1 / 44

Developing Plans and Procedures

Developing Plans and Procedures. Chapter 5. You Will Learn How To…. Determine what disaster recovery procedures need to be developed Develop and write disaster recovery procedures Review and approve disaster recovery procedures Develop basic disaster recovery plans for a facility

ita
Download Presentation

Developing Plans and Procedures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing Plans and Procedures Chapter 5

  2. You Will Learn How To… • Determine what disaster recovery procedures need to be developed • Develop and write disaster recovery procedures • Review and approve disaster recovery procedures • Develop basic disaster recovery plans for a facility • Publish the disaster recovery plan

  3. What Disaster Recovery Procedures Are Needed • Recovery procedures fall into one of six categories • Direction, control, and administration • Internal and external communications • Safety and health • Containment and property protection • Resuming and recovering operations • Restoring facilities and normalizing operations • Classifications of disaster • Catastrophic, Major, and Minor

  4. Types of disaster recovery procedures

  5. Classifications of a Disaster

  6. Developing and Writing Disaster Recovery Procedures • Planning team should monitor committee work for thoroughness and consistency • Subcommittees of the disaster recovery team may form to work with departments to develop procedures • All affected parties must draft and approve procedures, including those employees that implement the procedures • Procedures should be maintained on paper, intranets may make the more accessible

  7. Generic Procedure Worksheet

  8. Reviewing and Approving Disaster Recovery Procedures • Entire planning team reviews drafts • Subcommittee of planning team or group of middle managers not involved in procedure development can act as independent reviewer • Reviewers should ensure that the procedure has the following attributes • Clearly documented • Easy to Read and understand • Consistent with other procedures • Does not contradict other procedures

  9. Reviewing and Approving Disaster Recovery Procedures • Review committee submits changes to drafting committee • Drafting committee resubmits the changed procedure to the review committee • The review and revision process continues until the disaster recovery team and review committee are satisfied • Acceptance is a formal process involving the entire disaster recovery planning team, allowing all members of the planning team to comment

  10. Developing Basic Disaster Recovery Plans for Every Facility • Basic rules for a disaster recovery plan • Everything must be clearly documented • The plan must be understandable by all employees • Multiple copies of the plan must be available from multiple locations to ensure the plan is accessible • All response teams need copies of the plan • Team members should be listed on a separate page in the plan, including their names, department, and contact information

  11. Basic Disaster Recovery Plan Outline • Front matter: • Title Page, Table of Contents, Introduction • Primary Disaster Recovery Staff • Disaster Classification • Disaster Recovery Procedures • Appendices: • Contact Lists, Building Plans • Risks assessment reports • Organizational agreements, Requirements

  12. Outline for a Basic Disaster Recovery Plan

  13. Basic Disaster Recovery Plan Front Matter • Title Page • Name and location of facility or business process • Legal confidentiality statements • Contact information for Disaster Recovery Staff • Table of Contents • Introduction • Overview of the plan • Summarize specific laws, policies and regulations • Detailed exhibits may be referenced in an appendix

  14. Basic Disaster Recovery Plan Front Matter • Primary Disaster Recovery Staff • Names, Titles, Addresses • Phone numbers and e-mail addresses • Disaster Classification • Clearly define how to classify catastrophic, major, and minor disasters • A catastrophic loss may be downgraded if other facilities can be used for the same purpose, and no employees are dead or missing • Planning team classifies events to provide response teams with enough information to classify and respond to an event

  15. Direction, Control, and Administration Procedures • These procedures enable managers to direct the organization from response to recovery • Organizing the response team • Establishing an emergency operations center • Establishing first alert notifications • Confirming a disaster • Declaring the disaster • Keeping an activity log

  16. Composition of Disaster Response Team

  17. Emergency Operations Center • Especially necessary for catastrophic disasters • Response team leaders direct response from this location • Response team may work and rest at this location • Location may be one of the organizations facilities in a community • Local hotel with conference facilities may also be used

  18. Emergency Operations Information Sheet

  19. First Alert Procedures • Methodical and structured process for notifying • Managers • Employees • Emergency Services Organizations • Who is responsible for initiating first alerts • Who can authorize a first alert • Names of those to contact first after a disaster • An authorized manager must initiate the alert, but the manager’s staff may make contacts

  20. First Alert Information Sheet

  21. Disaster Confirmation Procedure • Verifies that a disaster has occurred • Validates the impact of the disaster • Determines the initial damage and scope of the disaster • Once confirmed, disaster declaration is made • Disaster is initially classified as catastrophic, major, or minor

  22. Disaster Confirmation and Declaration Report

  23. Disaster Recovery Activity Log • Describe the activity, date and time, contact information for the activity • Recovery plan should provide a sample log to be used to record recovery activities • Detailed instructions on how the log should be maintained • Risk assessments help the team understand which operations are affected by an activity • Individual teams may keep logs to integrate into the master activity log

  24. Disaster Response Activity Log

  25. Safety and Health Procedures • Two teams should be organized • Evacuation and Rescue Team • Security Team • Both teams need access to building plans • Teams develop procedures for facility evacuation, reentry, movement of employees, and crisis counseling • One team member keeps the log, entire team may be debriefed after initial response to complete log • Evacuation and rescue team employees should be trained to supervise evacuation procedures and initiating rescue efforts

  26. Evacuation and Rescue Team

  27. Security Team • Ensure facilities and valuable properties are protected during evacuation, after evacuation, and during recovery

  28. Procedures for Internal and External Communication • Establish a communication team • The communication team establishes contact with all parties and provides consistent explanations of the recovery • Timelines for expected recovery activities are distributed after being approved by the director of the disaster response team

  29. Communications Team • Activity log is maintained listing organizations and individuals contacted, and when they were contacted • Contact lists are maintained in an appendix of the recovery plan • Agreements and external relationships that can assist in recovery documented in an appendix • Team members can manage internal and external communications and facilitate disaster response • Team is responsible for contacting law enforcement, government agencies, and media

  30. Communication Team

  31. Procedures for Containment and Property Protection • Establishes an insurance and damage assessment team • Consists of trained employees that can • Prepare initial, detailed damage assessments • File reports with insurance companies • Work with demolition crews or construction contractors for cleanup and repairs

  32. Insurance and Damage Assessment Team

  33. Procedures for Resuming and Recovering Operations • Procedures that may be necessary to resume operations • Determining the duration of the shutdown • Activating back-up systems • Activating alternate systems • Activating hot or cold sites • Moving records • Moving equipment • Moving supplies • Recovering critical systems and functions • Recovering essential systems and functions • Recovering necessary systems and functions • Recovering desirable systems and functions • Business continuation team develops and executes these procedures during recovery

  34. Business Continuation Team • Consists of trained employees with the skills to manage operations and restore critical business systems and functions • Team responsibilities • Moving employees into temporary quarters • Providing telecommunications, computer networks, and computing support • Managing shipping and receiving

  35. Business Continuation Team

  36. Procedures for Restoring Facilities and Normalizing Operations • The organization’s restoration team is responsible for executing these procedures • The team consists of employees who can manage the restoration or rebuilding of facilities • Team responsibilities • Obtaining restoration estimates • Managing temporary repairs • Preparing facilities for reoccupation

  37. Restoration Team

  38. Publishing the Disaster Recovery Plan • The disaster recovery planning team appoints a plan publishing team leader • Team leader should have a background in technical writing, publishing, or procedure documentation • Works with all parties to make sure all materials are accurate and approved • Team leader establishes the document flow from the planning team to the publishing team • Planning team determines how the plan is published, a copy of the plan must always be accessible • All departments receive a copy of the plan • Training materials are developed from the plan to train employees • The plan is confidential material and the planning team should keep a log of who has copies of the plan

  39. Disaster Recovery Plan Distribution Log

  40. Disaster Recovery Confidentiality • All employees receiving a copy of the plan should sign a confidentiality and nondisclosure agreements • A blanket nondisclosure agreement signed initially by employees may cover receiving a copy of the recovery plan

  41. Confidentiality Agreement for Disaster Recovery Plan

  42. Assessing Progress and Moving Forward • Organizations must develop detailed recovery procedures • Disaster recovery procedures must be documented to smoothly recover operations • Chapter 6 discusses the importance of organizational relationships in disaster recovery • Chapter 7 explains how to develop procedures for responding to computer attacks • Chapter 8 covers documenting recovery procedures for special circumstances

  43. Chapter Summary • The disaster recovery planning team needs to evaluate all facilities and business operations to determine what kinds of procedures it must help develop • As planning team members oversee the development of recovery procedures, they should continually monitor the drafts for thoroughness and consistency of formatting • Subcommittees of the disaster recovery team must work with the necessary departments to develop procedures • The procedures must be drafted and approved by all affected parties, as well as by employees who must implement the procedures

  44. Chapter Summary • The entire disaster recovery team should review drafts of all recovery procedures • Planning team members not developing procedures or a group of middle managers not involved should review the procedures • Every facility should have at least a basic disaster recovery plan in place • A team leader should be appointed to oversee publication of the disaster recovery plan

More Related