Scribd
Upload
122 views

Disaster Recovery Planning

The document discusses disaster recovery planning for businesses. It provides an agenda that covers analyzing a company's needs, regulations, risks, and testing plans. It defines key terms like contingency planning and disaster response. The document recommends identifying critical business functions, conducting risk and impact analyses, developing standard disaster recovery plan formats, and testing plans regularly. The goal is to enable businesses to resume essential operations quickly after a disaster.

Uploaded by

adeeb
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
122 views

Disaster Recovery Planning

The document discusses disaster recovery planning for businesses. It provides an agenda that covers analyzing a company's needs, regulations, risks, and testing plans. It defines key terms like contingency planning and disaster response. The document recommends identifying critical business functions, conducting risk and impact analyses, developing standard disaster recovery plan formats, and testing plans regularly. The goal is to enable businesses to resume essential operations quickly after a disaster.

Uploaded by

adeeb
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Disaster Recovery Planning

Presented by

Micky Hogue, CRM


Sandia National Laboratories
Albuquerque, New Mexico
[email protected]

1
If that happened to your
business...

Would your business be


able to survive???

Agenda

z Business Disaster Recovery Planning


z Analyzing your company & it’s needs
z Regulations, Recovery, & Risks
z Testing the plan
z Mutual Aid & Pre-disaster Agreements

Business Disaster
Recovery Planning

Disasters happen.....

If your company is here today,


and gone tomorrow.....

Will it matter?

2
Focus on the Organization’s
most Critical Functions

These Need to be
Recovered First.

Definitions

z Disaster Planning--determines risks & potential


impacts
z Disaster Prevention--steps to prevent or lessen
impacts
z Contingency Planning--develop records
program, recovery strategies, and procedures,
coordinated written plans, make assignments,
list resources, do training and testing.

Definitions.....(continued)

z Disaster Response & Recovery--Implementing your


Plan, dedicate resources to priority “critical function
areas” - retrieve/restore all vital records for these
areas.

z Business Resumption--retrieve/restore all vital


records & information for the rest of the company’s
work areas -- finally return to normal business.

3
Levels of Disasters

z Individual – loss of file, diskette, hard drive


z Loss of office – fire, water
z Local (loss of building) – fire, earthquake,
bomb, biological hazard
z Region Wide – flood, storm, earthquake, fire,
bio/chemical hazards
z Nationwide – terrorism, massive computer
failure, bio/chemical hazards,war

10

An Information Disaster is...


a sudden event that results in the loss
of records essential to an
organization’s continued operation.

z Destruction--fire, water, earthquake, etc.


z Stolen--industrial espionage, theft for profit or
sabotage
z Inaccessible--toxic contaminates, earthquake

11

Is Your Company Unique?

z Sole provider of your services/function?


z How fast must you resume services--
immediately? 24 hrs? 48 hrs? 1 wk?......
z Who is harmed if you cannot function?
z Are special skills/knowledge required?
z Will your employees be available?
z Are special records or equipment required?
z If so, will they be available in time?
12

4
What are Your Company’s
Post-Disaster Needs?

z Your building is gone -- Where will you go?


z Transportation? Housing? Food?
z Will employees leave home & family?
z Alternate work site established & contracted?
z Equipment, supplies, telecom -- in place?
z Current Vital Records Plan & backups?
z Do you have a plan now? Does staff know of
it, and what they are supposed to do?
13

Will the Disaster Change Your


Responsibilities, Functions, or Direction in
Any Way?

z What will be new or different during the


response and recovery?
z Do business as usual? Or address
specific response & recovery services?
z Do you have procedures for these
response & recovery function?
z Have your employees been trained &
rehearsed?
14

Why Should I Develop a


Company Disaster Recovery Plan?

z How can I justify? What are the Benefits?


» Meet regulatory requirements
» Ensures continuation of services
» Increase employee confidence & morale
» Insure job security
» Identifies the vital parts of the agency & helps to
focus and streamline procedures & strategies
» Minimizes liability and lawsuits

15

5
Regulations & Statutes for
Recovery Planning

z Contingency Planning Regulations


z Liability Laws
z Life/Safety Guidelines
z Risk Reduction Statutes
z Security Acts
z Vital Records Statutes

16

Risks
z Impact if records are lost? To company,
customers, or public?
z Which type of disasters can happen most
often?
z How quickly must you resume business?
z How tough is your competition?
z How soon will you lose market share?

17

Risks (continued)

z Will customer sue you if they suffer


losses?
z What if the disaster involves your off-
site storage or archives?
z What are legal, IRS, and other
implications?

18

6
Where to Begin?

z Get management agreement for a plan,


and the extent of the plan
z Set up a Contingency Planning Group
z Select a disaster recovery team
z Get every department working on a
disaster plan and vital records plan

19

Four Phases of Disaster


Recovery -- S, S, R, and R
z S = Survival
» Immediate response to threats to life safety,
equipment, buildings, or area.
z S = Stabilize
» Take sensible steps to regain control of situation
z R = Recover
» Take necessary steps to recover critical &
essential functions & facilities
z R = Resume
» Transition from recovery to normal business
20

Business Disaster Recovery


Plan Strategies
z All work units develop disaster recovery plans
& test them at least twice each year
z Recovery Priority Level is based on the
impact to customer, regulatory requirements,
and financial stability:
» 1. CRITICAL -- recovery within 48 hours
» 2. ESSENTIAL -- recovery within 1 week
» 3. SUPPORT -- assist recovery of other units
» 4. DEFERRED RECOVERY -- recovery can be delayed

21

7
Business Disaster Recovery
Plan Strategies (continued)

z Standard Disaster Plan Format:


» corporate policy, response & recovery strategies,
plan assumptions
» explains changes during a recovery period
» ensures all essential information & decisions are
included in the plan
» information is in a logical sequence
» information is easily referenced during a disaster

22

Business Disaster Recovery


Plan Strategies (continued)

z Standard Disaster Plan Format:


» planning process efficient for managers
» allows DRP to easily read & critique every plan
» allows DRP to compare strategies of business
units
» allows another manager to implement a plan
other than their own

23

Basic Steps in Developing a


Disaster Recovery Plan (cont...)

z Inform all function areas of the priority status and


your recovery plans for them
z Develop a Standard Disaster Recovery Plan to be
completed, & updated annually by all business units.
z Copies of the plan to be kept in the managers’
offices and homes
z Plan to include standard emergency response
instructions--who to call, etc.

24

8
Basic Steps in Developing a
Disaster Recovery Plan

z Do a Risk Analysis (building/regional)


z Do Business Impact Analysis (types of
disasters on business functions)
z Do Human Impact Analysis
z Ensure Adequate Business Interruption
Insurance
z Ensure frequent off-site backups of all vital
records, data, software, etc.

25

Basic Steps in Developing a


Disaster Recovery Plan (cont...)

z Develop Hotsite/Warmsite/Coldsite Plan--


implement and do tests
z Plan Communication after a Disaster
» Where will key managers meet?
» What should staff do when they hear of disaster?
» How to keep everyone up-to-date & informed?
z Determine what your critical functions are,
and if any are independent of location
26

Basic Steps in Developing a


Disaster Recovery Plan (cont...)
z Critical functions that must resume operations in
less than 1 week must develop, equip, install
telecommunications and mainframe connectivity,
supply, and test an alternative worksite

z Determine what order “Critical” functions should be


recovered

z Determine how to best use staff & resources of your


“non-critical” functions

27

9
Basic Steps in Developing a
Disaster Recovery Plan (cont...)

z Do a 1-page summary of key information for every


“Critical” function’s dept’s. plan--these summaries
must be immediately available to the corporation’s
“Recovery Management Team”

z Prepare a Work Unit Location Analysis for every


multi-store building--which units, # of people,
criticality status, square footage, equipment needed,
etc.

28

Basic Steps in Developing a


Disaster Recovery Plan (cont...)

z Develop a multi-room Emergency Operations


Center (EOC)
» Develop rolls/responsibilities and basic
procedures
» Have key managers/staff practice activating and
using it
z Interview major restoration companies
» Consider pre-signed service agreements for
emergency evaluation and priority service
29

Basic Steps in Developing a


Disaster Recovery Plan (cont...)

z Beyond your fire warden program, develop an


Emergency Response and Life Safety Program
based on a severe regional emergency or disaster.

z Focus on your ability to survive up to 1 week without


any outside assistance--fire, injuries, deaths, search
& rescue, water, food, sanitation, communications,
& evacuations

30

10
The Only Certain Thing
About an Untested Plan...

Is That the Plan Won’t Work.

31

Types of Tests
z Notification
Tests
z Table Top Tests
z Walk Through Tests
z Operational Tests of Emergency
Voice Communications
z Operational Tests of Hotsite

32

Types of Tests (continued)

z Triage Tests
z Mini - Simulations
z Major - Simulations
z Coordinated Partnership Response
Test of a Major Disaster Simulation

33

11
Pre-
Pre-Disaster Agreements, Service
Contracts, & Mutual Aid

z What should you do?


z What can you do?

34

Pre-
Pre-Disaster Agreements, Service
Contracts, and Mutual Aid

Can You Recover All By Yourself?

Generally speaking, if your business or


agency is going to have a realistic
chance of recovering in time, you are
going to need the help of others. And in
order for them to recover, they may need
your help.

35

Mutual Aid & Pre-


Pre-Disaster Agreements
“Helping Each Other” Philosophy -- Volunteering to Assist

z Mutual Aid and Pre-Disaster Agreements:


» Are voluntary
» Do not bind or obligate the signers; they will only
assist if possible
» Define the general types of assistance that may
be required
» Identify the chain of command for activating the
agreement
» Define 24-hour communications procedures

36

12
Service Contracts--
Contracts--How
How to Ensure
Essential Services Will Continue
z Service Contracts:
» Are legal and binding contracts
» Stipulate how, when, and where specific services
are to resume
» Are negotiated and signed by the vendors
owners or high-level managers
» Identify the chain of command for activating the
agreement
» Define 24-hour communications procedures
37

Public & Private


Partnerships
z Mutual Aid and Pre-Disaster Agreements:
» Are voluntary
» Do not bind or obligate the signers; they will only
assist if possible
» Define the general types of assistance that may
be required
» Identify the chain of command for activating the
agreement
» Define 24-hour communications procedures

38

There are no Permanent


Answers....
Only Evolving Solutions

39

13
Any Questions??

40

14

You might also like