---

DRP / BCP Issues

What is
Disaster Recovery?

DRP BCP Basics

Why Plans Fail

Are You Prepared
for a Disaster?

Pandemic

Risk Assessment

Process

Best Practices

Media Communication

Clean up - How To

What to do after
an explosion,
terrorist attack, or
random act of violence

Disaster Recovery
and Business Continuity

Metrics

Funding

Funding Request
Presentation

Maximum Tolerable
Period of Disruption

Disaster Recovery Guide

Common Mistakes

Why Disaster Recovery
Business Continuity
is not complete
and or inaccurate

---

 

Disaster Recovery Guide
Business Continuity Planning

ISO 27001, ISO 27002, ISO 17799, COBIT, Sarbanes-Oxley, and HIPAA Compliant

         

The Disaster Recovery Guide can be used for any sized enterprise.   The template and supporting material have been updated to be Sarbanes-Oxley, Cobit, ISO, HIPAA and PCI-DSS compliant.  The complete package includes:

• Disaster Recovery Planning and Business Continuity Template
• Business and IT Impact Analysis Questionnaire
• Work Plan
• Disaster Recovery / Business Continuity Audit Program

New are (Version History):

• Web Site Disaster Recovery Planning Form

• Department Disaster Recovery Activation Workbook

  • Quick Reference Guide

  • Team Alert List (Form)

  • DRP Team Responsibilities

  • DRP Team Checklist

  • Critical Function(s) Definition

  • Normal Business Hour Response Procedures

  • After Hours Response Procedures

  • DRP Location(s) Definition

  • DRP Recovery Procedures

  • Notification Procedures

  • Notification Call List (Form)

• Vendor Disaster Recovery Questionnaire

• Vendor Phone List Form Updated

• Key Customer Notification Form

• Critical Resources to be Retrieved Form

• Business Continuity Off-Site Materials Form

With the template is a 3 page Job Description for the Disaster Recovery Manager.  The  PREMIUM Bundle contains 14 key job descriptions.

Clients can also subscribe to Janco's DRP update service and receive all updates to the DRP Template*. 

The DRP template is over 180 pages and includes everything needed to customize it to fit your specific requirement.  The electronic document includes proven written text and examples for the following major sections:

• Plan Introduction

• Business Impact Analysis - including a sample impact matrix

• DRP Organization Responsibilities pre and post disaster - drp checklist

• Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.

• Recovery Strategy including approach, escalation plan process and decision points

• Disaster Recovery Procedures in a check list format

• Plan Administration Process

• Technical Appendix including definition of necessary phone numbers and contact points

• Job Description for DRP Manager (3 pages long) - entire team job descriptions are available.

• Work Plan to modify and implement the template.  Included is a list of deliverables for each task.

There is a extensive section that shows how to conduct full test of the DRP.  It includes

• Disaster Recovery Manager Responsibilities

• Distribution of the Disaster Recovery Plan

• Maintenance of the Business Impact Analysis

• Training of the Disaster Recovery Team

• Testing of the plan

• Evaluation of the plan tests

• Maintenance of the plan

         

This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Template

 

 

 

 

 

 

 

---

 

Disaster Recovery Guide / Business Continuity News

---

Security and DRP play a role in CIO Infrastructure Design

Designing IT Infrastructure requires CIOs to consider the globalized world they are now in. It is necessary and valuable for CIOs to understand the fundamental trends that are pushing businesses to redesign their operations around this new reality.  Factors they need to consider are:

• Security - With the growing importance of digital applications and data, the sources of threats to enterprise data have multiplied dramatically. Everything from natural disasters to criminals to corrupt sources within the company might try to steal or corrupt data. While businesses do everything that they can to stop these threats in the first place, they still must be prepared to recover from these threats as quickly as possible.
• Business Continuity and Disaster Planning - As businesses have expanded the need for anytime, anywhere application access has become a requirement. At the same time, “follow the sun” (global 24/7) operations have shrinking maintenance windows and a need for applications to be running at all times. Delay or loss of data for any reason – system failure, natural disasters – has a domino-like effect across the entire organization, at any time of the day or night.
• Flexibility - Most businesses now operate across international borders and CIOs must be able to respond to opportunities and challenges faster than ever before. CIOs are usually battling well-resourced organizations that may be based where the opportunity originated, or another globalizing company that is reaching out for new opportunities. In order to compete, a business has to be faster to deliver a product or service as good, or better, than that of potentially any other company in the world.
• Simplicity - Increases in technology have typically led to increased complexity. While per unit costs of technology are always decreasing, in aggregate companies see an increase in cost. With the pressure on IT to act less as a cost center and more as a way to increase the profitability of business units, just adding more storage, more bandwidth, or additional technologies throughout the organization is no longer an acceptable approach to managing information technology. Successful CIOs are investing in numerous technologies including; continuous data protection, virtualization, and wireless connectivity.  They are trying slim down IT’s footprint while increasing their business’s competitive advantages. The CIO is typically in a difficult position, assessing where to try and cut costs while still moving forward with a plan to continually enhance IT services to the business.

- more info

---

Nature can distroy anything that man can make

Nothing man-made can withstand the forces of nature. In certain regions of the country, natural disasters are not a question of if, but of when. The main headquarters of many companies are located in North Carolina, right in the heart of Hurricane Alley. In addition, Southern California is earthquake and brush fire central.

 

 

They know a hurricane, earthquake, or brush fire is going to be coming along at some point; it is inevitable.  At the worst, you are looking at physical damage to facilities and systems, or flooding. At minimum, it will knock out power and your network circuit. Even if power and network stay up, just the fact that you do not have physical access to your system may prevent you from doing a crucial operational task.

- more info

---

How a CIO should chose a backup site

 Disasters cost money, interrupt business operations and may cause the enterprise or government agency to fail, which makes planning a business continuity issue. Disasters can interfere with or even terminate IT and communications services. It does not matter whether the disaster affects the enterprise, government or service provider. Floods, fire, volcanoes, earthquakes and other events can destroy a primary and backup site if they are too close together.

Telecom service providers can offer expert advice on where to locate a backup facility and should position themselves with CIOs to offer both consulting and services. After all, they have experience planning for their own primary and backup facilities, as well.

A CIO's selection of the backup site location will always have risks and liabilities attached to the decision. Adequate and reliable communications to the backup site and communications between the primary and backup sites are what most service providers can successfully offer to the CIO.

      

In choosing a backup site, CIO's must first determine how big a disaster plan for and budget for it. The level of disaster planning increases as you goes down the following list:

• Building closed/evacuated
• Loss of power
• Loss of communications
• Facility damaged/destroyed
• Community disaster (10-to-30 mile range)
• Regional disaster (30-to100 mile range)

- more info

---

Successful Disaster Planning and Business Continuity Planning Processes

The success of most business depends on Information Technology. However, business and technology environments are becoming more complex. Being prepared to respond to non-typical events - both planned and unexpected - that threaten to disrupt essential business systems and processes, is a major corporate concern.

A recent survey found that disaster recovery planning is a priority for many organizations. Eighty-six percent of IT executives said they have a disaster recovery plan in place at their organization. While the economy has affected IT budgets overall, 43 percent of IT respondents indicated the economy has not affected their disaster recovery investment (including planning) - with another 33 percent, saying investment in disaster recovery has become more important.

Organizations cannot control whether or not they will be affected by a natural disaster, power outage or other unplanned incident, but they can work to help ensure their business is prepared to respond to and recover from these events with minimal impact. Disaster recovery planning is an organizational requirement that can help reduce risk and help companies effectively respond to situations that threaten to disrupt essential business processes.

Janco Associates has found that enterprises that are successful:

• Focus on employee safety. Every disaster recovery plan needs to begin by addressing the physical safety and psychological well-being of employees. That means the plan must include alternative locations where employees can go if a primary work site is unavailable, as well as incident notification and escalation strategies. In addition, the plan needs to be well communicated throughout the organization so everyone knows how to respond in a disaster situation.
•   Conduct a business and IT impact analysis. Carry out a thorough analysis of people, information, application, and other resources to build an understanding of the consequences - financial and operational - of losing vital components. Take particular care to uncover interdependencies across the organization that is critical to staying in business. This analysis will provide a solid foundation for establishing recovery priorities and timeframes in your plan, allowing you to make informed decisions on where and how much to invest in disaster recovery.
•  Plan with business operations in mind. Involve all key stakeholders in the planning process, including IT, business leaders, human resources, corporate communications, and physical and information security managers. Be sure that in planning you coordinate with other business units in your organization to avoid potential conflicts, such as multiple business units depending on the same facility as a secondary site in response to an interruption.
•  Make the disaster recovery plan a living document. Business processes and IT systems undergo constant change in every organization. Your disaster recovery plan needs to keep pace with new workflows, business applications, and computer systems. Disaster recovery planning software can provide best practice methodologies to help you navigate through planning decisions and plan updates. In addition, regular testing will help you demonstrate your ability to recover and pinpoint areas for plan improvements.

- more info

---

Disaster recovery and business continuity planning issues

Disaster recovery and business continuity management and contingency planning are essential especially in these economic times. However, the creation, testing, and updating  of a sound disaster recovery and continuity and contingency plan is costly and complex.

For example, initially it is necessary to understand the underlying risks and the potential impacts of disaster. This is the primary building block upon which sensible and cost effective business continuity plan or disaster recovery plan is built. When the plan itself is created, there are the maintenance and testing phases, to ensure that the plan remains current. Even having arranged all these matters there are the external auditors to consider - and of course, there is the not so small matter of ISO 27000, SOX, HIPAA, and PCI-DSS compliance.

The industry standard solution is the Disaster Recovery and Business Continuity Template by Janco Associates. The template includes all of the right tools to assist with business impact analysis and risk analysis. You can quickly create a core plan (some of Janco's clients have created an operational plan in less than thirty days), maintain the plan, audit the DRP BCP, and create a cost effective budget to support the disaster recovery business continuity process.

- more info

---

DRP Critical Component of Risk Management

Disaster Recovery (DR) is a critical component of IT disaster planning and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. How can you get creative in protecting more data, recovering more swiftly, but also saving some money?

Download this outline learn how the Janco Disaster Recovery Business Continuity Template can reduce RPOs and RTOs even more. 

Disaster Recovery Guide
Business Continuity Planning

ISO 27001, ISO 27002, ISO 17799, Sarbanes-Oxley, and HIPAA Compliant

         

What is Disaster Recovery and how does the Disaster Recovery Planning Template help?

This DRP Template can be used for any sized enterprise.  

The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The complete package includes:

• Disaster Recovery Planning and Business Continuity Template
• Business and IT Impact Analysis Questionnaire
• Work Plan
• Disaster Recovery / Business Continuity Audit Program

With lost data being a competitive liability, there is no room for downtime in today's business world.

- more info

---

Backup strategies for Disaster Recovery and Business Continuity

In order to meet current demands for application and data availability, many enterprises are increasingly relying on the wide-area network (WAN) as a storage transport resource for Disaster Recovery and Business Continuity Planning. This enables Disaster Recovery and Business Continuity operations to be centralized - reducing redundancy and lowering overhead - and to leverage innovative disk-based backup and replication technologies offered by the leading storage vendors. Decentralized, tape and other removable media  Disaster Recovery and Business Continuity strategies are simply too costly and labor-intensive. In practice, they fail to meet the recovery time and recovery point objectives (RTOs/RPOs) demanded by companies facing increasingly stringent customer service and regulatory requirements. - more info