Information Technology Disaster Planning

5,609 views

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,609
On SlideShare
0
From Embeds
0
Number of Embeds
41
Actions
Shares
0
Downloads
125
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Information Technology Disaster Planning

  1. 1. Information Technology Disaster Planning<br />By Linda Hooks<br />
  2. 2. Information Technology Disasters come in many different forms:<br /> - Fire<br /> - Flooding<br /> - Viruses<br /> - Hacking<br /> - Sabotage<br />
  3. 3. Flooding is perhaps the greatest threat to a data center since most enterprise data centers have been located on the bottom or basement floor of main buildings.<br />Augusta, Georgia flooded on September 10 and 11, 1888.<br />The city flooded again in 1990, not from the Savannah river but from heavy rainfall from two hurricanes. <br />
  4. 4. Disasters have changed in recent years.<br />The most common disasters today involve things like internet fraud, identity theft, viruses, spam attacks, phishing, hacking, piracy, and sabotage.<br />Viruses from Wikipedia for 2008<br />
  5. 5. All organizations need to develop and maintain a disaster recovery plan in the event of a disaster that mandates the following:<br />Alternate location for doing business<br />How to communicate to employees the new location and work procedures <br />How to inform customers of how to do business with the organization after the disaster<br />The following are four basic steps to creating an IT Disaster Recovery Plan:<br />
  6. 6. STEP 1<br />Determine disaster recovery service levels for all applications.<br />The IT staff works with the system owners to establish the DR service level.<br />After considering the real costs involved, the system owners may consider a lower DR service level for an application.<br />Example of service level classifications used by a major financial services corporation<br />
  7. 7. Backup and recovery plans for each application need to be chosen, along with a hardware replacement plan. The method chosen for a database depends on the kind of data being backed up and how fast the data needs to be recovered.<br /> <br />Solutions available to enable businesses to protect and recover their data in a timely manner are:<br />Full Backup<br />Differential Backup<br />Transactional Log Backup<br />STEP 2<br />
  8. 8. Full Backup<br />Backup the entire database including transaction logs<br />Recovers to the point in time of the backup<br />Uses heavy resources to perform and users will see system degradation<br />Needs to run when as few users as possible are on the system<br />Files created are large<br />
  9. 9. Differential Backup<br />Backup of changes to the database since the last full backup<br />Recovers to the point in time of the backup<br />Quicker than a full backup and uses less resources<br />Used for very large databases since it is quicker than a full backup<br />Files created are smaller than full backup files<br />
  10. 10. Transactional Log Backup<br />Backup uses a transaction log to track all of the modifications performed within a database.<br />Recovers to the point in time of the last committed transaction to the database<br />Uses fewer resources than a full or differential database backup<br />Can run during high user usage of the system<br />
  11. 11. All personnel involved in the disaster recovery plan must be trained in the execution of the disaster recovery plan. <br />You need to cross train personnel in the event that the key personnel are unavailable at the time of the disruption.<br />STEP 3<br />
  12. 12. STEP 4<br />The disaster recovery plan must be validated and tested.<br />The disaster recovery plan needs to be tested at least annually.<br />This involves many groups: operating systems support, database administrators, middleware support, application support, personnel who monitor the batch cycle and support the scheduling system, and personnel who support the backup system. <br />Continuously testing the disaster plan allows the personnel to find and resolve problems in the plan and to additionally become more familiar with the plan. <br />This will increase the response time and help eliminate any errors if and when the disaster recovery plan is executed.<br />
  13. 13. Now more than ever, it is becoming almost mandatory to have a disaster recovery plan to open your doors for business.<br />For businesses, ISO 17799 requires appropriate business continuity management and planning.<br />For publicly traded businesses, the Sarbanes-Oxley Act does not mandate how, but you must document the policies and procedures you put in place to safeguard your data and make sure it&apos;s available for reporting on an annual basis.<br />
  14. 14. For healthcare, current HIPAA security standards require that hospitals “protect against any reasonably anticipated threats or hazards to the security or integrity of” electronic protected health information. <br />HIPAA also requires contingency plans “for responding to an emergency or other occurrence that damages systems that contain electronic protected health information” (2007).<br />Joint Commission on Accreditation of Healthcare Organizations (JCAHO) data security requirements for hospitals include planning for communications equipment in an emergency, transporting sensitive data to a recovery site, established physical recovery site security procedures, and extensive disaster recovery testing (2007).<br />
  15. 15. For all companies regulated by the Federal Deposit Insurance Corp. (FDIC), Federal Financial Institutions Examination Council (FFIEC) Handbook, 2003-2004 (Chapter 10) specifies that directors and managers are accountable for organization wide contingency planning and for &quot;timely resumption of operations in the event of a disaster.“<br /> For all utilities, Governmental Accounting Standards Board (GASB) Statement No. 34, June 1999 requires a Business Contingency Plan to ensure that agency mission continues in time of crisis<br />
  16. 16. So in conclusion, if you come in to work and see this, you better have a Disaster Recovery Plan!<br />

×