Disaster Recovery Plan Template
Business Continuity

ISO27001, ISO27002, Sarbanes - Oxley, PCI, and HIPAA Compliant

This Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Disaster

Disaster Recovery and Business Continuity Template
Business and IT Impact Analysis Questionnaire
Work Plan

New with this version are:

Web Site Disaster Recovery Planning Form
Department Disaster Recovery Activation Workbook
- Quick Reference Guide
- Team Alert List (Form)
- DRP Team Responsibilities
- DRP Team Checklist
- Critical Function(s) Definition
- Normal Business Hour Response Procedures
- After Hours Response Procedures
- DRP Location(s) Definition
- DRP Recovery Procedures
- Notification Procedures
- Notification Call List (Form)
Vendor Disaster Recovery Questionnaire
Vendor Phone List Form Updated
Key Customer Notification Form
Critical Resources to be Retrieved Form
Business Continuity Off-Site Materials Form

Included in the template is Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager. The premium edition contains 14 full job descriptions.

Clients can also subscribe to Janco's DRP update service and receive all updates to the DRP Template for 18 months* from the date of purchase.

The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

Plan Introduction
Business Impact Analysis - including a sample impact matrix
DRP Organization Responsibilities pre and post disaster - drp checklist
Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
Recovery Strategy including approach, escalation plan process and decision points
Disaster Recovery Procedures in a check list format
Plan Administration Process
Technical Appendix including definition of necessary phone numbers and contact points
Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available.
Work Plan to modify and implement the template. Included is a list of deliverables for each task.

There is a extensive section that show how a full test of the DRP can be conducted. It includes

Disaster Recovery Manager Responsibilities
Distribution of the Disaster Recovery Plan
Maintenance of the Business Impact Analysis
Training of the Disaster Recovery Team
Testing of the Disaster Recovery Plan
Evaluation of the Disaster Recovery Plan Tests
Maintenance of the Disaster Recovery Plan

Testimonial - Dave Baker - City of Hamilton - I have found the DRP template invaluable!

Testimonial - Bob Rifenbury -MCSE/CCNA - Lauch esting Lab -The DRP Template saved me about 6 months of work!

Testimonial - Kelly Keeler - Martin's Point Health Care - I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!

Testimonial - Juan Stamos - Mexico City Corporation - We had a DRP in place, but needed a more user friendly structure. The Disaster Recovery Template (Gold edition) has that structure. It was very easy to quickly move our DRP into Janco's DRP Template -- a real added value.

This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Template

Disaster Recovery News

02/02/2012
Expensive weather and climate disasters in the United States
Disaster Recovery and Business Continuity plans need to consider natural weather and events. The effects that natural events have on the environment directly and indirectly may be harmful to people. Forest fires and volcanoes harm air quality. Hurricanes and floods can contaminate water supplies and damage wastewater facilities. Any of these can spread contaminated materials into the environment.

The United States set a record with 12 separate billion-dollar weather/climate disasters in 2011, with an aggregate damage total of approximately $52 billion, according to the National Oceanic and Atmospheric Administration. That is just continuing the trend of the past 30 years.

These incidents have prompted many organizations to reconsider the human element during a crisis or major news event and evaluate how they communicate with employees, suppliers, investors and customers. Emergency and mass notification systems are designed to help organizations communicate to stakeholders during an incident or disruption. However, in response to the high occurrence of prominent disasters in recent years, the marketplace has been flooded with products to address emergency and mass notification needs. The need to diligently evaluate vendors is critical to ensure that services will meet an organization's specific requirements.

more info

01/20/2012
Disaster Life Cycle
A business disruption has a life cycle; it starts small and could potentially become a disaster of epic proportion, depending on its duration. The longer the duration, the greater the disruption to your business. Your organizations response should shift as an incident evolves from threat to emergency to crisis to disaster. Its one thing to say access to contract data isnt essential for a day or two, but what about a week or two? This is why its important to protect more than just data. Now that you know what processes are critical to the operation of your business, you can consider threats according to their impact on those critical processes.

To help you mitigate impact to your core processes, your plan should address three key phases:

Business Continuity Response - these are the steps you take immediately to sustain your core processes, your primary business priorities

Disaster Recovery Response - these are the steps you take to extend your core processes indefinitely and address your secondary priorities

Restoration Planning Response - these are the steps you take to restore your business to its pre
-incident level

more info

01/08/2012
DRP for virtual data centers
Protecting application data from disasters is critical to keeping businesses up and running. Yet traditional disaster recovery solutions were never intended to address the needs of today's virtualized data center.

As a result, the cost and complexity of using traditional disaster recovery products to address data replication needs in highly virtualized environments forces many organizations to forego disaster recovery altogether.

more info

12/14/2011
Business continuity management will minimise business interruptions
In addition to this, it is integral for managers to devise business continuity plans to deal with the threats identified by setting out what needs to be done should a certain event occur.

And although not possible to avoid all risks, business continuity management (BCM) can minimise the disruption to a business to a great extend, protecting its share price, stakeholder relations, and reputation, among others.

With that said, BCM is a critical strategic function that cannot be neglected by any organisation whatsoever.

Still, managers often neglect charting a strategic course for their company's future survival, which in itself poses a huge risk, seeing that there are many internal and external events that could impact on a company's overall performance, such as:

the death of the CEO, owner or key staff member

fire, flood or earthquake damage - this could hamper operations while organisations repair damages or settle insurance claims

an interruption in the supply chain

the loss of a major client

production line failure or breakdown

failure to stay abreast of technological innovation

product failure or contaminationinterruption in telecommunications or power supply

more info

11/05/2011
Tape still used in my DR plans
Data protection requirements are further necessary to comply with regulated and long periods of data retention. For example, laws about data storage and privacy apply to the vertical markets of the medical industry. HIPAA requires medical companies to store patients medical records for five to seven years, and to store their childhood records for the life of the patient. This data also has to be highly secure and easily accessible to address patient care and also for legal reasons, such as a mishap in the office. Laws exist like this in many other industries as well, and a company is advised to research legal strictures on data protection. If there is a law requiring compliance, companies must often store more data for a longer period of time, necessitating secure, cost‐effective storage.

These requirements build a basis for using tape for data protection in the mid‐market, in part because of the high likelihood that organizations already use some form of tape in their IT set‐ups. Tape continues to be the preferred home for nearly 70 percent of the world's data. Using tape for DR automatically builds on existing infrastructure and practices, and provides cost‐effective long‐term storage that addresses DR and legal compliance.

more info

10/28/2011
Business continuity failures drive RIMs downtime

RIM's problems raise some important issues for all business continuity managers:

Successful tests do not guarantee that business continuity strategies will work.
Holistic business continuity plans need to consider the failure of failover systems and require that strategies are in place to deal with such a situation.
High availability systems are not a substitute for conventional business continuity and disaster recovery solutions. The latter provide the belts and braces required for total system assurance.

According to RIM the downtime was the result of the failure of a core network switch and then the failure of business continuity processes which were meant to kick-in.

RIM explained the situation in a service message posted on Facebook:

"The messaging and browsing delays being experienced by BlackBerry users in Europe, the Middle East, Africa, India, Brazil, Chile and Argentina were caused by a core switch failure within RIMs infrastructure. Although the system is designed to failover to a back-up switch, the failover did not function as previously tested. As a result, a large backlog of data was generated, and we are now working to clear that backlog and restore normal service as quickly as possible. We apologize for any inconvenience, and we will continue to keep you informed."

more info

10/16/2011
DisasterRecovery and Business Continuity Planning Considerations for Email
Disaster recovery and business continuity planning considerations are crucial when deploying any email system. Not only is it important to have a plan in the event of a local outage, but careful consideration should also be given to the chance of an entire site failure. In the event of a disaster, the first system that needs to be brought online is communications. E-mail is the ideal method of communication, but users need access and the environment has to be able to withstand a major service interruption.

Issues include, failing over to the backup site is a manual process and most systems do not include a mechanism to fail back to the primary site. Getting the primary site back online is a labor- and network-intensive process. Another is that most email systems do not utilize compression, which results in additional network bandwidth consumption.

more info

10/12/2011
Blackberry impacted by lastest outage and get negative image in social networks
The risks of using social media for critical service announcements were highlighted when BlackBerry posted notices of downtime on various social media channels.

BlackBerry users in Europe, the Middle East and Africa were unable to use email, BBM and various other services due to a major fault. To inform users of the incident, Blackberry chose to utilize social media, posted a message stating:

"Some users in EMEA are experiencing issues. We're investigating, and we apologise for any inconvenience."

This basic message resulted in a stream of abuse and negative comments, with 2,500+ messages being posted on Facebook alone.

The theme of many of the complaining comments were:

Questions about when services would be restored;

Questions about whether Blackberry would provide compensation for the downtime;

Questions about why Blackberry customer services employees were not responding to comments posted by users;

Generally abusive comments by people using the incident as a means of venting existing frustrations with Blackberry.

The incident shows that companies need to think very carefully about whether unrestricted social media is an appropriate medium for customer service information. If organizations decide to go down this route, it is critical that messages are not just posted and left; they must be monitored and customer care employees must proactively engage with customer responses.

more info

10/01/2011
Egypt Caused CIO to Re-evaluate Disaster Recovery and Business Continuity Plans using remote sites
The shut down of the Internet in Egypt raised serious disaster recovery and business continuity questions:

How are business departments designed and deployed throughout the company globally?

How are critical functions dispersed through the various locations?

An efficiently run business is always looking at its model and adapting to change -not only within the four walls of the company, but also global changes. As we operate in a flat world, businesses need to consider factors that 20 years ago did not exist to the level they do today. Economic and social changes occurring around the globe on a regular basis force businesses to look at all factors from a comprehensive cost perspective. Business models need to adapt when it becomes disadvantageous being in a specific country. Issues such as unstable governments, civil unrest, devalued currency or inflation that cause the cost point to increase and push the business out of a market, (for example, due to increased salaries and cost of living, or industries that are more favorable drawing on your employee pool). There are many more but the point is the dynamics of change outside of a company can greatly influence the inner workings of that company. And where the company goes, so does business continuity and disaster recovery.

Business continuity and disaster recovery programs must align and adapt with business models no matter how fluid they become, rather than react to those changes once they are in place.

more info

09/16/2011
Continuous Data Protection definition
The focus on data protection and data recovery in traditional disaster recovery planning methodology reflects a practical reality: it makes little sense to re-host applications or reconnect users to the recovery environment if they have no data with which to operate. Next to personnel, data is an organizations most irreplaceable asset. While other resources used in recovery avail themselves of strategies based either on redundancy or replacement, data cannot be replaced: to protect and recover data, it must be copied (made redundant).

This has been the focus of much of the discussion of continuity planning: how to make data redundant for safety. Typically, this entails a combination of approaches collectively described as defense in depth. Typically, some attention is paid to making data redundant at the transactional levelto protect against the accidental deletion or corruption of a file or database transaction and to enable recovery to a point in time just prior to the event itself. A number of technologies are available for this purpose, and the term Continuous Data Protection (CDP) has become an umbrella concept.

more info