Tuesday 21 June 2011

Disaster recovery plan

Disaster is an event that makes the continuation of normal functions impossible as for example, earthquake, fire and others and all that could be the result of significant damage to a portion of the operations, a total loss of a facility, or the inability of the employees to access that facility. Disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention. (Tech Target, 2009-2011)
In order to reduce and minimize the effects of a disaster such as a fire, earthquake, tornado, flood, hurricane, etc., firms should do some advance planning to identify potential problems caused by disasters and determine how to most effectively deal with them. (Inside Practice, n.d.)
To limit problems due to an unexpected disaster underscores the need for firms to prepare for the unexpected by having Disaster Recovery Plan in effect. The organization should think about what it should do if the office was damaged or destroyed because of some disaster, is the organization prepared for that so it is better to think about the problems now in advance and not have to do it         under the stress created when a disaster actually strikes. Thus, many firms have developed a disaster plan that provides a detailed script of the actions to be taken by the firm and its personnel in the event of a disaster in order to provide for the health and safety of firm employees and visitors and to quickly restore firm operations where all or part of a firm’s office becomes inaccessible or inoperative. The plan should also establish priorities for the utilization and recovery of internal resources, protect property and assets and protect client interests while insuring continuity of service to the firm’s clients. Copies of the plan must be made available within the firm’s office for staff and lawyer review. New hires must be educated regarding the plan as part of their initial firm orientation. Training must be undertaken. (Inside Practice, n.d.)
To be an effective risk prevention tool, the plan has to be regularly updated to accommodate changes in the firm. For example, the plan normally contains a list of staff and lawyer addresses and phone numbers. Staffs members may move or change phone numbers. People leave or there may be new hires. Vendors may be added or dropped. There may be newly added equipment or technology to be covered. (Inside Practice, n.d.)
Implementation
According to (Wold G.H., 1997), there is planning process as described below: 
1. Obtain Top Management Commitment 
Top management must support and be involved in the development of the disaster recovery planning process
2. Establish a planning committee
Planning committee should be appointed to oversee the development and implementation of the plan. The planning committee should include representatives from all functional areas of the organization. Key committee members should include the operations manager and the data processing manager. The committee also should define the scope of the plan
      3. Perform a risk assessment
The planning committee should prepare a risk analysis and business impact analysis that includes a range of possible disasters, including natural, technical and human threats.
Each functional area of the organization should be analyzed to determine the potential consequence and impact associated with several disaster scenarios.
4. Establish priorities for processing and operations
The critical needs of each department within the organization should be carefully evaluated in such areas as:
·         Functional operations
·         Key personnel
·         Information
·         Processing Systems
·         Service
·         Documentation
·         Vital records
·         Policies and procedures
5. Determine Recovery Strategies
The most practical alternatives for processing in case of a disaster should be researched and evaluated. It is important to consider all aspects of the organization such as:
·         Facilities
·         Hardware
·         Software
·         Communications
·         Data files
·         Customer services
·         MIS
·         End-user systems
Alternatives, dependent upon the evaluation of the computer function, may include:
·         Hot sites
·         Warm sites
·         Cold sites
·         Reciprocal agreements
·         Two data centers
·         Multiple computers
·         Perform Data Collection
Recommended data gathering materials and documentation includes:
Backup position listing
·                            Critical telephone numbers
·                            Communications Inventory
·                            Distribution register
·                            Equipment inventory
·                           Insurance Policy inventory
·                           Office supply inventory
·                          Other materials and documentation
Written agreements for the specific recovery alternatives selected should be prepared, including the following special considerations:
·         Contract duration
·         Termination condition
·         Testing
·         Costs
·         Other contractual issues
     6. Perform Data Collection
Recommended data gathering materials and documentation includes:
·                Backup position listing
·                Critical telephone numbers
·               Communications Inventory
·               Distribution register
·               Documentation inventory
·              Other materials and documentation
     7. Organize and document a written plan
An outline of the plan’s contents should be prepared to guide the development of the detailed procedures. Top management should review and approve the proposed plan. The outline can ultimately be used for the table of contents after final revision. Other benefits of this approach are that it:
·         Helps to organize the detailed procedures
·         Identifies all major steps before the writing begins
·         Identifies redundant procedures that only need to be written once.
·         Provides a road map for developing the procedures
A standard format should be developed to facilitate the writing of detailed procedures and the documentation of other information to be included in the plan.
The plan should be thoroughly developed, including all detailed procedures to be used before, during and after a disaster. It may not be practical to develop detailed procedures until backup alternatives have been defined.
8. Develop testing criteria and procedures
It is essential that the plan be thoroughly tested and evaluated on a regular basis (at least annually). Procedures to test the plan should be documented. The tests will provide the organization with the assurance that all necessary steps are included in the plan. Other reasons for testing include:
·         Determining the feasibility and compatibility of backup facilities and procedures
·         Identifying areas in the plan that need modification
·         Providing training to the team managers and team members
·         Demonstrating the ability of the organization to recover
·         Providing motivation for maintaining and updating the disaster recovery plan
9. Test the Plan
After testing procedures have been completed, an initial test of the plan should be performed by conducting a structured walk-through test. The test will provide additional information regarding any further steps that may need to be included, changes in procedures that are not effective, and other appropriate adjustments.
Types of tests include:
·         Checklist tests
·         Simulation tests
·         Parallel tests
·         Full interruption tests
10. Approve the plan
Once the disaster recovery plan has been written and tested, the plan should be approved by top management. It is top management’s ultimate responsibility that the organization has a documented and tested plan.
Management is responsible for:
·    Establishing policies, procedures and responsibilities for comprehensive contingency planning
·       Reviewing and approving the contingency plan annually, documenting such reviews in writing
If the organization receives information processing from a service bureau, management must also:
·         Evaluate the adequacy of contingency plans for its service bureau
·         Ensure that its contingency plan is compatible with its service bureau’s plan


Disaster recovery planning involves more than off-site storage or backup processing. Organizations should also develop written, comprehensive disaster recovery plans that address all the critical operations and functions of the business. The plan should include documented and tested procedures, which, if followed, will ensure the on-going availability of critical resources and continuity of operations.


Referencing:
Tech Target, 2009-2011, disaster recovery plan (DRP) [online], available at http://searchenterprisewan.techtarget.com/definition/disaster-recovery-plan
Inside Practice, n.d., The Importance of Disaster Recovery Plans [online], available at http://apps.americanbar.org/abastore/books/inside_practice/2007/nov-dec/disaster.html
Wold G.H., 1997, Disaster Recovery Planning Process [online], available at http://www.drj.com/new2dr/w2_002.htm






Posted by at

1 comment:

  1. Rowelli Jorden31 August 2017 at 07:34

    Great blog... This blog enhance my knowledge on disaster recovery project plan. Thanks for sharing such a great article.

    ReplyDelete

Subscribe to: Post Comments (Atom)