3. Backup and Recovery Procedures
• Part of the emergency preparation process should take into
consideration backup and preventive strategies for each functional
area of the business or organization.
• The ultimate cost of implementing such backup and recovery
procedures will depend on the speed with which systems or business
processes need to be restored.
4. The organization should have BCP(Business
Continuity Plan) documentation for each of the
strategies
List of recovery strategies available to an organization
• IT Systems Backup and Recovery
• Premises and Essential Equipment Backup and Recovery
• Customer Service Backup and Recovery
• Administration and Operations Backup and Recovery
• Information and Documentation Backup and Recovery
• Insurance Coverage(s) and Claims Process Documentation
5. Alternate Business Process Handling
The organization’s key business processes should have been listed in this
plan. For each key process, it is necessary to determine the type of
backup process that would be appropriate.
For example, for a business process that consists of an active
ecommerce site,
• it may be considered appropriate to run a full mirrored backup site that
can be switched to as soon as the main site is unable to function.
6. For an automated administrative process
• it may be considered adequate to back up the business process with
a manual process supported by stand-alone PCs. Very often, cost is
a major factor in the speed of recovery, and a mirrored backup site
would normally be significantly more expensive to set up and
maintain than a manual process.
7. Within the BCP, the key processes and the
recommended strategic approach for each
should be listed
There are a number of strategic options to be investigated when considering
IT systems’ backup and recovery processes
Impractical as it may be,
Relocate and Restore
• is a strategy that involves the identification of a suitable location,
hardware, and peripherals, and reinstalling the systems and backed -
up software and data after an emergency has occurred. This
strategy is considered inadequate for today’s business needs.
8. No strategy
• is the cheapest strategy, of course. This approach also carries the
highest risk and will involve no offsite backup of system or data.
This option usually ends up with the organization going out of
business.
9. For any practical business approach,
the two most important factors to be
considered are:
1. The criticality of the IT systems to the business processes (the
speed of recovery needed)
2. The amount of money available for IT backup and recovery
strategies.
10. Although major disruptions with long-term effects may
be rare, they should be accounted for in the
contingency plan.
Thus, the plan must include a strategy to recover and
perform system operations at an alternate facility for an
extended period. In general, three types of alternate
sites are available:
11. Three types of alternate sites
1. Dedicated site owned or operated by the organization.
2. Reciprocal agreement or memorandum of agreement with an internal
or external entity.
3. Commercially leased facility.
12. Regardless of the type of alternate site chosen,
the facility must be able to support system operations as
defined in the contingency plan.
The three alternate site types may be categorized in terms
of their operational readiness.
Based on this factor, sites may be identified as
1) mirrored sites
2) hot sites (switchable)
3) warm sites
4) mobile sites
5) cold sites
13. 1.) Fully Mirrored Recovery Site
This strategy entails the maintenance of a fully mirrored duplicate site that would
enable instantaneous switching between the live site and the backup site.
This is normally the most expensive option. Mirrored sites are fully redundant
facilities with full, real-time information mirroring. Mirrored sites are identical to the
primary site in all technical respects.
These sites provide the highest degree of availability, because the data are
processed and stored at the primary and alternate site simultaneously.
These sites typically are designed, built, operated, and maintained by the
organization.
14. 2.) Switchable Hot Site
• This strategy involves the establishment of a commercial arrangement with a
vendor who will guarantee to maintain an identical site with communications to
enable you to switch your IT operations to his site within an agreed -upon time
period, usually less than one to two hours.
• Hot sites are office spaces appropriately sized to support system requirements
and configured with the necessary system hardware, supporting infrastructure,
and support personnel.
• Hot sites are typically staffed 24 hours a day, 7 days a week. Hot site personnel
begin to prepare for the system’s arrival as soon as they are notified that the
contingency plan has been activated.
15. 3.) Warm Site
Warm sites are partially equipped office spaces that contain some or all of the
system hardware, software, telecommunications, and power sources.
The warm site is maintained in an operational status ready to receive the
relocated system.
The site may need to be prepared before receiving the system and recovery
personnel.
In many cases, a warm site may serve as a normal operational facility for
another system or function, and in the event of contingency plan activation,
the normal activities are displaced temporarily to accommodate the disrupted
system.
16. 4.) Mobile Site
Mobile sites are self-contained, transportable shells custom-fitted with specific
telecommunications and IT equipment necessary to meet system requirements.
These are available for lease through commercial vendors.
The facility often is contained in a tractor-trailer and may be driven to and set up at
the desired alternate location.
In most cases, to be a viable recovery solution, mobile sites should be designed in
advance with the vendor, and an SLA should be signed between the two parties.
This is necessary because the time required to configure the mobile site can be
extensive, and without prior coordination, the time to deliver the mobile site may
exceed the system’s allowable outage time.
17. 5.) Cold Site
This strategy involves the setting up of an emergency site once the
crisis has occurred.
The company has a standby arrangement with a vendor to deliver the
minimum configuration urgently.
This option usually enables the organization becoming operational
within two to three days.