Disaster Recovery Plan
A disaster recovery plan is a proven course of action to retrieve and protect a business IT infrastructure in the event of a disaster. Basically, it provides a clear idea on various actions to be taken before, during and after a disaster.
Disasters are natural or man-made. Examples include industrial accidents, oil spills, stampedes, fires, nuclear explosions/nuclear radiation and acts of war etc. Other types of man-made disasters include the more cosmic scenarios of extreme global warming, nuclear war, and bioterrorism while natural disasters are earthquakes, floods, heat groups, hurricanes/cyclones, volcanic eruptions, tsunamis, tornadoes and landslides, cosmic and asteroid threats.
Disaster cannot be deleted, but proactive preparation can mitigate data loss and disruption to operations. Organizations require a disaster recovery plan that includes formal Plan to consider the impacts of disruptions to all basic businesses processes and their dependencies. Phase wise plan consists of the precautions to minimize the effects of a disaster so the organization can continue to function or quickly begin again mission-basic roles.
The Disaster Recovery Plan is to be prepared by the Disaster Recovery Committee, which includes representatives from all basic departments or areas of the department’s roles. The committee should have at the minimum one representative from management, computing, risk management, records management, security, and building maintenance. The committee’s responsibility is to prepare a timeline to establish a reasonable deadline for completing the written plan. The also responsible to clarify basic and noncritical departments. A procedure used to determine the basic needs of a department is to document all the roles performed by each department. Once the dominant roles have been recognized, the operations and processes are then ranked in order of priority: basic, important and non-basic.
Typically, disaster recovery planning involves an examination of business processes and continuity needs. Before generating a detailed plan, an organization often performs a business impact examination (BIA) and risk examination (RA), and it establishes the recovery time objective (RTO) and recovery point objective (RPO). The RTO describes the target amount of time a business application can be down, typically measured in hours, minutes or seconds. The RPO describes the past point in time when an application must be recovered.
The plan should define the roles and responsibilities of disaster recovery team members and outline the criteria to set afloat the plan into action, however, there is no one right kind of disaster recovery plan, nor is there a one-size-fits-all disaster recovery plan. Basically, there are three basic strategies that characterize in all disaster recovery plans: (a) preventive measures, (b) detective measures, and (c) corrective measures.
(a) Preventive measures: will try to prevent a disaster from occurring. These measures seek to clarify and reduce risks. They are designed to mitigate or prevent an event from happening. These measures may include keeping data backed up and off-site, using surge protectors, installing generators and conducting routine inspections.
(b) Detective measures: These measures include installing fire alarms, using up-to-date antivirus software, holding employee training sessions, and installing server and network monitoring software.
(c) Corrective measures: These measures focus on fixing or restoring the systems after a disaster. Corrective measures may consist keeping basic documents in the Disaster Recovery Plan.
The Plan should include a list of first-level contacts and persons/departments within the company, who can declare a disaster and activate DR operations. It should also include an outline and content stating the exact procedures to be followed by a disaster. at the minimum 2-4 possible DR sites with hardware/software that meets or exceeds the current production ecosystem should be made obtainable. DR best practices indicate that DR sites should be at the minimum 50 miles away from the existing production site so that the Recovery Point Objective (RPO)/Restoration Time Objective (RTO) requirements are satisfied
The recovery plan must provide for initial and current employee training. Skills are needed in the reconstruction and salvage phases of the recovery course of action. Your initial training can be achieved by specialized seminars, special in-house educational programs, the wise use of consultants and vendors, and individual study tailored to the needs of your department. A minimal amount of training is necessary to assist specialized restorers/recovery contractors and others having little knowledge of your information, level of importance, or general operations
An complete proven plan has to be tested thoroughly and all testing report should be logged for future prospect. This testing should be treated as live run and with abundant of time. After testing procedures have been completed, an initial “dry run” of the plan is performed by conducting a structured walk-by test. The test will provide additional information regarding any further steps that may need to be included, changes in procedures that are not effective, and other appropriate adjustments. These may not become apparent unless an actual dry-run test is performed. The plan is afterward updated to correct any problems identified during the test. Initially, testing of the plan is done in sections and after normal business hours to minimize disruptions to the overall operations of the organization. As the plan is further polished, future tests occur during normal business hours.
Once the disaster recovery plan has been written and tested, the plan is then submitted to management for approval. It is top management’s ultimate responsibility that the organization has a proven and tested plan. Management is responsible for establishing the policies, procedures, and responsibilities for comprehensive contingency planning, and reviewing and approving the contingency plan yearly, documenting such reviews in writing.
Another important aspect that is often overlooked involves the frequency with which DR Plans are updated. Yearly updates are recommended but some industries or organizations require more frequent updates because business processes evolve or because of quicker data growth. To stay applicable, disaster recovery plans should be an integral part of all business examination processes and should be revisited at every major corporate acquisition, at every new product set afloat, and at every new system development meaningful development.
Your business doesn’t keep the same; businesses grow, change and realign. An effective disaster recovery plan must be regularly reviewed and updated to make sure it reflects the current state of the business and meets the goals of the company. Not only should it be reviewed, but it must be tested to ensure it would be a success if implemented.
When things go awry, it’s important to have a strong, targeted, and well-tested disaster recovery plan. Without a Disaster Recovery (DR) plan, your organization is at exceptional risk of loss of business, hacking, cyber-attacks, loss of secret data, and more.