A disaster recovery plan is a documented process that restores and protects your business IT infrastructure in the event of a disaster. Basically, it provides a clear concept of the various actions taken before, during and after a disaster.
Disasters are natural or man-made disasters. Examples include industrial accidents, oil spills, stampede, fires, nuclear explosions/nuclear radiation, and war acts. Other types of man-made disasters include more global scenarios of catastrophic global warming, nuclear warfare and bioterrorism, while natural disasters are earthquakes, floods, heat waves, hurricanes/cyclists, volcanic eruptions, tsunamis, tornadoes and landslides, the universe. And the threat of asteroids.
Disasters cannot be eliminated, but proactive preparation can reduce data loss and operational disruption. Organizations need a disaster recovery plan that includes a formal plan to consider the impact of disruptions on all underlying business processes and their dependencies. The phased plan includes preventive measures that minimize the impact of the disaster so that the organization can continue to operate or quickly recover mission-critical functions.
The disaster recovery plan is prepared by the Disaster Recovery Committee, which includes representatives from all key departments or departmental functions. The committee should have at least one representative from management, calculation, risk management, records management, security and building maintenance. The committee's role is to prepare a timetable to determine a reasonable period of time to complete the written plan. Also responsible for identifying key and non-critical sectors. The process used to determine the critical needs of a department is to document all the functions performed by each department. Once the primary functions are identified, the operations and processes are prioritized: necessary, important, and not necessary.
Often, disaster recovery plans involve the analysis of business processes and continuity requirements. Before generating a detailed plan, the organization typically performs business impact analysis [BIA] and risk analysis [RA] and establishes recovery time objectives [RTOs] and recovery point objectives [RPOs]. RTO describes the amount of target time a business application can shut down, usually in hours, minutes, or seconds. The RPO describes the previous point in time at which the application must be restored.
The plan should define the roles and responsibilities of the disaster recovery team members and outline the criteria for putting the plan into action, but there is no one correct disaster recovery plan and no one-size-fits-all disaster recovery plan. Basically, all disaster recovery plans have three basic strategies: [a] preventive measures, [b] investigative measures, and [c] corrective actions.
[a] Preventive measures: Every effort will be made to prevent disasters from occurring. These measures are designed to identify and mitigate risks. They are designed to mitigate or prevent incidents. These measures may include the use of surge protectors, installation of generators and routine inspections to keep data back-up and off-site.
[b] Detection measures: These include installing fire alarms, using the latest anti-virus software, conducting employee training courses, and installing server and network monitoring software.
[c] Corrective Actions: The focus of these measures is to repair or restore the system after a disaster. Corrective actions may include keeping critical files in a disaster recovery plan.
The plan should include a list of first-level contacts and people/departments within the company who can declare disasters and activate disaster recovery operations. It should also include an overview and content to determine the exact procedures followed by the disaster. At least 2-4 potential DR sites with hardware/software that meets or exceeds the current production environment should be provided. DR best practices indicate that DR sites should be at least 50 miles from existing production sites to meet Recovery Point Objective [RPO]/Recovery Time Objective [RTO] requirements
The recovery plan must provide initial and ongoing employee training. Skills are required for the reconstruction and rescue phases of the recovery process. Your initial training can be done through professional seminars, special internal education programs, wise use of consultants and suppliers, and individual learning tailored to the needs of your department. A minimum amount of training is required to assist professional repairers/recovery contractors and others who know little about your information, importance or general operations
The entire documented plan must be thoroughly tested and all test reports recorded for future use. This test should be considered to run in real time and have sufficient time. After the test procedure is completed, the initial "dry run" of the plan is performed by performing a structured roaming test. This test will provide additional information about any further steps that may need to be included, invalid program changes, and other appropriate adjustments. These may not become apparent if the actual dry run test is not performed. The program is subjectively updated to correct any problems found during the test. Initially, planned testing was conducted after part and during normal business hours to minimize disruption to the organization's overall operations. As the plan is further refined, future tests will be conducted during normal business hours.
Once the disaster recovery plan has been written and tested, it is submitted to management for approval. The ultimate responsibility of top management is that the organization has a recorded and tested plan. Management is responsible for developing policies, procedures, and responsibilities for an integrated contingency plan, reviewing and approving contingency plans annually, and documenting such reviews in writing.
Another important aspect that is often overlooked is the frequency of updates to the DR program. It is recommended to update annually, but due to the evolution of business processes or the rapid growth of data, some industries or organizations need more frequent updates. To maintain relevance, the disaster recovery plan should be an integral part of all business analytics processes and should be revisited each time a major corporate acquisition, every new product release, and each new system development milestone.
Your business will not remain the same; the company grows, changes and realigns. An effective disaster recovery plan must be reviewed and updated on a regular basis to ensure that it reflects current business conditions and meets the company's goals. Not only should it be reviewed, but it must be tested to ensure success after implementation.
When something goes wrong, it's important to have a strong, targeted, and well-tested disaster recovery plan. Without a disaster recovery [DR] plan, your organization will be at risk of business loss, hacking, cyber attacks, and loss of confidential data.
Orignal From: Disaster recovery plan
No comments:
Post a Comment