This document discusses disaster recovery planning and policy. It explains that risk assessment is a major part of disaster recovery planning and involves considering all possible incidents and their impacts. It provides examples of potential threats like environmental disasters and loss of utilities. The document outlines the steps to create a disaster recovery plan, including assessing risks, listing essential applications and backups, and outlining recovery procedures. It emphasizes that the plan should be turned into policy, regularly tested and updated, and all staff should be trained on their roles.

1. Developed By : Komal Zahra
Impact Assessment Policy
A major part of the disaster recovery planning process is the assessment of the potential risks to
the organization which could result in the disasters or emergency situations themselves. It is
necessary to consider all the possible incident types, as well as and the impact each may have on
the organization’s ability to continue to deliver its normal services.
This can be complex and demanding. To assist in this area therefore there are a number of tools
available. The science of risk assessment is currently beyond the scope of this portal, but
hopefully the information presented below may give some insight into this task and some
guidance in terms of what is included.
THE THREATS:
Part of the risk process is to review the types of disruptive events that can affect the normal
running of the organization. There are many potential disruptive events and the impact and
probability level must be assessed to give a sound basis for progress. To assist with this process
the following list of potential events has been produced:
Environmental Disasters
o Earthquake
o Hurricane
o Flood
o Snowstorm
o Drought
Loss of Utilities and Services
o Electrical power failure
o Loss of gas supply
o Loss of water supply
o Petroleum and oil shortage
o Communications services breakdown
o Loss of drainage / waste removal
Getting a Disaster Recovery Plan Started:

2. Developed By : Komal Zahra
Having a disaster recovery plan for an organization could be one of the most vital elements in
your organization's long-term stability. For some, the process of creating a disaster recovery plan
can seem overwhelming at the outset, but this effort could one day save your organization.
Disasters take many shapes and sizes and can strike at anytime. In the shadow of daily
commitments making a disaster recovery plan may seem cumbersome and peripheral. But when
a catastrophe does come, the process - hopefully not left until it's too late -- will immediately
become a top priority.
Organization Awareness:
The first step in disaster recovery planning is realizing that there is a need for this type of
preparation. Organizations that value their projects need to implement and maintain effective
disaster recovery plans. In times of need, these plans can minimize interruptions in normal
operations and will limit the extent of damage and disruption.
The responsibility to setup disaster recovery plans falls to an organization's board and
executives. They must organize and maintain a clear outline of what actions they want taken and
which employees need to play a part in the process of disaster recovery should unforeseen events
occur.
Disaster recovery plans should be well known and well rehearsed by all who will have a role in
the recovery process. All management and staff should be aware of the disaster recovery plan
and what is required of them in the event of a serious disaster.
The Planning Project:
There are several fundamental elements that should be included in any disaster recovery plan.
Every plan should involve basics such as emergency response protocol, procedures for backing-
up data, software, etc., and detailed outlines of which staff should be involved in the recovery
process and what specific actions they should take in order to get the organization up and
running like normal again with the least amount of cost and in the shortest amount of time.
When an organization is ready to begin creating its disaster recovery plan, the first thing it
should do is set goals for its disaster recovery plan: for example, what should the plan
accomplish, and it what sort of time frame? Second, the organization should create an accurate,
up to date list of personnel for each of its sectors. The third part of the plan involves making a
list of all essential network applications, the personnel essential to run them, and how frequently
the information should be backed-up. The fourth task would be to take an inventory of all
physical elements needed to run the organization's Local Area Network and Wide Area Network
lines. Fifth, the organization needs to make note of the procedures involved in backing-up its
information services. Sixth, a detailed outline of all disaster recovery procedures should be made.
And the list goes on.
Impactand Risk Assessment:

3. Developed By : Komal Zahra
Risk Assessment is one of the key components of disaster recovery planning. In order to create
the most effective plan for recovering after a calamity, an organization must first consider what
the potential disasters are that they could feasibly encounter, and how each of these might impact
their sectors continuity.
To make their efforts the most efficacious, executives and board members should consider every
possible scenario when analyzing the potential risks their organization might face. This means
that all potential risks should be taken into account, from somewhat mundane hazards like in-
house power failures to extremely perilous events like acts of war or terrorist attacks. As the
purpose of a disaster recovery plan is to outline what actions will be taken in the event that an
organization does experience disaster, these crises should not only be contemplated, but their
potential impacts must be evaluated as well as what steps will be taken to overcome the impact if
one's disaster recovery plan is going to truly be effective and practical.
In the process of disaster recovery, the primary function of risk assessment is to predetermine as
many types of disasters as possible that an organization may encounter, and then to figure out
how the organization will deal with each crisis if it occurs.
Possible crises and disasters for consideration:
 Floods
 Earthquakes
 Epidemic illness
 Terrorist attacks
 Acts of war
It's important to keep in mind that this list of possible disasters is far from exhaustive and does
not include many of the specialized concerns particular organization may need to consider and/or
include in its disaster recovery plan.
Creating YourDisaster Recovery plan:
Your organization’s disaster recovery plan is one of the most important (if not the most
important) documents you will have on file at your organization. This is the document your
entire organization will turn to for instruction, guidance, and protocol in the event of a serious
crisis, particularly one that could cause major disruptions to the day-to-day functions of your
organization, or could have a marked affect on your company's ability to maintain productivity.
This document will help your organization recover faster and can even help you avoid loss of
revenue.
Even in the face if its importance, many organizations are tempted to procrastinate creating their
disaster recovery plan because the process can feel a bit overwhelming.
This template is designed to cover everything from the initial impact a catastrophe can have on a
business to the steps that will need to be taken to return your organization to its normal state of
operation.

4. Developed By : Komal Zahra
The step-by-step process outlined in the template will take you through the necessary elements of
disaster recovery planning. It can help create not only a recovery plan, but also a chain of
accountability among the people of your organization that participate in the disaster recovery and
emergency planning.
Each project and its specific needs are unique. No "one size all" disaster recovery plan would be
adequate. That is why this template has been created with a sufficiently flexible format. There is
enough structure to keep you focused and grounded, while still maintaining enough malleability
to allow you to modify the plan and fit it to organization's particular needs.
YourDisaster Recovery Plan isPolicy:
Disaster recovery plans are useful, but can only be semi-helpful if they are not made into
organization policy. Thus, board members and management need to issue clear statements that
make awareness of their disaster recovery plans policy. In order for the plan to be most effective
it needs to move from paper to practical reality. It should be tested, updated, and maintained on a
regular basis by all personnel in the organization who are engaged in the planning or who hold
any responsibility in the implementing of what has been planned.

5. Developed By : Komal Zahra
Disaster recovery plans need to be kept up-to-date and every member of the organization should
be made aware of the plan. All employees should know the plan's procedures and what their role
will be in the recovery process in the event of an emergency.
Testing the plan in a simulated environment can be very useful. It will show if the plan can be
implemented in real life should a disaster or serious emergency occur. Live practice will also
bring to light any unforeseen gaps or disconnects in the plan. Plus it will help employees remain
calm and confident about what actions they will need to take if there is crises, which by
extension, will help your business return to a state of normal operation with greater speed.
Turning your disaster recovery plan into organization policy is a key step in the disaster
recovery process.
Disaster Recovery Plan Maintenance:
Implementing a disaster recovery plan that will run smoothly and be successful largely depends
on the performance of the people who are assigned responsibilities to help implement the plan. In
order to have the most successful outcome, the people involved must thoroughly understand each
of their roles in the process and what affect their performance will have on the rest of the disaster
recovery plan process.
It is important to train all staff involved in the disaster recovery process. They should regularly
review their responsibilities and participate in "dry run" practices at least twice a year, preferably
quarterly. It is also important for an organization to keep the list of its staff that is intended to be
engaged in the disaster recovery process current and up-to-date. Changes such as promotions,
firings, and resignations must be noted in the disaster recovery plan and replacements for these
people should be added.
Having the list of employees that are trained in their disaster recovery roles current makes for an
effective disaster recovery process. Practiced employees will be better able to implement the
plans made for ensuring your organization's business continuity in the face of disaster. Without
practice, an unexpected disturbance or emergency can overwhelm staff and undermine the
organization's ability to implement its disaster recovery plan, resulting in a loss of productivity
and most likely revenue.
Also, whenever your company undergoes changes in infrastructure or makes network upgrades,
these changes need to be incorporated into your disaster recovery plan. An out of date plan is
little better than no plan at all.

6. Developed By : Komal Zahra