Primer for DRP in an IT Environment

A PRIMER FOR DISASTER RECOVERY PLANNING IN AN IT ENVIRONMENT
by Charlotte J. Hiatt

FROM THE INTRODUCTION:
“Since its birth in the late 1970s, the business recovery industry has continued to
broaden, moving from original batch application processing on mainframes, to include
recovery for telecommunications connectivity, distributed processing on mid-range systems,
and most recently, network and work area recovery.

“Whenever accidents, disasters and natural events interrupt business activities, one
thing is certain: businesses lose money. How much money often depends on how prepared
companies are for dealing with business interruptions. A current, well-planned and
well-rehearsed disaster recovery plan often spells the difference between smoothly and
quickly returning to business as usual or reeling from the devastating repercussions for
months or even years.

“Any event that interrupts business due to the loss or denial of information required
for normal operations qualifies as a disaster. A disaster recovery plan (DRP) is a blueprint for
recovering from these events. It does not seek to duplicate a business. Rather, its intent is to
increase the chances of survival and to decrease the effects of the loss.

“Disaster recovery planning is not a trivial process. In addition to the extensive set of
tasks that should be performed, it is filled with potential pitfalls that even the best-meaning,
intelligent people in the organization can overlook. Regardless of whether the plan is
developed using internal expertise, external professionals can help. DRP is an essential
process for companies. Simply put, it just might be a matter of corporate survival.

“Besides the standard reasons, legal requirements, customer opinions, competitive
edge, responsibility to stockholders and employees, and other frequently touted justifications,
why bother with DRP? Disaster recovery and contingency planning are not just for big
business. They are not just for data centers or networks. Every business including personal
business can benefit from the reasons not often considered.

“The basic elements preceding and supporting recovery preparedness make good
and economic business sense. Usually with less start-up effort than anticipated, disaster
recovery planning can improve the business, reduce recurring problems and, through reduced
downtimes and better managed processes, should pay for itself.

TABLE OF CONTENTS

INTRODUCTION

DEFINITION OF A DISASTER

IDENTIFY DISASTER AS A POSSIBILITY

NEED FOR A DISASTER RECOVERY PLAN

SECURE TOP MANAGEMENT SUPPORT AND RESOURCES
Build Reliable Support
Secure and Prepare Resources

ORGANIZE PLAN DEVELOPMENT TEAM

APPOINT DISASTER RECOVERY COORDINATOR

CONDUCT RISK AND BUSINESS IMPACT ANALYSES
Identify and Prioritize Assets and Functions
Identify Threats to Assets and Functions
Prioritize Disaster Recovery Planning Efforts

IDENTIFY DATA STORAGE AND RECOVERY SITES
Data Backup
Off-Site Storage
Identify the Information Asset
Select an Off-site Storage Vendor

FORMULATE STRATEGIES FOR SYSTEM RECOVERY
Recovery Site Alternatives
Alternate Site Selection Criteria
Common Concerns
Assess Business Recovery Needs
Avoid Common Misconceptions
Select a Hot-site Facility
Contract with a Vendor

EVALUATE ALTERNATIVES FOR DISASTER RECOVERY PLAN DEVELOPMENT
Consultants
In-House Development
PC-based Software

DEFINE ASSUMPTIONS AND LIMITATIONS OF THE PLAN

WRITE THE PLAN
Organization of the Plan
Body of the Plan

DEVELOP PRIMARY PROCEDURES FOR EMERGENCY RESPONSE

WRITE EMERGENCY MANAGEMENT PLAN

DESIGNATE DISASTER RECOVERY TEAMS
Team Descriptions
Team Tasks
Team Member Characteristics

DEVELOP A NOTIFICATION DIRECTORY

ESTABLISH EMERGENCY OPERATIONS CENTER (EOC)
EOC Communications
EOC Staffing
Facilities Layout
Costs

TRAIN EMPLOYEES

TEST THE PLAN
Types of Tests
Plan the Test

MAINTAIN THE PLAN

Change Management

INVOKE THE PLAN
Communication

MANAGE THE MEDIA
Spokesperson Training

OTHER RESOURCES FOR DISASTER RECOVERY INFORMATION
Research the Literature
Interviews and Tours
Professional Organizations
Disaster Recovery Certification
Disaster Recovery Related Websites
Other Disaster Recovery Related Services

BIBLIOGRAPHY
.
GLOSSARY
.
APPENDIX A: BUSINESS RESUMPTION PLANNING PROCESS FLOW

APPENDIX B: DISASTER RECOVERY COORDINATOR RESPONSIBILITIES

APPENDIX C: DISASTER RECOVERY PLAN DEVELOPMENT DATA FLOW DIAGRAMS

APPENDIX D: APPLICATION RECOVERY CLASSIFICATION MANUAL

APPENDIX E: RISK ANALYSIS USER'S QUESTIONNAIRE

APPENDIX F: DATA CENTER DOWNTIME QUIZ

APPENDIX G: RISK ANALYSIS SCENARIO

APPENDIX H: VITAL RECORD BACKUPS: REQUIREMENTS AND RECOMMENDED
PROCEDURES

APPENDIX I: DATA BACKUP STRATEGY SAMPLE

APPENDIX J: DISASTER RECOVERY RELATED STANDARDS SETTING
ORGANIZATIONS

APPENDIX K: ALTERNATIVE SITES SURVEY

APPENDIX L: INTERNET SITE SURVEY

APPENDIX M: IN-HOUSE HOT-SITE COST ESTIMATES

APPENDIX N: CONSULTANT SURVEY

APPENDIX O: DISASTER RECOVERY PLANNING GROUP CONTACTS

APPENDIX P: BUYER'S GUIDE TABLE OF CONTENTS

APPENDIX Q: SOFTWARE SURVEYS

APPENDIX R: DAMAGE ASSESSMENT MATRIX

APPENDIX S: DISASTER RECOVERY PLANS TABLES OF CONTENTS

APPENDIX T: DETAILED EMERGENCY PROCEDURES

APPENDIX U: EMERGENCY MANAGEMENT ACTIVITIES

APPENDIX V: DISASTER RECOVERY FLOWCHARTS

APPENDIX W: DISASTER RECOVERY TEAM HIERARCHY

APPENDIX X: TEAM OBJECTIVES AND PROCEDURES

APPENDIX Y: COMMUNICATION BACKUP FAILURES

APPENDIX Z: EMERGENCY OPERATIONS CENTER MATERIALS

APPENDIX AA: INITIAL RECOVERY SEQUENCE

APPENDIX BB: EMERGENCY AWARENESS PROGRAM

APPENDIX CC: TEST OBJECTIVES AND PROTOCOLS

APPENDIX DD: TEST MATERIALS PACKET

APPENDIX EE: CASE STUDY

APPENDIX FF: CASE STUDY

APPENDIX GG: CASE STUDY

APPENDIX HH: PROBLEMS WITH THE SURPRISE DISASTER RECOVERY DRILL IN
APPENDIX GG

APPENDIX II: CASE STUDY

APPENDIX JJ: CASE STUDY

APPENDIX KK: 1997 DISASTER RECOVERY SERVICES SURVEY

AUTHOR BIOGRAPHY

ACKNOWLEDGMENTS

== == == == == == == ==

ABOUT THE AUTHOR

“Dr. Charlotte J. Hiatt has been a professor at California State University, Fresno
since 1984. She has been consistently recognized for her outstanding teaching. While
pursuing post-doctoral work at the University of Minnesota during the summer of 1985, she
developed an interest in disaster recovery planning for information systems. Since then she
has been conducting research, making presentations, and publishing papers in this area. The
intent of this manuscript is to provide a foundation for anyone interested in understanding the
basic principles, terminology, and strategies of disaster recovery planning. The material
presented includes a comprehensive accumulation of sample documents and the synthesis
of broadly dispersed disaster recovery related information.”


2000, 276 pages. Order #DR458.

4 Arapaho Rd.

Brookfield, CT 06804-3104 USA

1-888-ROTHSTEin; (888.768.4783)

Telephone: 203.740.7444; 888.768.4783

Fax: 203.740.7401

"Keep Me Posted" Business Survival Newsletter