Step 6. Consider insurance optionsQuestions to ask: Show
Cover your assets(external link) — Resilient Organisations Step 7. Identify who can run the business in your absenceQuestions to ask:
Step 8. Keep contact details handyQuestions to ask:
Step 9. Back up important dataQuestions to ask:
Storing and backing up data Step 10. Put it into practiceMuch like emergency plans, a business continuity plan shouldn’t sit on the shelf. It needs to be tried and tested with relevant staff at least once a year. This doesn’t need to be expensive or time-consuming. Run 20-minute stress test exercises where you give staff a scenario to plan for. Rather than fixating on the cause of the disruption, eg a natural disaster or power cut, focus on how to manage the consequences:
No two crises are the same. But together, you may find similar solutions to different situations. Your plan will change as your business evolves, so make sure you debrief after each test and update the plan if necessary. Staff need to know what to do even if you’re not available. Make sure your plan is easily accessible. For a downloadable guide and template that walks you through important steps of BCP, see Wellington Emergency Management Office’s website Get Prepared. Prepare your business(external link) — Get Prepared Resilient Organisations has resources to help small businesses thrive in any environment. Guides for businesses(external link) — Resilient Organisations Earthquake preparedness checklist [PDF, 356 KB] — Resilient Organisations What is a disaster recovery plan (DRP)?A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume work after an unplanned incident. A DRP is an essential part of a business continuity plan (BCP). It is applied to the aspects of an organization that depend on a functioning information technology (IT) infrastructure. A DRP aims to help an organization resolve data loss and recover system functionality so that it can perform in the aftermath of an incident, even if it operates at a minimal level. The plan consists of steps to minimize the effects of a disaster so the organization can continue to operate or quickly resume mission-critical functions. Typically, a DRP involves an analysis of business processes and continuity needs. Before generating a detailed plan, an organization often performs a business impact analysis (BIA) and risk analysis (RA), and it establishes recovery objectives. As cybercrime and security breaches become more sophisticated, it is important for an organization to define its data recovery and protection strategies. The ability to quickly handle incidents can reduce downtime and minimize financial and reputational damages. DRPs also help organizations meet compliance requirements, while providing a clear roadmap to recovery. Some types of disasters that organizations can plan for include the following:
Recovery plan considerationsWhen disaster strikes, the recovery strategy should start at the business level to determine which applications are most important to running the organization. The recovery time objective (RTO) describes the amount of time critical applications can be down, typically measured in hours, minutes or seconds. The recovery point objective (RPO) describes the age of files that must be recovered from data backup storage for normal operations to resume. Recovery strategies define an organization's plans for responding to an incident, while disaster recovery plans describe how the organization should respond. Recovery plans are derived from recovery strategies. Know the seven important elements to include in a disaster recovery plan.In determining a recovery strategy, organizations should consider such issues as the following:
Management approval of recovery strategies is important. All strategies should align with the organization's goals. Once DR strategies have been developed and approved, they can be translated into disaster recovery plans. Types of disaster recovery plansDRPs can be tailored for a given environment. Some specific types of plans include the following:
Scope and objectives of DR planningThe main objective of a DRP is to minimize negative effects of an incident on business operations. A disaster recovery plan can range in scope from basic to comprehensive. Some DRPs can be as much as 100 pages long. DR budgets vary greatly and fluctuate over time. Organizations can take advantage of free resources, such as online DRP templates, like the SearchDisasterRecovery template below. Several organizations, such as the Business Continuity Institute and Disaster Recovery Institute International, also provide free information and online content how-to articles. An IT disaster recovery plan checklist typically includes the following:
The location of a disaster recovery site should be carefully considered in a DRP. Distance is an important, but often overlooked, element of the DRP process. An off-site location that is close to the primary data center may seem ideal -- in terms of cost, convenience, bandwidth and testing. However, outages differ greatly in scope. A severe regional event can destroy the primary data center and its DR site if the two are located too close together. Disaster recovery planning works with business continuity planning to make up the entire BCDR process.How to build a disaster recovery planThe disaster recovery plan process involves more than simply writing the document. Before writing the DRP, a risk analysis and business impact analysis can help determine where to focus resources in the disaster recovery process. The BIA identifies the impacts of disruptive events and is the starting point for identifying risk within the context of DR. It also generates the RTO and RPO. The RA identifies threats and vulnerabilities that could disrupt the operation of systems and processes highlighted in the BIA. The RA assesses the likelihood of a disruptive event and outlines its potential severity. A DRP checklist should include the following steps:
Disaster recovery plans are living documents. Involving employees -- from management to entry-level -- increases the value of the plan. Another component of the DRP is the communication plan. This strategy should detail how both internal and external crisis communication will be handled. Internal communication includes alerts that can be sent using email, overhead building paging systems, voice messages and text messages to mobile devices. Examples of internal communication include instructions to evacuate the building and meet at designated places, updates on the progress of the situation and notices when it's safe to return to the building. External communications are even more essential to the BCP and include instructions on how to notify family members in the case of injury or death; how to inform and update key clients and stakeholders on the status of the disaster; and how to discuss disasters with the media. Disaster recovery plan templateAn organization can begin its DRP with a summary of vital action steps and a list of important contact information. That makes the most essential information quickly and easily accessible. The plan should define the roles and responsibilities of disaster recovery team members and outline the criteria to launch the plan into action. The plan should specify, in detail, the incident response and recovery activities. Other important elements of a disaster recovery plan template include the following:
Testing your disaster recovery planDRPs are substantiated through testing to identify deficiencies and provide opportunities to fix problems before a disaster occurs. Testing can offer proof that the emergency response plan is effective and hits RPOs and RTOs. Since IT systems and technologies are constantly changing, DR testing also helps ensure a disaster recovery plan is up to date. Reasons given for not testing DRPs include budget restrictions, resource constraints and a lack of management approval. DR testing takes time, resources and planning. It can also be risky if the test involves using live data. DR testing varies in complexity. In a plan review, a detailed discussion of the DRP looks for missing elements and inconsistencies. In a tabletop test, participants walk through plan activities step by step to demonstrate whether DR team members know their duties in an emergency. A simulation test uses resources such as recovery sites and backup systems in what is essentially a full-scale test without an actual failover. Incident management plan vs. disaster recovery planAn incident management plan (IMP) -- or incident response plan -- should also be incorporated into the DRP; together, the two create a comprehensive data protection strategy. The goal of both plans is to minimize the impact of an unexpected incident, recover from it and return the organization to its normal production levels as fast as possible. However, IMPs and DRPs are not the same. The major difference between an incident management plan and a disaster recovery plan is their primary objectives. An IMP focuses on protecting sensitive data during an event and defines the scope of actions to be taken during the incident, including the specific roles and responsibilities of the incident response team. In contrast, a DRP focuses on defining the recovery objectives and the steps that must be taken to bring the organization back to an operational state after an incident occurs. Learn what it takes to develop a disaster recovery plan that considers the cloud and cloud services. What is an alert roster What is an alert message describe the two ways they can be used?Answer: An alert roster is a list of individuals within the company who must be notified in the event of an incident. An alert message is a scripted notification that provides just enough information for responders to know the status of the incident and what portion of the incident response plan they need to implement.
What are some of the key points that the CP team must build into the DR plan?The key points the CP team must build into the DR plan include: the clear delegation of roles and responsibilities; the execution of the alert roster and notification of key personnel; the use of employee check-in systems; the clear establishment and communication of business resumption priorities; the complete and ...
What are the primary goals of the DR plan quizlet?The primary goals of the DR plan are to : 1. Eliminate or reduce the potential for injuries, loss of human life, damage to facilities, and loss of assets and records.
What is the movement of employees among positions at the same organizational level rather than through progression and promotion?Job rotation is the practice of moving employees between jobs in an organization. These rotations are predominantly lateral, meaning that they happen between jobs on the same level and are not considered promotions. They are also often temporary with people moving back to their original job after a certain time.
|