step-by-step disaster preparedness -...
TRANSCRIPT
®®®
Xvand Technology Corporation | 832.204.4909 | [email protected] | www.isutility.com
WHITEPAPER BY XVAND TECHNOLOGY CORPORATION
Go Beyond The Cloud
STEP-BY-STEPDISASTER PREPAREDNESS
Guide & Template
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
1
Disaster Preparedness Plan
Provided by:
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
2
Step 1: Determine Goals of Your Disaster Recovery Plan:
Understand:
The difference between business continuity vs. disaster recovery. The “7 Ps” Guidelines of Business Continuity (Business Continuity Institute) The first 24 hours is for saving lives; second 24 hours is for saving data; third 24 hours is
for ensuring accessibility to data.
Key objectives:
To limit the extent of disruption and damage. To minimize the financial impact of the interruption. To minimize interruptions to business operations. To establish alternative locations and means of operation. To train management on emergency procedures. To provide for smooth, secure and rapid restoration of business operations.
Step 2: Create an Emergency Response Team & Leadership
Name Title Role Address (Physical)
Address (Email)
Phone Alternate
Communication
Note: Attach copies of your organization chart and complete contact information of employees, clients, vendors, and distribution channel partners here. Create laminated copies of contact list(s) for each employee to keep in his/her wallet or purse.
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
3
Step 3: Assess and & Manage Risk of Disaster A. Identify & categorize disaster risk for your business. Factor impact on revenue, productivity
and clients/reputation.
Business Risk Assessment
Affected Business Area
Impact Probability of Failure
Single Event Loss
Expectancy
Estimated # of Incidents/Year
Estimated Cost of Mitigation
Note
Comments:
Sample:
Business Risk Assessment
Affected Business Area
Impact Probability of Failure
Single Event Loss
Expectancy
Estimated # of Incidents/Year
Estimated Cost of Mitigation
Note
Company-wide High Low $500,000 0.1 $10,000
No redundant UPS for phones
Shipping Dept. High Low $100,000 0.2 $15,000 No backup server
Marketing/Sales Moderate High $3,000 2 $6,000 CRM not redundant
Comments:
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
4
B. List of all critical systems and applications involved in daily business operations, like payroll, accounts payable/receivable, orders and CRM.
Systems & Applications
Application/System Critical? Weighted
Value Inaccessibility
Cost/Hour Replacement
Cost
Affected Business
Area Note
Comments:
Sample:
Systems & Applications
Application/System Critical? Weighted Value
Inaccessibility Cost/Hour
Replacement Cost
Affected Business Area
Note
Phone System Critical 9 $24,000 $45,000 Company
ERP System Critical 7 $17,000 $45,000 Sales/Acctg.
Adobe Reader No 2 $250 $5,000 Marketing/Sales
Comments:
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
5
Step 4: Take Inventory
Take physical inventory of all equipment and supplies. This list should be updated frequently and should include all critical components of your business.
This list may include the following:
Servers Workstations Routers/Switches Spare workstations Telephones Software applications General office supplies
Backup power supply Air conditioner/ heater Physical files Humidifier or dehumidifier General data communication External disks/drives
(*Include maintenance agreement for aforementioned.)
Inventory
Item Manufacturer/Model Quantity Serial
# Own/Lease Receipt
Support Phone
# Cost
Hardware Software
Miscellaneous Office Supplies Comments:
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
6
Step 5: Establish Offsite Data Backup Procedures
All company data – servers, workstations, laptops – should be regularly backed up at a secure, offsite location at least once per day to protect against disasters that could potentially wipe out critical business information.
Backups should be regularly documented and tested on a quarterly basis.
Data Backup System Component (Server, desktop, etc.)
Location of
backup
Frequency of backup
Backup performed
by:
Frequency of backup testing
Frequency of recovery testing
Comments
Comments:
Outsourcing Disaster Recovery
5 Questions to Ask Your Prospective DR or Data Backup Provider
1 What is your recovery interval?
2 Who's responsible for data restoration post disaster?
3 Do you document your backup procedures?
4 How often do you test your backup plan?
5 What are staffing levels in an emergency?
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
7
Step 6: Arrange Alternate Means of Operation
Follow the steps on the checklist below to ensure continuance of operations:
Alternate Means of Operation
Checklist:
Create, distribute, and review employee safety and evacuation routes and procedures.
Have an alternate workplace and living arrangements established well in advance of disaster.
Determine which applications will be remotely accessed during and immediately after disaster.
Establish remote access capabilities utilizing browser access for data & applications.
Arrange transportation to and from alternate workplace.
Setup the delivery and the receipt of mail.
Establish emergency office supplies.
Set arrangements for rented or purchased equipment, as needed.
Identify number of remote / backup workstations needed.
Establish means of communication once operations are temporarily shut down or relocated.
Arrange for alternate means of communication at temporary workplace. (Land lines,
cellphones, Internet access, etc.)
Compile, update and verify contact list of employees, clients, vendors, and distribution
channel partners (Cell Phone Numbers, Email, Social Media, such as Twitter.)
Create laminated copies of contact list(s) for each employee.
Protect against lost laptops and mobile devices
Record all serial and model numbers of all mobile devices.
Install laptop tracking and remote data deletion capabilities to protect company assets and
data.
In the event laptop data must be remotely destroyed:
Ensure your organization is in compliance with appropriate data destruction
policies.
Request a certificate of destruction to ensure the data are properly disposed.
Use best practices for securing wireless networks.
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
8
Step 7: Test Disaster Preparedness Plan In Advance.
According to Microsoft, nearly three fourths of companies that test their tape backups found backup failures. Should be regularly tested on a quarterly basis.
Testing Procedures Test the Following on a Quarterly Basis
Data restoration - Define “recovery” and test recovery interval times.
Where will the restore occur?
How long will it take to restore?
Are the backups up-to-date and good?
Is the data accurate?
Is the offsite data backup compatible with new hardware and software?
Can the data be remotely accessed?
Are software versions the same as your production system?
Backup power supply.
Questions to ask about your current systems.
What is the estimated time needed to replace or repair a duplicate system?
Are software licenses tied to the CPU serial number?
Is software media with proper versions available for building a new system?
Step 8: Plan Execution
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
9
Disaster Plan Implementation Checklist:
Declare the emergency and implementation of plan (Emergency response leader)
Assemble disaster recovery team and review tasks of each member
Classify the nature and degree of disaster
Make decision to stay or temporarily relocate to predetermined alternate workspace
Review and distribute alternate communication plans
Notify all lists (clients, employees, vendors & suppliers) of emergency declaration and plan
Notify primary vendors for assistance with problems incurred during emergency
Notify insurance companies
Activate user participation plan
List and keep track of all company devices that are moved to alternate workspace
Take copies of operational and procedural documentation
Maintain constant communication with all lists during and immediately following disaster on:
Extent of damage
Telephones, facilities, power, systems, networks
Other human resource-related events
Declaration of emergency "conclusion"
Restoration of normal business operations
Step 9: Post Mortem - Debrief & Document
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
10
Disaster preparedness plan should be systematically reviewed and tested, especially post-disaster.
Post Mortem Grading Report List Item Overall Grade Notes
Ability to recover individual applications and systems from off-site location.
Ability to restore backup data and systems to pre-disaster levels. (Servers and individual workstations)
Ability of management to determine priority of human resource actions.
Ability of management to determine priority of applications.
Ability to recover and process successfully without key people.
Ability of the plan to clarify areas of responsibility and chain of command.
Productivity and efficiency of work produced at alternate workplace.
Effectiveness of security procedures during the disaster and recovery period.
Ability to accomplish emergency evacuation and first-aid responses.
Ability to quickly communicate with key personnel or assigned alternates.
Ability of employees to work effectively with a temporary loss of on-line information.
Ability of employees to continue day-to-day operations without non-critical applications or tasks.
Availability of peripheral equipment, such as copiers, printers and scanners.
Availability of important forms and paper stock.
Availability of other supplies equipment, such as air conditioners.
Availability of supplies, transportation, and communication.
Ability to adapt plan to lessen disasters effect.
Step 10: Maintain Records of Plan Changes
©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | [email protected]
11
Keep your plan current. Keep records of changes to your configuration, your applications, and your backup schedules and procedures.
Complimentary Disaster and Security Assessment to Get You Started:
It is critical to determine what technology is right for your organization and which services or products should be outsourced. Whether or not you choose to engage with IsUtility®, we’d like offer you the following tools to get you on the road to successful disaster preparedness.
This personalized and confidential IT assessment will uncover potential security risks and vulnerabilities. Includes a comprehensive report on how to best optimize your IT assets and protect your organization from IT disasters. Schedule your free audit at http://info.isutility.com/securityassessment.