Post on 24-Dec-2015
Creating an IT
Disaster Recovery Plan
Disaster Recovery vs Business Continuity
Events
Plan Development Determining which services (thus servers) DR Plan design parameters Select a Strategy Test
Questions/discussion
A web-based aid for planning
THEY ARE NOT EQUIVALENT!
Disaster Recovery Plan
Vs
Business Continuity Plan
IT Disaster Recovery Plan is just a part of a Business Continuity Plan
Credit:
www.theiia.org/technology
Events Causing Disruptions
• Natural– Hurricane– Flood– Tornadoes– Earthquakes– Fire
• Man-made– Power outage– Cooling outage– Network outage– Chemical spills– Civil unrest– Disgruntled person– Water main break– Computer viruses– Fire
Funnel Cloud in downtown Baton RougeSeptember 18, 2009
There is no magic bullet!
But there are some guiding parameters to help you develop an adequate plan.
1. Identify which servers2. Determine values for two critical design
parameters: RTO and RPO3. Decide on a strategy4. TEST IT
1. Determine which servers
Identify department’s business functions, lines of service
External and Internal
Determine which ones are “critical”
1. Determine which servers (cont)
What application programs managed by your department support those critical lines of business
Which server(s) support those application programs
1. Determine which servers (cont)
Now you have identified which servers must have a DR Plan.
Servers and applications not supporting any critical business functions don’t need a DR Plan.
Note: Office space, classroom space, buildings, etc, that are used for critical business functions are covered by the Business Continuity Plan, not the IT Disaster Recovery Plan.
2. Disaster Recovery Design Parameters
• Dependent on the requirements of the business function(s)
• Two categories:• How quickly the service must be restored (RTO)• How current the restored data must be (RPO)
Examples:If Payroll function must be up within 2 days, DR Plan must be less than or equal to that. (RTO)
Student course enrollment data must be data from current semester. (RPO)
2. Disaster Recovery Design Parameters
RTORecovery Time Objective
How quickly must the service be restored?
(How long can the business function be without the service?)
2. Disaster Recovery Design Parameters
RPO Recovery Point Objective
How old can the backups be used to restore the system?
(How many updates can be lost/discarded/recreated– those entered since the backups were taken?)
2. Disaster Recovery Design Parameters
3. Decide on a strategy
Frequency of backupsLocation of backupsContract for hot site
Contract for quick shipMirrored site
Mutual assistance agreement(Hope Santa brings a server)
Plans can address multiple threats• An “all hazards” plan
Store your backups outside of the “blast” zone, and your plan, too!
Write your plan as a recipe for someone else (hired gun) to execute
4. TEST IT
You must test your plan• Document your test results• Improve upon your plan• Repeat!
Remember, users are waiting!
The Institute of Internal Auditorshttp://www.theiia.org/guidance/technology/Click on “Global Technology Audit Guide”, then “Business Continuity Management”
FEMAhttp://www.fema.gov/business/bc.shtm
Disaster Recovery Journalhttp://drj.com http://www.drj.com/index.php?option=com_content&task=view&id=761&Itemid=454 http://www.drj.com/index.php?option=com_content&task=view&id=753&Itemid=449
North Carolina State Universityhttp://www.ncsu.edu/ehs/BCP/index.php http://www.ncsu.edu/ehs/BCP/planning_templates/ingredients_plan.php
Continuity Centralhttp://www.continuitycentral.com/bcpd.htm
LSUhttp://lsucpt.lsu.edu