Disater Recovery Plan Essay

Appoint coordinator/project leader, if the leader is not the dean or chairperson. 1. Determine most appropriate plan organization for the unit 2. Identify and convene planning team and sub-teams as appropriate (for example, lead computer support personnel should be in the team if the plan will involve recovery of digital data and documents). 3. At the unit level a. scope – the area covered by the disaster recovery plan, and objectives – b. assumptions 4. Set project timetable 5. Obtain approval of scope, assumptions and project plan, if the leader is not the administrator. Step Two – Conduct Business Impact Analysis In order to complete the business impact analysis, most units will perform the following steps: 1. Identify functions, processes and systems 2. Interview information systems support personnel 3. Interview business unit personnel 4. Analyze results to determine critical systems, applications and business processes 5. Prepare impact analysis of interruption on critical systems Step Three – Conduct Risk Assessment 1. Review physical security (e.g. secure office, building access off hours, etc.) 2. Review backup systems 3. Review data security 4. Review policies on personnel termination and transfer 5. Identify systems supporting mission critical functions 6. (Such as flood, tornado, physical attacks, etc.) 7. Assess probability of system failure or disruption 8. Prepare risk and security analysis Step Four – Develop Strategic Outline for Recovery 1. Assemble groups as appropriate for: Hardware and operating systems Communications Applications Facilities Other critical functions and business processes as identified in the Business Impact Analysis 1 For each system/process above quantify the following processing requirements: Light, normal and heavy processing days Transaction volumes Dollar volume (if any) Estimated processing time Allowable delay (days, hours, minutes, etc.) Detail all the steps in your workflow for each critical business function Identify systems and application Component name and technical id (if any) Type (online, batch process, script) Frequency Run time Allowable delay (days, hours, minutes, etc.) Identify vital records (e.g., libraries, processing schedules, procedures, research, advising records, etc.) Name and description Type (e.g., backup, original, master, history, etc.) Where are they stored Source of item or record Can the record be easily replaced from another source (e.g., reference materials) Backup Backup generation frequency Number of backup generations available onsite Number of backup generations available off-site Location of backups Media type Retention period Rotation cycle Who is authorized to retrieve the backups? 1 Identify if a severe disruption occurred what would be the minimum requirements/replacement needs to perform the critical function during the disruption. Type (e.g. server hardware, software, research materials, etc.) Item name and description Quantity required Location of inventory, alternative, or offsite storage Vendor/supplier 7. Identify if alternate methods of processing either exist or could be developed, quantifying where possible, impact on processing. (Include manual processes.) 8. Identify person(s) who supports the system or application 9. Identify primary person to contact if system or application cannot function as normal 10. Identify secondary person to contact if system or application cannot function as normal 11. Identify all vendors associated with the system or application 12. Document unit strategy during recovery (conceptually how will the unit function?) 13. Quantify resources required for recovery, by time frame (e.g., 1 pc per day, 3 people per hour, etc.) 14. Develop and document recovery strategy, including: Priorities for recovering system/function components Recovery schedule Step Five – Review Onsite and Offsite Backup and Recovery Procedures 1. Review current records (OS, Code, System Instructions, documented processes, etc.) requiring protection 2. Review current offsite storage facility or arrange for one 3. Review backup and offsite storage policy or create one 4. Present to unit leader for approval Step Six – Select Alternate Facility ALTERNATE SITE: A location, other than the normal facility, used to process data and/or conduct critical business functions in the event of a disaster. 1. Determine resource requirements 2. Assess platform uniqueness of unit systems 3. Identify alternative facilities 4. Review cost/benefit 5. Evaluate and make recommendation 6. Present to unit leader for approval 7. Make selection Step Seven – Develop Recovery Plan The steps for developing the Recovery Plan are listed below in outline form to demonstrate how a unit may choose to organize their Disaster Recovery Plan. 1. Objective Establish unit information 2. Plan Assumptions 3. Criteria for invoking the plan Document emergency response procedures to occur during and a fter an emergency (i.e. ensure evacuation of all individuals, call the fire department, after the emergency check the building before allowing individuals to return) Document procedures for assessment and declaring a state of emergency Document notification procedures for alerting unit and university officials Document notification procedures for alerting vendors Document notification procedures for alerting unit staff and notifying of alternate work procedures or locations. 1 Roles Responsibilities and Authority Identify unit personnel Recovery team description and charge Recovery team staffing Transportation schedules for media and teams 1 Procedures for operating in contingency mode Process descriptions Minimum processing requirements Determine categories for vital records Identify location of vital records Identify forms requirements Document critical forms Establish equipment descriptions Document equipment – in the recovery site Document equipment – in the unit Software descriptions Software used in recovery Software used in production Produce logical drawings of communication and data networks in the unit Produce logical drawings of communication and data networks during recovery Vendor list Review vendor restrictions Miscellaneous inventory Communication needs – production Communication needs – in the recovery site 1 Resource plan for operating in contingency mode 2 Criteria for returning to normal operating mode 3 Procedures for returning to normal operating mode 4 Procedures for recovering lost or damaged data 5 Testing and Training Document Testing Dates Complete disaster/disruption scenarios Develop action plans for each scenario Plan Maintenance Document Maintenance Review Schedule (yearly, quarterly, etc.) Maintenance Review action plans Maintenance Review recovery teams Maintenance Review team activities Maintenance Review/revise tasks Maintenance Review/revise documentation Step Eight – Test the Plan 1. Develop test strategy 2. Develop test plans 3. Conduct tests 4. Modify the plan as necessary Step Nine – Maintain the Plan 1. Review changes in the environment, technology, and procedures 2. Develop maintenance triggers and procedures 3. Submit changes for systems development procedures 4. Modify unit change management procedures 5. Produce plan updates and distribute Step Ten – Perform Periodic Audit 1. Establish periodic review and update procedures