270 likes | 771 Views
Disaster Recovery Planning (DRP). DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation of strategies for reducing the likelihood of interruption or its consequences. Component steps of DRP: Define the process
E N D
Disaster Recovery Planning (DRP) • DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation of strategies for reducing the likelihood of interruption or its consequences. • Component steps of DRP: • Define the process • Identify what supports the process and its tolerance to interruptions • Determine and implement strategies that would reduce the likelihood and cosequences of interruptions.
Disaster Recovery Planning (DRP) • Assessing potential losses: Disaster Impact Analysis • What disasters the firm is likely to face? • What is the probability of each type of disaster? • What is the impact of the disaster on the firm?
Disaster Recovery Planning (DRP) • Value-based recovery planning • Definition of criticality and criteria to determine criticality • Identification of critical business processes and their supports • Identification of the role of information systems resources in the critical process • Determination of process owners and process customers • Determination of the amount of time the business can survive without the process post-disaster • Identify interdependencies between the process and the rest of the business processes and systems • To find critical processes, consider attributes such as importance, key users, tolerance to outage, waiting time between cycles, possibility of data recovery.
Disaster Recovery Planning (DRP) • Disaster recovery strategies • How do we recover a system given its priority? • Address the question by system components. • Data (e.g., designate off-site storage) • Processing (e.g., backup and store offsite current copies of the software) • Network and communication (e.g., backup and store offsite a copy the current network configuration) • Dependencies with other systems (e.g., identify how these processes will be interfaced post-disaster)
DRP: Recovery Locations • Recovery location: A site(s) where processes and systems will be recovered post-disaster. • Hot sites: Near-perfect replicas of the operations. • Cold sites: Just the infrastructure (computer operations room, platform for installing hardware, power and communication lines, cabling, etc.). • Warm sites: More than just a cold site, but not quite as ready as a hot site. For example, it may include commonly used computers and operating system. • Reciprocal agreements: Sharing of similar resources by those in the same or similar computing enviornments. • Colocations: Recovery is planned using availability of computing resources at the firm’s many locations.
DRP: Teams • Purpose of forming teams is to ensure that recovery tasks are accomplished in an orderly and responsible manner. • The number and nature of teams could vary across organizations. • However, each team should include knowledge and skills necessary to perform its assigned tasks. • Recovery teams can be organized by recovery phases. • Flexibility in assignments is necessary, for an actual disaster may need adjustments to the team. Non-availability of some team members when disaster strikes is also likely.
DRP: Disaster Readiness • Meaning of readiness: Having the assurance that if and when a disaster strikes, the firm has a high likelihood of recovering from the disaster. Testing of the plan is crucial to get this assurance. Disaster readiness practices include: • Walkthroughs: Having a plan preparer walk though others to show how the plan leads from point A to point B. • Rehearsals: An “as-if” exercise to simulate a disaster’s impact and have people responsible recreate recovery of “lost” processes and systems. • Compliance (Live) testing: Actual test of recovery with a simulated disaster.
Business Continuity Planning (BCP) • BCP: The totality of plans made to recover the business operations following a disaster. • Recovery of all operations is involved, not just information assets. • Methods and strategies adopted for BCP are comparable to, and often overlap with, those used in DRP.
Business Continuity Planning (BCP) • Business impact analysis is an exercise in risk assessment. • Identify vulnerabilities of the firm. • Assess the business impact • Focus on a particular disaster and determine processes that might be affected, and/or • Analyze all business processes to assess probable business impact in the event that a disaster strikes. • Initiate a planning process to develop methods and strategies to mitigate risk. • Business recovery • Approaches and methods for business recovery are similar to those discussed in disaster recovery planning.
Assurance Considerations • Any assurance that BCP/DRP will be effective requires an examination of such plans from three angles: • Method: Review the method followed in the development of the plan. A sound planning process make possible a plan that is complete and reliable. • Content: Should have been collected from “right” participants, and the instruments and methods used to collect data must be valid. The plan should be current. • Testing: Critical components of the plan should be tested, results should be documented, and corrective action, where necessary, should follow.