By- Tharani Navaratnam

METROPOLIS CAPITAL Bank is a leading private bank in Sri Lanka, operating multiple branches, ATMs and data
centers connected via ISP links. Its operations rely on ISO certification and robust security tools, including a firewall.
The bank is seeking a Network Security Analyst to devise a secure remote work solution in the event of an emergency.

METROPOLIS CAPITAL Bank Disaster Recovery Plan Revision History

REVISION DATE NAME DESCRIPTION

1 2023-08-20 John Smith Initial Draft

2 2023-09-05 Emily Johnson Updated sections: Risk

Management, Disaster
Assessment

3 2023-09-15 David Clark Added sections: Business

Recovery,

4 2023-09-30 Sarah Williams Final review and formatting

 Table of Contents

Contents
Table of Contents

1. Executive Summary
2. Introduction
2.1 Purpose of the Plan
2.2 Scope
2.3 Objectives
2.4 Definitions and Acronyms
3. Risk Management
3.1 Identification of Potential Disasters
3.2 Risk Assessment Criteria
3.3 Potential Disasters and Risk Assessment
4. Emergency Response
4.1 Activation of Disaster Recovery Team
4.2 Disaster Recovery Activities
4.3 Monitoring Business Recovery Task Progress
5. Media and Communications
5.1 Communication Strategies
5.2 Communication Form
6. Insurance and External Contacts
6.1 Insurance-Related Assistance
6.2 External Contacts
7. Business Recovery
7.1 Business Process/Function Recovery Completion Form
7.2 Returning Recovered Business Operations to Business Unit Leadership
7.3 Business Recovery Activity Report Form
8. Technology Recovery
8.1 Disaster Recovery Plan for Systems
8.2 Technology Disaster Recovery Plan Forms
9. Appendix A – Suggested Forms
10. Appendix B – Technology Disaster Recovery Plan Templates
11. Revision History
 METROPOLIS CAPITAL Bank's Disaster Recovery Plan’s Statement of Intent

The Disaster Recovery Plan of Intent outlines our commitment to guaranteeing business continuity and maximum
reliability for our clients. By implementing a comprehensive strategy, METROPOLIS CAPITAL Bank is well-
prepared to navigate potential disruptions and provide uninterrupted services to its valued clients.

Policy Statement

Our disaster recovery and business continuity policy reaffirms METROPOLIS CAPITAL Bank's unwavering
dedication to providing seamless services, safeguarding client interests, and maintaining the highest standards of data
security. By adhering to this policy, we demonstrate our readiness to address unforeseen challenges and uphold our
reputation as a reliable and secure financial institution.

Objectives

 Minimize Downtime and Data Loss

 Ensure Business Continuity
 Protect Client Data and Privacy
 Meet Regulatory and Compliance Standards
 Facilitate Remote Work
 Ensure Secure Communication
 Rapid Recovery and Restoration
 Enhance Employee Preparedness
 Maintain Client Trust and Confidence
 Continuous Improvement
 Vendor and Supplier Coordination
 Transparent Communication
Key Personnel Contact Info

Name, Title Contact Option Contact Number

+94 11 123 4567
Chief Executive Officer Work

0772365686 Mobile
Royal road,Colombo-05 Home
[email protected] Email Address

Work +94 11 655 5626

Chief Information Officer

0745935865 Mobile
Maryura rd,Dehiwala Home
[email protected] Email Address

Work +94 11 987 7526

Head of Security

0756968566 Mobile
Street lane,panadura Home
[email protected] Email Address

C
Notification Calling Tree

Arun

0772365686

CEO

Person
Identifying [email protected]
Incident

CIO
0745935865

[email protected]
External Contacts

Name, Title Contact Option Contact Number

Landlord / Property Jane Smith
Manager
Account Number
LPA-855556 Work Property Manager
Mobile
Home
Email Address [email protected]

Power Company
Account Number Work
PWR-123456 Mobile
Home 94 11 5755557
[email protected] Email Address [email protected]

Telecom Carrier 1
Account Number Work
TC1-789012 Mobile
Fax
Home 94 11 5587777
Email Address [email protected]

Telecom Carrier 2
Account Number Work
TC2-345678 Mobile
Home 94 11 5555555
Email Address [email protected]

Hardware Supplier 1
Account Number Work
HS1-234567 Mobile
Emergency
Reporting
Email Address [email protected]

Server Supplier 1
Account Number. Work
SS1-456789 Mobile
Fax
Email Address [email protected]

Workstation Supplier 1
Account Number Work
WS1-567890 Mobile
Home
Email Address [email protected]
External Contacts Calling Tree

Branch
Operations
(Branch 1)

Operations
Branch
Operations
Chief Operating (Branch 2)
Officer (COO)
Sales Sales Team

Person
Identifying Financial
Incident Analysis
Finance (Branch 1)

Chief Financial Financial

Officer (CFO) Analysis
(Branch 2)

Accounting
Team
Accounting
(Branch 1)

Accounting
Team
(Branch 2)
Plan Overview

 Infrastructure Resilience: We've implemented redundancy and failover mechanisms to swiftly switch
operations between primary and secondary datacenters. Backup ISP links ensure seamless connectivity for
branches, ATMs, and remote employees.

 Data Protection and Security: All sensitive client and bank data is encrypted during transmission and
storage. Data Loss Prevention (DLP) tools are employed to prevent unauthorized data breaches.

 Secure Remote Work: Our plan ensures secure remote access through Virtual Private Network (VPN)
services with multi-factor authentication. Collaboration tools enable effective teamwork during remote
work scenarios.

 Regular Testing and Training: Disaster recovery drills are conducted to evaluate the effectiveness of our
plans. Continuous training prepares employees for effective disaster response.

 Continuous Monitoring and Improvement: Regular vulnerability assessments and audits identify
weaknesses. The plan is updated to address emerging threats and technological advancements.

 Vendor and Supplier Coordination: We maintain agreements with IT service vendors to ensure timely
external support during disasters.

KEY BUSINESS PROCESS BACKUP STRATEGY

IT Operations Fully mirrored recovery site
Tech Support - Hardware Fully mirrored recovery site
Tech Support - Software Fully mirrored recovery site
Facilities Management Fully mirrored recovery site
Email Fully mirrored recovery site
Purchasing Fully mirrored recovery site
Disaster Recovery Fully mirrored recovery site
Finance Fully mirrored recovery site
Contracts Admin Fully mirrored recovery site
Warehouse & Inventory Fully mirrored recovery site
Product Sales Fully mirrored recovery site
Maintenance Sales Fully mirrored recovery site
Human Resources Off-site data storage facility
Testing Fully Mirrored Recovery site - Fully mirrored recovery site
Workshop Fully Mirrored Recovery site - Fully mirrored recovery site
Call Center Fully mirrored recovery site
Web Site Fully mirrored recovery site
 1.1 Risk Management

 METROPOLIS CAPITAL Bank's proactive approach to risk management demonstrates our commitment to
maintaining the highest standards of service reliability, data security, and business continuity. By identifying,
assessing, and mitigating risks, we uphold the trust of our clients and the integrity of our operations.

Potential disasters have been assessed as follows:

Probability Brief Description Of
Potential Disaster Rating Impact Potential Consequences
Rating & Remedial
Actions

Data Breach 3 4 Unauthorized access to sensitive

client data. Implement strict
access controls, encryption, and
regular security audits.
Malware Infection 4 3 Compromising systems with
malicious software. Maintain up-
to-date antivirus software and
educate employees about safe
browsing practices.
Distributed Denial of 2 3 Disruption of online services due
Service (DDoS) to DDoS attacks. Employ DDoS
protection services and establish
incident response procedures.
Insider Threat 2 4 Insider breaches compromising
security. Implement user behavior
monitoring, access controls, and
security awareness training.
Ransomware Attack 3 4 Ransomware encrypting critical
systems. Regularly back up data,
employ robust security measures,
and develop a response plan.
Phishing Attack 4 3 Phishing attempts compromising
sensitive information. Implement
email filtering, employee training,
and multi-factor authentication.

Probability: 1=Very High, 5=Very Low Impact: 1=Total destruction, 5=Minor annoyance

2 Emergency

Emergency Preparedness and Response

In the face of unforeseen disasters and disruptions, METROPOLIS CAPITAL Bank is
dedicated to maintaining a robust emergency preparedness and response framework to
safeguard our operations, data, and the well-being of our clients and employees.

Key Components of Emergency Preparedness

Emergency Response Teams: We have established specialized teams with predefined roles and
responsibilities to ensure a coordinated and effective response during emergencies. These
teams cover areas such as IT, security, communications, and operations.
Emergency Contacts: A comprehensive list of internal and external contacts has been
compiled, including local authorities, vendors, and suppliers. This ensures swift
communication and collaboration during crisis situations.

Emergency Communication Protocols: Clear communication is vital during emergencies. We

have established communication protocols that outline who communicates what, to whom, and
through which channels.

Incident Response Procedures

Activation of Incident Response Teams: Upon detecting an emergency, the relevant response
teams are activated promptly. These teams follow predefined protocols to assess the situation,
implement mitigation measures, and initiate recovery efforts.

Escalation and Reporting: If an incident escalates beyond initial response capabilities,

escalation procedures are in place to involve higher management and engage external
resources if necessary.

Resource Allocation: Adequate resources, both personnel and tools, are allocated to address
the emergency effectively. These resources work in collaboration to minimize the impact of the
incident.

Testing and Drills

Regular Drills: Regular simulation drills are conducted to test the effectiveness of our
emergency response procedures. These drills involve different scenarios to ensure that teams
are well-prepared for a variety of situations.

Tabletop Exercises: Tabletop exercises are conducted to facilitate discussion and decision-
making among team members in a controlled environment. These exercises promote
coordination and improve response strategies.

Continual Improvement
Post-Incident Analysis: After each emergency response, a thorough analysis is conducted to
identify strengths and areas for improvement. Lessons learned are integrated into our
procedures to enhance future responses.

Feedback Loops: We encourage feedback from employees and stakeholders to continuously

refine our emergency preparedness and response plans.

Conclusion

METROPOLIS CAPITAL Bank's comprehensive emergency preparedness and response

framework demonstrates our commitment to the safety of our clients, employees, and
operations. By maintaining well-defined protocols, teams, and resources, we ensure that we are
well-equipped to manage crises and recover swiftly, maintaining the highest standards of
service and security.
 Media

Media Communication and Crisis Management

In the event of a disaster or emergency, effective communication with the media is crucial to
manage the dissemination of information and maintain public trust. METROPOLIS CAPITAL
Bank recognizes the importance of transparent and timely communication during crisis situations.

Media Communication Protocols

Spokespersons: Designated spokespeople have been trained to interact with the media. They ensure
that accurate and consistent information is shared with the public.

Information Verification: Before sharing any information with the media, we ensure that it is
accurate, verified, and aligned with the facts.

Crisis Communication Strategy

Initial Statements: In the early stages of an emergency, we provide concise and factual initial
statements to inform the media and the public about the situation.

Regular Updates: We establish a schedule for providing regular updates to the media and the
public. This practice maintains transparency and prevents misinformation.

Communication Channels
Press Releases: Official press releases are prepared and distributed to media outlets. These releases
contain accurate and verified information about the emergency and our response efforts.

Media Interviews: Spokespeople are available for media interviews to provide more in-depth
information and answer questions from journalists.

Social Media Management

Social Media Posts: We use official social media channels to disseminate accurate information and
updates to our clients and the public.

Engagement and Monitoring: We actively monitor social media platforms to address concerns,
correct misinformation, and engage with clients.

Crisis Management Team

Media Relations Team: A dedicated team handles media interactions and ensures that consistent
messaging is maintained.

Legal and Compliance: Legal experts review all communication to ensure that it aligns with
regulations and avoids potential liabilities.

 Conclusion

METROPOLIS CAPITAL Bank's media communication and crisis management strategy are designed to
ensure transparency, accurate information dissemination, and maintenance of public trust during
emergencies. By adhering to these protocols, we demonstrate our commitment to open communication and
responsible crisis management.
3 Insurance

As part of the company’s disaster recovery and business continuity strategies a number of insurance
policies have been put in place. These include errors and omissions, directors & officers liability, general
liability, and business interruption insurance.

If insurance-related assistance is required following an emergency out of normal business

hours, please contact: 0115569866

Person
Next
Policy Name Coverage Coverage Amount Responsible Renewal
Type Period Of For Date
Coverage Coverage
Property Property Yearly $10,000,000 Jane Smith 2023-12-31
Insurance Coverage
Business Business Annual $5,000,000 John Doe 2023-09-15
Interruption Interruption
Cybersecurity Cybersecurity Biennial $2,000,000 Sarah Johnson 2024-06-30
Insurance Coverage

4 Financial and Legal Issues

4.1 Financial Assessment

The emergency response team shall prepare an initial assessment of the impact of the incident
on the financial affairs of the company. The assessment should include:
 Loss of financial documents
 Loss of revenue
 Theft of check books, credit cards, etc.
 Loss of cash

4.2 Financial Requirements

The immediate financial needs of the company must be addressed. These can include:
 Cash flow position
 Temporary borrowing capability
 Upcoming payments for taxes, payroll taxes, Social Security, etc.
 Availability of company credit cards to pay for supplies and services required post- disaster

4.3 Legal Actions

The company legal department and ERT will jointly review the aftermath of the incident and decide
whether there may be legal actions resulting from the event; in particular, the possibility of claims by or
against the company for regulatory violations, etc.
5 DRP Exercising

Disaster recovery plan exercises are an essential part of the plan development process. In a DRP exercise
no one passes or fails; everyone who participates learns from exercises – what needs to be improved, and
how the improvements can be implemented. Plan exercising ensures that emergency teams are familiar
with their assignments and, more importantly, are confident in their capabilities.

Successful DR plans launch into action smoothly and effectively when they are needed. This will only
happen if everyone with a role to play in the plan has rehearsed the role one or more times. The plan
should also be validated by simulating the circumstances within which it has to work and seeing what
happens
Appendix A – Technology Disaster Recovery Plan

Templates Disaster Recovery Plan for <System One>

SYSTEM

OVERVIEW
PRODUCTION SERVER Location: Data Center A
Server Model: Dell PowerEdge R720
Operating System: Windows Server 2019
CPUs: 2
Memory: 64 GB
Total Disk: 1 TB
System Handle: PRDSYS01
System Serial #: S/N12345678
DNS Entry: prdsys01.mybank.com
IP Address: 192.168.1.10
Other: None

HOT SITE SERVER Location: Data Center B

Server Model: Dell PowerEdge R740
Operating System: Windows Server 2019
CPUs: 2
Memory: 128 GB
Total Disk: 2 TB
System Handle: HOTSYS01
System Serial #: S/N87654321
DNS Entry: hotsys01.mybank.com
IP Address: 192.168.2.10
Other: None
APPLICATIONS
(Use bold for Hot Site)
ASSOCIATED SERVERS DB Server: dbserver01.mybank.com
App Server: appserver01.mybank.com

KEY CONTACTS
Hardware Vendor XYZ Technologies
System Owners Jane Smith
Database Owner John Doe
Application Owners Sarah Johnson
Software Vendors ABC Software Corp.
Offsite Storage Secure Storage Co.

BACKUP STRATEGY
FOR SYSTEM ONE
Daily Incremental backup of data and configuration settings.
Monthly Full system backup including applications and databases.
Quarterly Offsite backup of critical data and configurations.
SYSTEM ONE
DISASTER
RECOVERY
PROCEDURE
Scenario 1 Notify key contacts listed above.
Restore the latest monthly backup to hot site server.
Total Loss of Data Apply quarterly offsite backup to restore missing data.

Scenario 2 Notify key contacts listed above.

Initiate failover to hot site server.
Total Loss of HW Contact hardware vendor for replacement.
ADDENDUM

CONTACTS
Jane Smith: [email protected]

John Doe: [email protected]

File Systems

File System as of File system Kbytes Used Avail %used

Mounted on
Minimal file
systems to be
created and /data 102400 5120 97560 5%
restored from
backup:

Other critical files to None

modify
Necessary /logs, /config
directories
to
create
Critical files to /data/db_backup.sql, /config/config.ini
restore
Secondary files to /data/documents
restore
Other files to None
restore
Disaster Recovery Plan for <System Two>

SYSTEM

OVERVIEW
PRODUCTION SERVER Location: Data Center C
Server Model: HP ProLiant DL360
Operating System: CentOS 7
CPUs: 4
Memory: 32 GB
Total Disk: 500 GB
System Handle: PRODSYS02
System Serial #: S/N98765432
DNS Entry: prodsys02.mybank.com
IP Address: 192.168.3.10
Other: None
HOT SITE SERVER Location: Data Center D
Server Model: HP ProLiant DL380
Operating System: CentOS 7
CPUs: 4
Memory: 64 GB
Total Disk: 1 TB
System Handle: HOTSYS02
System Serial #: S/N23456789
DNS Entry: hotsys02.mybank.com
IP Address: 192.168.4.10
Other: None
APPLICATIONS
(Use bold for Hot Site)
ASSOCIATED SERVERS DB Server: dbserver02.mybank.com
App Server: appserver02.mybank.com

KEY CONTACTS
Hardware Vendor ZYX Technologies

System Owners Mark Johnson

Database Owner Emily Brown

Application Owners Michael Lee

Software Vendors XYZ Software Solutions

Offsite Storage Secure Data Storage Inc.

BACKUP STRATEGY for

SYSTEM TWO
Daily Incremental backup of critical files and databases.
Monthly Full system backup including applications and configurations
Quarterly Offsite backup of essential data and system configurations.

SYSTEM TWO
DISASTER
RECOVERY
PROCEDURE
 Notify key contacts listed above.
Scenario 1 Restore the latest monthly backup to hot site server.
Apply quarterly offsite backup to restore missing data.
Total Loss of Data

Notify key contacts listed above.

Scenario 2 Initiate failover to hot site server.
Contact hardware vendor for replacement.
Total Loss of HW
ADDENDUM

CONTACTS
Mark Johnson: [email protected]
Emily Brown: [email protected]

File Systems

File System as of File system Kbytes Used Avail %used

Mounted on
Minimal file
systems to be data 204800 10240 194560 5%
created and
restored from
backup:

Other critical files to None

modify
Necessary /logs, /config
directories
to
create
Critical files to /data/db_backup.sql, /config/config.ini
restore
Secondary files to /data/documents
restore
Other files to None
restore
Disaster Recovery Plan for Local Area Network (LAN)

SYSTEM

OVERVIEW
SERVER Location: Main Data Center
Server Model: Cisco UCS C220 M4
Operating System: Windows Server 2016
CPUs: 2
Memory: 64 GB
Total Disk: 1 TB
System Handle: LAN-SRV-01
System Serial #: S/N56789012
DNS Entry: lansrv01.mybank.com
IP Address: 192.168.10.10
Other: None

HOT SITE SERVER Location: Secondary Data Center

Server Model: Cisco UCS C240 M5
Operating System: Windows Server 2016
CPUs: 2
Memory: 128 GB
Total Disk: 2 TB
System Handle: HOTLAN-SRV-01
System Serial #: S/N12345678
DNS Entry: hotlansrv01.mybank.com
IP Address: 192.168.20.10
Other: None
APPLICATIONS Backup Server: backupserver01.mybank.com
(Use bold for Hot Site) Domain Controller: dcserver01.mybank.com
ASSOCIATED SERVERS

KEY CONTACTS
Hardware Vendor Network Solutions Inc.
System Owners Alex Smith
Database Owner Not Applicable
Application Owners Alice Johnson

Software Vendors Microsoft Corporation

Offsite Storage DataSafe Backup Services

BACKUP STRATEGY for

SYSTEM TWO
Daily Incremental backup of data and configurations.
Monthly Full system backup including applications and settings.
Quarterly Offsite backup of critical data and system configurations.

SYSTEM TWO
DISASTER
RECOVERY
PROCEDURE
 Notify key contacts listed above.
Scenario 1 Restore the latest monthly backup to hot site server.
Apply quarterly offsite backup to restore missing data.
Total Loss of Data

Notify key contacts listed above.

Scenario 2 Initiate failover to hot site server.
Contact hardware vendor for replacement.
Total Loss of HW ADDENDUM
ADDENDUM

CONTACTS
Alex Smith: [email protected]

File Systems

File System as of File system Kbytes Used Avail %used

Mounted on
Minimal file
systems to be 102400 5120 97560 5% /data
created and
restored from
backup:

Other critical files None

to modify
Necessary /logs, /config
directories
to create
Critical files to /data/db_backup.sql, /config/config.ini
restore
Secondary files to /data/documents
restore
Other files to None
restore
Disaster Recovery Plan for Wide Area Network (WAN)

SYSTEM

OVERVIEW
EQUIPMENT Location: Main Data Center
Device Type: Cisco Router
Model No.: Cisco ISR 4321
Technical Specifications: 2 WAN Ports, 4 LAN Ports
Network Interfaces: GigabitEthernet0/0/0 (WAN),
GigabitEthernet0/0/1 (LAN)
Power Requirements: 100-240V AC, 50-60Hz
System Serial #: S/N34567890
DNS Entry: wanrouter.mybank.com
IP Address: 203.0.113.10
Other: None
HOT SITE EQUIPMENT Location: Secondary Data Center
Device Type: Cisco Router
Model No.: Cisco ISR 4331
Technical Specifications: 3 WAN Ports, 4 LAN Ports
Network Interfaces: GigabitEthernet0/0/0 (WAN),
GigabitEthernet0/0/1 (LAN)
Power Requirements: 100-240V AC, 50-60Hz
System Serial #: S/N78901234
DNS Entry: hotwanrouter.mybank.com
IP Address: 203.0.113.20
Other: None Location: Secondary Data Center
Device Type: Cisco Router
Model No.: Cisco ISR 4331
Technical Specifications: 3 WAN Ports, 4 LAN Ports
Network Interfaces: GigabitEthernet0/0/0 (WAN),
GigabitEthernet0/0/1 (LAN)
Power Requirements: 100-240V AC, 50-60Hz
System Serial #: S/N78901234
DNS Entry: hotwanrouter.mybank.com
IP Address: 203.0.113.20
Other: None
SPECIAL
APPLICATIONS
ASSOCIATED DEVICES Firewall: Cisco ASA 5506-X
WAN Optimizer: Riverbed SteelHead

KEY CONTACTS
Hardware Vendor Network Solutions Inc.
System Owners Karen Lee
Database Owner Not Applicable
Application Owners Not Applicable
Software Vendors Cisco Systems
Offsite Storage Data Safe Backup Services
Network Services ISP Provider - ISP Services Inc.

BACKUP STRATEGY for

SYSTEM TWO
Daily Configuration backup of network devices.
Monthly Comprehensive backup of device configurations and network
settings.
Quarterly Offsite backup of critical device configurations

SYSTEM TWO
DISASTER
RECOVERY
PROCEDURE
Notify key contacts listed above.
Scenario 1 Initiate failover to hot site equipment.
Collaborate with ISP to restore network connectivity.
Total Loss of Network

Notify key contacts listed above.

Scenario 2 Initiate failover to hot site equipment.
Contact hardware vendor for replacement
Total Loss of HW
ADDENDUM

CONTACTS
Karen Lee: [email protected]
Support Systems

Support Systems

Support system Network Monitoring System (NMS)

Critical network WAN Routers, Firewalls

assets
Critical interfaces WAN Ports, LAN Ports
Critical files to Device configurations
restore
Critical network Internet connectivity, VPN services
services to restore
Other services None
Disaster Recovery Plan for Remote Connectivity

SYSTEM

OVERVIEW
EQUIPMENT Location: Remote Office A
Device Type: Cisco VPN Router
Model No.: Cisco ISR 881
Technical Specifications: 1 WAN Port, 4 LAN Ports
Network Interfaces: FastEthernet0 (WAN), FastEthernet1-4
(LAN)
Power Requirements: 100-240V AC, 50-60Hz
System Serial #: S/N56789012
DNS Entry: remotevpn.mybank.com
IP Address: 192.168.100.10
Other: None
HOT SITE EQUIPMENT Location: Secondary Data Center
Device Type: Cisco VPN Router
Model No.: Cisco ISR 891
Technical Specifications: 1 WAN Port, 4 LAN Ports
Network Interfaces: FastEthernet0 (WAN), FastEthernet1-4
(LAN)
Power Requirements: 100-240V AC, 50-60Hz
System Serial #: S/N12345678
DNS Entry: hotremotevpn.mybank.com
IP Address: 192.168.200.10
Other: None
SPECIAL None
APPLICATIONS
ASSOCIATED DEVICES Firewall: Cisco ASA 5505
WAN Optimizer: Silver Peak SD-WAN

KEY CONTACTS
Hardware Vendor Network Solutions Inc.

System Owners Eric Davis

Database Owner Not Applicable
Application Owners Not Applicable
Software Vendors Cisco Systems
Offsite Storage Data Safe Backup Services
Network Services ISP Provider - ISP Services Inc.

BACKUP STRATEGY for

SYSTEM TWO
Daily Configuration backup of VPN routers.
Monthly Comprehensive backup of device configurations and network
settings
Quarterly Offsite backup of critical device configurations.

SYSTEM TWO
DISASTER
RECOVERY
PROCEDURE
 Notify key contacts listed above.
Scenario 1 Initiate failover to hot site equipment.
Collaborate with ISP to restore remote connectivity.
Total Loss of Network

Notify key contacts listed above.

Scenario 2 Initiate failover to hot site equipment.
Contact hardware vendor for replacement.
Total Loss of HW
ADDENDUM

CONTACTS
Eric Davis [email protected]

Support Systems

Support system Network Monitoring System (NMS)

Critical network VPN Routers, Firewalls

assets
Critical interfaces WAN Ports, LAN Ports
Critical files to Device configurations
restore
Critical network Remote connectivity services
services to restore
Other services None
Disaster Recovery Plan for Voice Communications

SYSTEM

OVERVIEW
EQUIPMENT Location: Main Office
Device Type: VoIP Phone System
Model No.: Cisco Unified Communications Manager
Technical Specifications: Version 12.5, supports 1000
extensions
Network Interfaces: GigabitEthernet0 (LAN)
Power Requirements: 100-240V AC, 50-60Hz
System Serial #: S/N12345678
DNS Entry: voip.mybank.com
IP Address: 192.168.50.10
Other: None
HOT SITE EQUIPMENT Location: Secondary Data Center
Device Type: VoIP Phone System
Model No.: Cisco Unified Communications Manager
Technical Specifications: Version 12.5, supports 1000
extensions
Network Interfaces: GigabitEthernet0 (LAN)
Power Requirements: 100-240V AC, 50-60Hz
System Serial #: S/N56789012
DNS Entry: hotvoip.mybank.com
IP Address: 192.168.60.10
Other: None
SPECIAL None
APPLICATIONS
ASSOCIATED DEVICES VoIP Gateways: Cisco VG310
IP Phones: Cisco 7841

KEY CONTACTS
Hardware Vendor Network Solutions Inc.

System Owners Rachel Martinez

Database Owner Not Applicable
Application Owners Not Applicable

Software Vendors Cisco Systems

Offsite Storage DataSafe Backup Services

Network Services ISP Provider - ISP Services Inc.

BACKUP STRATEGY for

SYSTEM TWO
Daily Configuration backup of VoIP phone system.
Monthly Comprehensive backup of system configurations and settings
Quarterly Offsite backup of critical system configurations

SYSTEM TWO
DISASTER
RECOVERY
PROCEDURE
 Notify key contacts listed above.
Scenario 1 Initiate failover to hot site equipment.
Collaborate with VoIP vendor to restore system functions.
Total Loss of Switch

Notify key contacts listed above.

Scenario 2 Initiate failover to hot site equipment.
Contact ISP to restore network connectivity.
Total Loss of Network
ADDENDUM

CONTACTS
Rachel Martinez: [email protected]

Support Systems

Support system Network Monitoring System (NMS)

Critical network VoIP Phone System, VoIP Gateways

assets
Critical interfaces LAN Ports
Critical files to System configurations
restore
Critical network Voice communications services
services to restore
Other services None
Appendix B – Suggested Forms

Damage Assessment Form

Key Business
Process Description Of Extent Of Damage
Affected Problem
Customer Transactions Network Outage High
Email Communication Email Server Down Medium
Online Banking Services Server Crash High
ATM Services Connectivity Issue Low

Management of DR Activities Form

 During the disaster recovery process all activities will be determined using a standard
structure;
 Where practical, this plan will need to be updated on a regular basis
throughoutthe disaster recovery period;
 All actions that occur during this phase will need to be recorded

Activity Name: Network Recovery

Reference Number: ACT-001
Brief Description: Restore network connectivity

Commencement Completion
Date/Time Date/Time Resources In Charge
Involved
2023-08-20 09:00 AM 2023-08-20 11:00 AM Network Team, IT John Smith
Team
2023-08-20 10:30 AM 2023-08-20 01:00 PM IT Team Emily Johnson
2023-08-20 11:00 AM 2023-08-20 02:30 PM IT Team, Development Michael Brown
Team
2023-08-20 12:30 PM 2023-08-20 03:00 PM Network Team, Sarah Williams
Operations Team
Disaster Recovery Event Recording Form

 All key events that occur during the disaster recovery phase must be recorded.
 An event log shall be maintained by the disaster recovery team leader.
 This event log should be started at the commencement of the emergency and a copy of the log
passed on to the business recovery team once the initial dangers have been controlled.
 The following event log should be completed by the disaster recovery team leader to
record all key events during disaster recovery, until such time as responsibility is handed
over to the business recovery team.

Description of Disaster: Network Outage

Commencement Date: 2023-08-20
Date/Time DR Team Mobilized: 2023-08-20 08:45 AM

Activities Undertaken by Date Follow-On

DR Team and Outcome Action
Time Required
Network Diagnosis 2023-08-20 09:00 Identified router Initiate hardware
AM failure replacement
Router Replacement 2023-08-20 09:30 Installed new router Installed new router
AM
Network Testing 2023-08-20 10:00 Connectivity restored Monitor network
AM stability

Handover to IT Team 2023-08-20 10:30 Issue resolved Regular network

AM monitoring

Disaster Recovery Team's Work Completed: 2023-08-20

Event Log Passed to Business Recovery Team: 2023-08-20

Disaster Recovery Activity Report Form

 Description of the emergency or incident: Network Outage

 Those people notified of the emergency (including dates): IT Team, Network Team, Management
 Action taken by members of the DRT: Identified router failure, replaced router, tested network connectivity
 Outcomes arising from actions taken: Network connectivity restored, issue resolved
 An assessment of the impact to normal business operations: Minimal impact due to quick recovery
 Assessment of the effectiveness of the BCP and lessons learned: BCP effectively initiated, lessons learned
about network redundancy
 Lessons learned: Importance of regular network monitoring, redundancy planning
 The report will include:
 A description of the emergency or incident
 Those people notified of the emergency (includingdates)
 Action taken by members of the DRT
 Outcomes arising from actions taken
 An assessment of the impact to normal business operations
 Assessment of the effectiveness of the BCP and lessons learned
 Lessons learned

Mobilizing the Disaster Recovery Team Form

 Following an emergency requiring recovery of technology infrastructure assets, the

disaster recovery team should be notified of the situation and placed onstandby.
 The format shown below can be used for recording the activation of the DR team once the work
of the damage assessment and emergency response teams has been completed

Description of Emergency: Disaster Recovery Activity Report Form

Date Occurred: 2023-08-20
Date Work of Disaster Recovery Team Completed: 2023-08-20

Name of Contacted
Contact Details Start Date
Team On (Time / By Whom Response
Member Date) Required

John Smith [email protected] 20/08/2023 IT Team Available 20/08/2023

08:45 Leader 09:00
Emily Johnson [email protected] 20/08/2023 Network Team Available 20/08/2023
08:45 Lead 09:00
Michael Brown [email protected] 20/08/2023 IT Manager Available 20/08/2023
08:45 09:00
John Smith [email protected] 20/08/2023 IT Team Available 20/08/2023
08:45 Leader 09:00

Monitoring Business Recovery Task Progress Form

 The progress of technology and business recovery tasks must be closely monitored
during this period of time
 Since difficulties experienced by one group could significantly affect other dependent tasks it is
important to ensure that each task is adequately resourced and that the efforts required to restore
normal business operations have not beenunderestimated

Note: A priority sequence must be identified although, where possible, activities will be carried out
 simultaneously.
RecoveRecovery Person(s) Completion Date Milestones Other
Tasks (Order of Responsible Estimated Actual Identified Relevant
Priority) Information

John Smith 25/08/2023

Emily Johnson 26/08/2023
Michael Brown 28/08/2023
Sarah Williams 30/08/2023
Jane Miller
David Clark
Susan White

Preparing the Business Recovery Report Form

 On completion of business recovery activities the BRT leader should prepare a report on the
activities undertaken and completed
 The report should contain information on the disruptive event, who was notified and when,
action taken by members of the BRT together with outcomes arising from those actions
 The report will also contain an assessment of the impact to normal business operations
 The report should be distributed to senior management, as appropriate

The contents of the report shall include:

 A description of the incident
 People notified of the emergency (including dates)
  Action taken by the business recovery team
 Outcomes arising from actions taken
 An assessment of the impact to normal business operations
 Problems identified
 Suggestions for enhancing the disaster recovery and/or business continuityplan
 Lessons learned

Communications Form

 It is very important during the disaster recovery and business recovery activities thatall affected
persons and organizations are kept properly informed
 The information given to all parties must be accurate and timely
 In particular, any estimate of the timing to return to normal working operations should be
announced with care
 It is also very important that only authorized personnel deal with media queries

Groups of Persons Selected To Coordinate

Persons or Communications
Organizations to Affected Persons / Organizations
Affected by Name Position Contact Details
Disruption

Customers John Smith Customer Relations [email protected]

Manager
Management & Emily Johnson HR Director [email protected]
Staff m
Suppliers David Clark Procurement Manager [email protected]
Media Sarah Williams Public Relations [email protected]
Coordinator m
Stakeholders Michael Brown Stakeholder Relations [email protected]
Manager
Others Jane Miller Communication [email protected]
Specialist

Returning Recovered Business Operations to Business Unit Leadership

 Once normal business operations have been restored it will be necessary to return the
responsibility for specific operations to the appropriate business unit leader
 This process should be formalized in order to ensure that all parties understandthe change in
overall responsibility, and the transition to business- as-usual
 It is likely that during the recovery process, overall responsibility may have been assigned to
the business recovery process lead
 It is assumed that business unit management will be fully involved throughout the recovery, but
in order for the recovery process to be fully effective, overall responsibility during the recovery
period should probably be with a business recovery process team
Business Process/Function Recovery Completion Form
The following transition form should be completed and signed by the business recovery team
leader and the responsible business unit leader, for each process recovered.

A separate form should be used for each recovered business process.

Name Of Business Process

Completion Date of Work Provided by
Business Recovery Team
Date of Transition Back to Business Unit
Management
(If different than completion date)

I confirm that the work of the business recovery team has been completed in accordance
with the disaster recovery plan for the above process, and that normal business operations
have been effectively restored.

Business Recovery Team Leader Name: John Smith

Signature:

Date: 2023/08/25

(Any relevant comments by the BRT leader in connection with the return of this business
process should be made here.)

I confirm that above business process is now acceptable for normal working conditions. Name:

Emily Johnson

Title: Sales Manager

Signature:

Date: 2023-09-16

Courtesy of Micro Focus, Inc.

This document is intended to be a starting point for a potential disaster recovery plan and is a not, in any
way, a complete disaster recovery plan. Micro Focus does not take responsibility for any disaster
recovery plans that are based off of this document, nor any failure due to implementation or execution of
this template.

Acknowledgement to Paul Kirvan of searchdisasterrecovery.com for the inspiration of this template.

135-000078-001