Your SlideShare is downloading. ×
0
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Disaster Recovery Planning
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Disaster Recovery Planning

1,355

Published on

Disaster Recovery Planning

Disaster Recovery Planning

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,355
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
43
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. JW T JW Disaster T Recovery Planning (DRP) Fundamentals Fundamentals John WilsonWilson John Copyright © 2004 T. John Wilson & Associates P/L Copyright © 2004 T. John Wilson & Associates P/L
  • 2. JW T Single Point of Failure Captain (Company) Goes Down with the Ship ! Cyclone Graham Venus Good Ship c Client Base o Infrastructure m p s Company Data h a mployees i n y p E Copyright © 2004 T. John Wilson & Associates P/L 2
  • 3. Why do we need to Plan for Disasters ? JW T We need to assess the potential risks to the organisation, which could result in disasters or emergency situations We need to consider all the possible incident types, and the impact they may have on the organisation’s ability to continue in business 40% of major companies that experience a serious disaster go out of business within one year WHY ? Copyright © 2004 T. John Wilson & Associates P/L 3
  • 4. Answer JW T Earthquake The process of resuming normal business is: • Too Traumatic • Too Difficult • Too Expensive There has been little or no Planning & Preparation to minimise the impact of a Disaster Copyright © 2004 T. John Wilson & Associates P/L 4
  • 5. JW T What is a Disaster ? Act of God: Earthquake e.g. Kobe, Turkey Cyclone/Hurricane e.g. Florida Floods e.g. Nyngan, Bangladesh Bushfires e.g. Australia, California Act of Man: Accident e.g. Plane Crash, Train Crash Terrorism e.g. World Trade Centre, Bali Sabbotage e.g. Network Hacking, Staff Grievance Copyright © 2004 T. John Wilson & Associates P/L 5
  • 6. DRP in Perspective JW T For a business to continue/survive after a disaster, 3 main preparatory disciplines are needed: – Business Impact, Risk Assessment & Management (ongoing) – Business Continuity Planning (non-IT & ongoing) – Disaster Recovery Planning (IT only & ongoing) A business ignores these at its peril !!! Copyright © 2004 T. John Wilson & Associates P/L 6
  • 7. DRP Becoming Mandatory – JW T WHY ? Other than employees, Information/Data is a company’s most valuable asset Business is becoming increasingly dependent on computerisation and technology Auditors are demanding it Insurers are demanding it Shareholders are holding management responsible for having it Copyright © 2004 T. John Wilson & Associates P/L 7
  • 8. Requirements for JW T Getting Something Done The knowledge of how to do it The skill to do it The time in which to do it The desire/motivation to do it Problem: Requirements may be for Constructive or Destructive reasons Motivating Factor: The individual’s Attitude or Frame of Mind Copyright © 2004 T. John Wilson & Associates P/L 8
  • 9. Pyramid of Needs JW T (Abraham Maslow, in the 1920’s) I am Motivation making Self-Actualisation the best Theory of myself Respect of family, friends etc. Esteem Acceptance by family, friends & workmates Love Needs Safety (physical) and Safety from Worry Safety Needs Food, Warmth, Shelter, Sex Psychological Theory: “Once needs have been met at Needs one particular level, they cease to be motivators” Copyright © 2004 T. John Wilson & Associates P/L 9
  • 10. Start with Management by: JW T Getting their commitment & support by: Educating them on the changing role of IT Explaining the risks & implications to them Identifying the cost of not having a DRP Getting them involved in initial planning Getting their commitment – both financial & People Making DRP a Corporate Policy Copyright © 2004 T. John Wilson & Associates P/L 10
  • 11. Corporate Policy Guidelines should: JW T Demonstrate that management is serious about DRP Involve Legal, Financial and Audit departments to reinforce it Emphasise the importance of corporate procedures and data and the need to protect it Define the minimum requirements to allow the business to recover after a disaster Be delivered to all employees concerned in an authorative manner Copyright © 2004 T. John Wilson & Associates P/L 11
  • 12. We should have a Running Start – Why ? JW T Management are normally already security conscious, albeit not always from an IT perspective: Physical access to the building is controlled Emergency evacuation procedures are in place Regular evacuation drills are carried out Basic data backups are being taken The DRP should be an extension of these basic procedures Copyright © 2004 T. John Wilson & Associates P/L 12
  • 13. But First …We Need to: JW T Establish the geography of the organisation – Is it a multi-site organisation ? Is it a multi-city organisation ? Establish the geography of the network – Is it a “glasshouse” centred network ? Is processing distributed and/or client/server based ? Establish what it is we need to recover - Is it the “glasshouse” environment only ? Do we need to cater for the recovery of non- glasshouse equipment ? Copyright © 2004 T. John Wilson & Associates P/L 13
  • 14. DRP Approach - Deciding Factors JW T Can a DRP site be setup elsewhere on own property, or must we go outside ? The extent of network & infrastructure changes & upgrading needed to effect a DRP How long could the organisation survive without its IT services ? This will influence the choice of a “Cold”, “Warm” or “Hot” site approach Copyright © 2004 T. John Wilson & Associates P/L 14
  • 15. Cold, Warm or Hot Site ? JW T This choice will largely depend on: Management’s commitment (especially financial) to providing proper DRP facilities How long the organisation could survive without IT services Whether a Business Continuity Plan (non-IT) exists So what is the difference between a Cold, Warm or Hot site ? Copyright © 2004 T. John Wilson & Associates P/L 15
  • 16. DRP “Cold” Site JW T Has the necessary accomodation, environmentals and communications in place, but …. No computer equipment is installed Computer equipment is installed when the disaster occurs It can take 6 – 8 weeks to get the IT environment up and running In financial terms this DRP site is the cheapest, but … Few businesses could survive without IT for 6 – 8 weeks Copyright © 2004 T. John Wilson & Associates P/L 16
  • 17. JW T DRP “Warm” Site Is a full blown alternative IT site, with everything in place, but … The equipment is powered off – so no running costs To activate requires powering it up, and … Restoring the necessary backups to provide an up-to-date running environment Recovery time for a mainframe/midrange environment is typically 1-2 days More expensive than a cold site, but more practical Copyright © 2004 T. John Wilson & Associates P/L 17
  • 18. DRP “Hot” Site JW T Like “Warm” site, everything is in place, but … Everything is operational – it is a live, parallel fully current copy of the production environment Recovery of operations merely involves switching over to the “Hot” site, therefore … There is minimal delay in resuming operations Because everything is duplicated and operational it is the most expensive DRP site solution Justification depends on cost to the business of not having IT services available Copyright © 2004 T. John Wilson & Associates P/L 18
  • 19. JW T Disaster Recovery Management Three key components are required for successful Disaster Recovery Planning and Management – D R Control Group – D R Committee – D R Teams Copyright © 2004 T. John Wilson & Associates P/L 19
  • 20. D R Control Group JW T Is active only for the duration of the disaster Is made up of key decision-making management – Company Secretary (Chairman) – Director of Marketing/Communications – Director of Finance – Director of H R – Director of Security – Director of IT – D R Manager – D R Co-ordinator Responsibilities: – Manage the DR Committee/Teams – Official Disaster Declaration – Disaster-over Declaration Copyright © 2004 T. John Wilson & Associates P/L 20
  • 21. D R Committee JW T Responsibilities: – Educate Management on importance of DRP – Promote importance of DRP in the company – Ensure DRP is kept up-to-date – Form & Manage DR Teams – Execute the DRP in the event of a Disaster Copyright © 2004 T. John Wilson & Associates P/L 21
  • 22. D R Committee Members JW T The DR Committee should consist of Key Managers from: – IT Department – HR – Security – Finance – Transport – Customer Service – Hardware, Software & Service Providers Copyright © 2004 T. John Wilson & Associates P/L 22
  • 23. Key Player – DR Manager’s Role JW T Is typically someone with a total focus on Security Chairs the DR Committee Meetings Assists in the overall co-ordination of the Committee Is the focal point of contact for all communications regarding the DRP – Internal and External Is responsible for officially Declaring a Disaster – on behalf of the DR Control Group – this is a Major Decision and costs big money Project Manages the execution of the DRP Ensures the DR Co-ordinator is managed & kept informed Copyright © 2004 T. John Wilson & Associates P/L 23
  • 24. Key Player – DR Co-ordinator’s Role JW T Typically spends 30% of his/her time on DR issues Services the DR Committeee – meeting minutes, etc. Ensures ongoing information flow is maintained Keeps the DR Plan up-to-date Deputises for the DR Manager, when required Co-ordinates off-site backup procedures Copyright © 2004 T. John Wilson & Associates P/L 24
  • 25. Summary JW T Disaster Recovery Planning (in this context) is focused on recovery of the IT Environment Ideally, it compliments two chronologically prerequisite disciplines: – Risk Assessment & Management – Business Continuity Planning(BCP) – not ICT With the ever-growing business dependence on IT, and the increasing awareness of terrorism and security issues this issue must be taken seriously What Price (Business) Survival ? Copyright © 2004 T. John Wilson & Associates P/L 25
  • 26. JW T Q st i on a ? . s ! … just in case ppen red – ! it ne ver h e prepa hope . But let’s b Let’s … Copyright © 2004 T. John Wilson & Associates P/L 26

×