whenever possible, illustrate the plan with diagrams. A comprehensive recovery plan generally includes the following information: Emergency call lists for management and recovery teams Vendor call out and escalation lists Inventory and report forms Carrier call out and escalation lists Maintenance forms Hardware lists and serial numbers Software lists and license numbers Team-member duties and responsibilities Network schematic diagrams Equipment-room floor-grid diagrams Contract and maintenance agreements Special operating instructions for sensitive equipment ...