Downloaded 378 times
Uploaded byDatabarracks
How to write an IT DR plan
The document outlines the essential steps for creating an IT disaster recovery plan, emphasizing the importance of team selection, risk assessment, and defining critical business functions. It highlights the need for effective communication strategies, testing, and ongoing maintenance to ensure the plan's effectiveness. Additionally, it encourages regular updates and revisions to adapt to changing circumstances and risks.
More Related Content
Similar to How to write an IT DR plan
How to write an IT DR plan
- 1. How to writean IT Disaster Recovery plan
- 2. www.databarracks.com | 2www.databarracks.com| 2 DISCLAIMER These are universal principles, but every plan is unique
- 3. www.databarracks.com | 3www.databarracks.com| 3 IT DR PLAN VS BUSINESS CONTINUITY PLAN Policy Management IT Infrastructure BCP IT Disaster Recovery
- 4. www.databarracks.com | 4www.databarracks.com| 4 IT DR PLAN VS BUSINSESS CONTINUITY PLAN Business Continuity Planning IT Disaster Recovery Business Continuity Planning IT Disaster Recovery
- 5. www.databarracks.com | 5www.databarracks.com| 5 HOW TO WRITE AN IT DR PLAN Select the teams and determine responsibility • Risk register and Matrix1. Risk identification • Business Impact Analysis (BIA)2. Assess vulnerability to those risks • Business Impact Analysis (BIA)3. Determine impact on the business • Service catalogues and technology dependency mapping 4. Identify critical business functions / IT services • Putting the capability in place 5. Design & implement mitigation strategies • Writing the runbook6. Agree activation plans • Agree testing, documentation and KPIs7. Testing • Keeping the DR plan up to date8. Ongoing changes and maintenance
- 6. www.databarracks.com | 6www.databarracks.com| 6 SELECTING THE TEAM
- 7. www.databarracks.com | 7www.databarracks.com| 7 1. RISK IDENTIFICATION 2. ASSESS VULNERABILITY 3. DETERMINE IMPACT Risk assessment & Business Impact Analysis (BIA)
- 8. www.databarracks.com | 8www.databarracks.com| 8 4. IDENTIFY CRITICAL BUSINESS FUNCTIONS & IT SERVICES • Think services not IT assets Defining your recovery objectives
- 9.
- 10. www.databarracks.com | 10www.databarracks.com| 10 5. DESIGN AND IMPLEMENT MITIGATION STRATEGIES • People • Facilities • Suppliers • Replication and backup Think beyond technology
- 11. www.databarracks.com | 11www.databarracks.com| 11 6. AGREE ACTIVATION PLANS Writing the runbook
- 12. www.databarracks.com | 12www.databarracks.com| 12 6. AGREE ACTIVATION PLANS • To fail over, or not to fail over? • When should you ‘invoke’ or move from Incident Response Team to Crisis Management Team? Writing the runbook
- 13. www.databarracks.com | 13www.databarracks.com| 13 6. AGREE ACTIVATION PLANS Name (contact number) Name (contact number) Name (contact number) Name (contact number) Name (contact number) Name (contact number) Name (contact number) Name (contact number) Name (contact number) Communication - call-trees, contact card, mass notifications
- 14. www.databarracks.com | 14www.databarracks.com| 14 6. AGREE ACTIVATION PLANS • Make these plans specific enough that they can be followed but general enough to cover different incidents Example incidents: • IT failure • Power failure • Cyber incident Plan for the incidents you have identified
- 15. www.databarracks.com | 15www.databarracks.com| 15 7. TESTING • IT failure – SAN failure • Power failure – Kingsway fire • Cyber incident – You’ve been hacked Example disasters
- 16. www.databarracks.com | 16www.databarracks.com| 16 7. TESTING Have you tested? Was it successful? Did it meet your recovery objectives? KPIs and Metrics
- 17. www.databarracks.com | 17www.databarracks.com| 17 8. ONGOING CHANGES & MAINTENANCE
- 18. www.databarracks.com | 18www.databarracks.com| 18 IF YOU REMEMBER NOTHING ELSE! 1. Know who is responsible and in charge 2. Have a plan of how to communicate (staff, customers and suppliers) 3. Write the plan (or update the plan)
- 19. www.databarracks.com | 19 RESOURCES •Business Continuity Institute – http://www.thebci.org/ • World Economic Forum Global Risk Report – http://www.weforum.org/reports /global-risks-report-2015 • London Risk Register – http://www.london.gov.uk/mayo r-assembly/mayor/london- resilience/risks • Cross-sector Safety and Security Communication – http://www.vocal.co.uk/cssc/ • Environment Agency – flood warnings – http://apps.environment- agency.gov.uk/flood/31618.aspx • Business continuity management systems -- Guidelines for business impact analysis (BIA) – http://www.iso.org/iso/catalogue_de tail.htm?csnumber=50054
- 20.