|
 Disaster Recovery Plan
Template
Business Continuity
ISO27001, ISO27002,
Sarbanes - Oxley, PCI, and HIPAA Compliant
This Disaster Recovery Plan (DRP) can be
used as a Disaster Planning template for any enterprise. The
Disaster Recovery template and supporting material
have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Disaster
Planning Template comes as a Word document and includes:
New with this version are:
-
Web Site Disaster Recovery
Planning Form
-
Department Disaster Recovery
Activation
Workbook
-
Quick Reference Guide
-
Team Alert List (Form)
-
DRP Team Responsibilities
-
DRP Team Checklist
-
Critical Function(s) Definition
-
Normal Business Hour Response
Procedures
-
After Hours Response Procedures
-
DRP Location(s) Definition
-
DRP Recovery Procedures
-
Notification Procedures
-
Notification Call List (Form)
-
Vendor Disaster Recovery Questionnaire
-
Vendor Phone List Form Updated
-
Key Customer Notification Form
-
Critical Resources to be Retrieved Form
-
Business Continuity Off-Site Materials Form
Included in the template is Business Impact Questionnaire
as well as a full Job Description for the Disaster Recovery Manager.
The premium edition contains 14 full job descriptions.
Clients can also subscribe to Janco's DRP update
service and receive all updates to the DRP Template for 18 months* from the date
of purchase.
The DRP template is over 200 pages and includes
everything needed to customize the Disaster Recovery Plan to fit your specific
requirement. The electronic document includes proven written text and
examples for the following major sections of a disaster recovery plan:
-
Plan
Introduction
-
Business Impact
Analysis - including a sample impact matrix
-
DRP Organization
Responsibilities pre and post disaster - drp checklist
-
Backup Strategy
for Data Centers, Departmental File Servers, Wireless Network
servers, Data at Outsourced Sites, Desktops (In office and "at
home"), Laptops and PDA's.
-
Recovery
Strategy
including approach, escalation plan process and decision points
-
Disaster
Recovery Procedures
in a check list format
-
Plan
Administration
Process
-
Technical
Appendix including definition of necessary phone numbers and
contact points
-
Job Description
for Disaster Recovery Manager (3 pages long) - entire disaster
recovery team job descriptions are available.
-
Work Plan
to modify and implement the template. Included is a
list of deliverables for each task.
There is a extensive
section that show how a full test of the DRP can be conducted. It
includes
-
Disaster
Recovery Manager Responsibilities
-
Distribution
of the Disaster Recovery Plan
-
Maintenance
of the Business Impact Analysis
-
Training
of the Disaster Recovery Team
-
Testing
of the Disaster Recovery Plan
-
Evaluation
of the Disaster Recovery Plan Tests
-
Maintenance
of the Disaster Recovery Plan
Testimonial -
Dave Baker - City of Hamilton -
I have found
the DRP template invaluable!
Testimonial -
Bob Rifenbury -MCSE/CCNA Lauch
Testing Lab -
The DRP Template saved me about 6 months of work!
Testimonial - Kelly Keeler -
Martin's Point Health Care -
I have received and I began using the template
immediately. IT IS GREAT! Made this process a snap for me. Cut my
documentation time down from.
weeks to hours! This document has made,
what began to be an overwhelming process turn into a snap!
Testimonial -
Juan Stamos - Mexico City
Corporation -
We had a DRP in place, but
needed a more user friendly structure. The Disaster Recovery Template (Gold
edition) has that structure. It was very easy to quickly move our DRP into
Janco's DRP Template -- a real added value.
* Update service is for 12 months unless it is purchased within 30
days of the purchase of the Template. Janco reserves the right
to validate purchase of the customer was made for the template.
This template is
not for resale or re-distribution -
Disaster Recovery Planning Template
Disaster Recovery
Template
07/22/2008
Seven Steps to a Working Contingency Plan
 There are seven steps that can be followed
according to the Disaster Recovery / Business Continuity Template published by
Janco Associates. They
are:
1. Acknowledge that at disaster can
occur
2. List and prioritize the risks your enterprise faces from each disaster
threat
3. Inventory your enterprises technology and operational
structure
4. Inventory your enterprises technology
assets
5. Define the necessary service levels your enterprise and its
customers need
6. Develop a plan to operate during and after the
disaster
7. Test the plan that you have created
more info
07/18/2008
Disaster Planning at Colleges and Universities Are a Focus of Many
Colleges and universities across the United States are moving
quickly to adopt text messaging as their first line of emergency notification,
experts said.
The rush to find ways to send tens of
thousands of SMS messages to student cell phones has been intensified becasue
all of the recent on campus incidents.
However, these incidents are not the only recent incentive for
schools to look for ways to reach their students in an emergency. Other reasons
include weather emergencies, especially in the South where hurricane evacuations
are almost an annual event.
And, of course, there's the fact that the U.S. Department of
Education requires colleges and universities to have the means to reach their
students in a timely manner in times of crisis. The question for university
administrators has always been what is the best way to notify students, and in
many cases, that boils down to e-mail, since virtually every student has a
school e-mail account. The problem is, as Virginia Tech found to its sorrow,
that e-mail is rarely an adequate solution.
more info
07/06/2008
Floods Cause Many Firms to Go Out of Business
(Computerworld) - As historic floodwaters start to receded along the
Mississippi and other Midwestern rivers, local businesses in affected
communities like Cedar Falls, Iowa, were busy assessing the impact on IT
equipment and whether disaster recovery plans stood the test.
A maker of computer games in Cedar Falls, may be permanently displaced after
Cedar River floodwaters reached 6 feet in its administrative offices and 5.5
feet in an adjoining warehouse. The company sustained about $250,000 in damage
to inventory.
The firm's president said all 65 employees are now working temporarily in
borrowed offices in three facilities.
As the floodwaters approached on June 9, employees scurried to save 120 PCs,
80 monitors and eight servers. Three high-end printers could not be removed in
time.
The company plans to revise his disaster recovery plan. "When a river comes
up 6 feet higher than it ever has before, it's tough to have that foresight,"
they said. "But it is probably going to happen again."
A software development company has plans to deal with
tornados and electrical outages, but executives never dreamed they would have to
contend with the Cedar River surpassing 500-year-flood levels. "Going through
this experience [will] make those plans [more] than just part of an IT
checklist," he said.
A key lesson learned was that companies must prepare for employees to miss
work to help families and communities after natural disasters.
more info
06/10/2008
British Oppose Disaster Planning Law
BBC: Environmental groups are
campaigning against planning
laws they claim will lead to "faceless bureaucrats" taking decisions on
major projects. Opponents of the government's Planning Bill say it sweeps away
local accountability for developments such as motorways and airports. Instead,
they want people to have more say on the decisions that affect
them.
The government says planning laws need reform to
meet long-term challenges, such as those posed by climate change. The bill,
currently going through Parliament, aims to replace the current system of
holding a sometimes lengthy and expensive public inquiry each time a major
infrastructure project is proposed, such as an airport or a power
station.
People living near the proposed projects would
have limited opportunities to object. The government argues that the reform is
needed to ensure the planning system can "meet the long-term challenges we face
as a society."
But the Planning Disaster Coalition, which
include Friends of the Earth, the National Trust and the Campaign to Protect
Rural England says the change will make a "mockery" of democracy, by taking away
the rights of people to have their say on developments in their local
area
.
more info
05/28/2008
Ways to Enhance Your Disaster Recovery Plan
Threre a a number of ways in which an enterpriser can add value in their
disaster recovery capabilities. For example, storage vendors are enhancing their
replication capabilities, tools for rapid recovery for databases and core
applications like Exchange are finding their way into organizations of all
sizes, and virtualization has opened new disaster recovery opportunities to a
wide range of organizations.
However, before placing the technology cart before the horse, a critical
phase in any form of disaster recovery planning and design is to establish a
solid understanding of applications and their interdependencies. A good initial
step in this process is the establishment of a disaster recovery application
inventory.
What should such an inventory include? While requirements can vary depending
on the organization, a basic listing should include the following items:
- Application name and description
- Business function -- the business unit or functional area the application
supports
- Business process -- the specific business process supported
- Recovery objectives -- stated recovery time objective (RTO) and recovery
point objective (RPO) targets for the application
- Known related applications -- this includes both applications that act as
sources and targets in the business process
- Server details -- a list of the actual servers, both physical and virtual,
on which the application resides, along with configuration details
- Storage details -- the actual storage devices and logical unit numbers
(LUN) allocated to the servers
- Software requirements -- specific information about the
software
more info
05/13/2008
Disk-based vs. Tape Backup

Disk-based vs. Tape Backup:
The Pros and Cons All organizations use tape to back up data nightly. Tape is
fairly inexpensive and low-tech, but managing and administering tape, backing up
to tape and restoring files from it can be time consuming, unreliable and
complex. Disk has always been an easier, more reliable alternative, but until
recently its high acquisition cost has made it untouchable for many
organizations. Fortunately, new disk and data reduction technologies have
recently converged to make disk-based backup available at about the same price
of tape backup systems.
more info
05/01/2008
Disaster Planning and Security Management a Real Issue
Consider the Herculean efforts today to
protect the network from threats: Intrusion prevention systems scan packets for
potentially damaging content; email security systems check for viruses in email
content and firewalls block unsolicited connections. To stop the onslaught of
threats to corporate and government networks, a host of software and appliances
are being deployed daily . In general, these border police applications are
doing a fairly decent job of stopping unauthorized intrusion at the door to your
network.
 
But what about organizational insiders? Which
applications or appliances are scrutinizing the information being passed out of
the network? Intrusion prevention systems and firewalls arent looking for
intellectual property sliding out the door right under their virtual noses.
Specifically in healthcare organizations, what about patient information sent
unprotected over the Internet to another provider? Add in the always-changing
regulatory environment, and security is a unique challenge. All it takes is one
misstep to compromise sensitive information. These are legitimate, authorized
users communicating in an above-board way but potentially exposing sensitive
data in the process. This is the core of the immensely complex problem of data
loss.

To address the data loss problem, organizations need to focus now on
content filtering and blocking of electronic communications leaving the network
and not just email, but instant messaging (IM), webmail, HTTP and FTP
communications as well . All avenues of electronic communication need to be
policed to prevent intellectual property, financial information, patient
information, personal credit card data, and a variety of sensitive information
(depending on the business and the industry) from falling into the wrong
hands.
more info
04/25/2008
How Do You Back Up Remote Sites
The global enterprise has a voracious appetite for data, and
little patience for downtime. According to a recent Forrester report, 82 percent
of larger IT organizations rated improving recovery time as a critical or
very critical business priority. The need for continued focus and investment
is clear, especially when you consider that data-at-rest in enterprises is
growing at a compounded rate of 55 percent a year. Moving all that data is a
mounting challenge, and business simply cannot wait.
To meet these growing demands at a reasonable cost,
organizations are moving to IP-based networks; 70 percent of North American and
79 percent of European organizations use some combination of the Internet, MPLS
or Ethernet to connect to their primary backup datacenter. Bandwidth prices may
be in decline, but that doesnt mean it comes cheap. Bandwidth, on average, is
29 percent of the total cost of replication, backup and recovery solutions, and
is often constrained by the effects of latency.

End-to-end plans for turning disaster recovery into
full business continuity are very complex, but from an IP-network perspective it
can be reduced to three main
challenges.
more info
04/19/2008
IT and Business DRP challenges
Disaster plan need to take into account mainframes, blade
servers as well as distributed file servers. The problem is more complex
as enterprises slowly move away from IT and Business alignment towards IT and
Business convergence. For example,
3mMainframes continue to hold their own against the onslaught of distributed
server architectures, not because they are considered superior to newer
technologies but because they still have a unique role to play in the
enterprise. Recent market research indicates that 90 percent of mainframe users
see the devices as long-term data hub and transaction server solutions fully
suited to expected future workloads, particularly in SOA and Web services
endeavors. Distributed servers, meanwhile, are likely to appeal to specialized
shops with low MIPS requirements.
more info
04/15/2008
Virginia Tech Tragedy Leads Others to Establish Disaster Communication
(Computerworld) The deadly shootings of 32
people by a lone gunman at Virginia
Tech one year ago on Wednesday galvanized
college campuses nationwide, leading to a surge in new mass emergency
communications purchases -- especially wireless text messaging technologies.

University police and IT and communications
professionals from around the nation said in recent interviews that the killings
of Virginia Tech students and faculty on the Blacksburg, Va., campus by gunman
Seung-Hui Cho led to a buying spree of new communications technologies and
services. The goal was to bolster the capabilities of existing e-mail and
voice-mail systems, as well as outdoor sirens.
The Virginia Tech shootings heightened our
awareness of additional ways to disseminate crucial information -- including the
use of text messaging because of its popularity with college students, said the
president-elect of The Association for Communications Technology Professionals
in Higher Education (ACUTA) and an IT professional at Columbia University in New
York. a flurry of activity has ensued in the past year, she added, with
both large and small colleges evaluating their emergency communications needs.
more info
|