Scribd
Upload
18 views43 pages

Disaster Recovery

The document outlines the essential components and processes involved in Disaster Recovery (DR) planning, including the classification of disruptions, key elements of a DR plan, and strategies for mitigating disaster impact. It distinguishes between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP), emphasizing their roles in sustaining operations and minimizing disaster effects. Additionally, it details the phases of BCP, recovery strategies, and the importance of regular testing and maintenance of disaster recovery plans.

Uploaded by

mzeeshanif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
18 views43 pages

Disaster Recovery

The document outlines the essential components and processes involved in Disaster Recovery (DR) planning, including the classification of disruptions, key elements of a DR plan, and strategies for mitigating disaster impact. It distinguishes between Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP), emphasizing their roles in sustaining operations and minimizing disaster effects. Additionally, it details the phases of BCP, recovery strategies, and the importance of regular testing and maintenance of disaster recovery plans.

Uploaded by

mzeeshanif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 43

Disaster recovery

Introduction
• Disaster Recovery (DR): The process of planning and
preparation to recover from disasters (natural or
human-made).
• Key Components:
• Disaster Recovery Plan (DR Plan)
• Disaster Recovery Teams
• Organizational preparedness
Categories of Disruptions
• Non-disaster
• Disruption of service
• Device malfunctioning
• Emergency/Crisis
• Urgent, immediate event where there is the potential for loss of
life or property
• Disaster
• Entire facility unusable for a day or longer
• Catastrophe
• Destroys facility
• A company should understand and be prepared for each category
• Any one can declare an emergency, only BCP coordination can declare a Disaster
• Any one pull the fire alarm or trigger an emergency alarm. Only the BCP
coordinator or some one specified in the BCP can declare a disaster which will
then trigger failover to another facility
Incident or Disaster
• In general, a disaster has occurred when either of two
criteria is met:
(1) The organization is unable to contain or control the
impact of an incident, or
(2) the level of damage or destruction from an incident is
so severe that the organization cannot quickly recover
from it
Disaster Classification

• Criteria for Classification:


• Impact Level: Moderate, Severe, Critical.

• Origin: Natural or Human-made.

• Onset Speed:
• Slow-onset (e.g., pandemics).

• Rapid-onset (e.g., earthquakes, cyberattacks).


Natural Disaster Effects and Mitigation
Damages the building housing the computing equipment that constitutes all or part of the
Fire information system. Smoke and water damage (sprinklers/firefighters). Can be mitigated with
fire casualty insurance or business interruption insurance.

Flood Can damage all or part of the information system or the building housing it. May disrupt
operations by limiting access to buildings. Mitigated with flood/business interruption
insurance.
Earthquake Causes damage to systems or buildings. May interrupt operations by limiting access.
Mitigated with casualty insurance/business interruption insurance (specific policies often
required).
Lightning Can damage systems or power distribution components. May cause fire or interrupt
operations due to power outages. Mitigated with multipurpose casualty/ business interruption
insurance.
Landslide/ Damages systems or buildings. Can interrupt operations by blocking access or disrupting
Mudslide power supply. Mitigated with casualty/business interruption insurance

Tornado/Severe Causes direct damage to systems or buildings. Interrupts operations due to power loss or
Windstorm blocked access. Mitigated with casualty/business interruption insurance.

Hurricane/Typhon Damages systems or buildings, particularly in coastal or low-lying areas. May cause flooding
or power disruption. Mitigated with casualty/business interruption insurance

Tsunami Direct damage to systems or buildings, particularly in coastal regions. Interrupts access or
power. Mitigated with casualty/business interruption insurance.
Key Elements of a DR Plan

• Core Components:
• Role assignments and responsibilities.

• Notification and communication protocols.

• Documentation of disaster details.

• Mitigation and recovery strategies.

• Backup and alternate systems.


Mitigating Disaster Impact

• Prevention Techniques:
• Regular backups.

• Insurance (fire, flood, business interruption).

• Cross-training employees for key roles.

• Examples of Mitigation:
• HVAC systems for dust control.
Testing and Maintenance

• Why Test?
• Identifies planning gaps.

• Prepares personnel for emergencies.

• Maintenance:
• Regular updates to reflect system changes.

• Periodic review and testing schedules.


Transition to Business
Continuity
• When DR Evolves into BC:
• If primary facilities are unusable.

• Focus shifts to establishing operations at new


locations.

• Integration with Business Continuity Planning:


• Ensures seamless organizational recovery.
BCP vs DRP

• BCP: Focuses on sustaining operations and protecting the viability of


the business following a disaster, until normal business conditions
can be restored.

• DRP: Goal is to minimize the effects of a disaster and to take the


necessary steps to ensure that the resources, personnel and business
processes can resume operations in a timely manner. Deals with the
immediate aftermath of the disaster and is often IT focused.
Phases of BCP
• Phases of Plan
• Project Initiation
• Business Impact Analysis
• Recovery Strategy
• Plan Design and Development
• Implementation
• Testing
• Maintenance
Project Initiation
• Obtain Senior management’s support

• Secure funding and resource allocation

• Name BCP coordinator/Project Manager

• Develop Project Charter

• Determine scope of the plan

• Select members of the BCP Team


BIA
• Initiated by BCP committee

• Identifies and prioritizes all business processes

• Addresses the impact on the organization in the event of loss of a


specific services or process

• Establishes key metrics for use in determining appropriate counter


measures and recovery strategy

• Importance(relevance) vs Criticality(downtime)
• The auditing Department is certainly important, though not usually critical. The BIA
focuses on criticality
• Key metrics to Establish
• Service Level Objectives

• RPO

• MTD
• RTO

• WRT

• MTBF(Mean Time Between Failures)

• MTTR(Mean time to repair)

• MOR(Minimum Operating Requirements)


Identify Recovery Strategies

• When preventive controls don’t work, recovery


strategies are necessary
• Facility Recovery

• Hardware and Software Recovery

• Personnel Recovery

• Data Recovery
• Facility Recovery
• Hot, warm, cold sites
• Reciprocal Agreements
• Others
• Redundant/Mirrored site(partial or Full)

• Outsourcing

• Rolling hot/mobile site


Facility Recovery Option
Facility Recovery: Reciprocal
Agreements
• How long will the facility be available to the company in
need?
• How much assistance will the staff supply in the means of
integrating the two environments and ongoing support?
• How quickly can the company in need move into the facility?
• What are the issues pertaining to interoperability?
• How many of the resources will be available to the company
in need?
• How will differences and conflicts be addressed?
• How does change control and configuration management
take place?
Facility Recovery: Criteria for Alternative Facility
• Is the facility closed on weekends or holidays?
• Are the access controls tied in to emergency services?
• Is the facility fire resistant in its construction?
• What is the availability of a bonded transport service
• Are there any geographical environmental hazards
• Does the facility provide proper environmental controls?
• Is there a fire detection and suppression system?
• What is the vendor’s liability of stored media
Personnel Recovery

• Identify Essential Personnel – Entire staff is not always


necessary to move into recovery operations

• How to handle personnel if the offsite facility is a great


distance away

• Eliminate single point failure in staffing and ensure


backups are properly trained
Data Recovery

• Data Recovery options are driven by metrics established


in the BIA(MTD, RTO, RPO, etc)

• Backups

• Database Shadowing

• Remote Journaling

• Electronic Vaulting
Post-incident Review
Additional BCP Frameworks

You might also like