®®®

Xvand Technology Corporation | 832.204.4909 | questions@xvand.com | www.isutility.com

WHITEPAPER BY XVAND TECHNOLOGY CORPORATION

Go Beyond The Cloud

STEP-BY-STEPDISASTER PREPAREDNESS

Guide & Template

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

1

Disaster Preparedness Plan

Provided by:

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

2

Step 1: Determine Goals of Your Disaster Recovery Plan:

Understand:

The difference between business continuity vs. disaster recovery. The “7 Ps” Guidelines of Business Continuity (Business Continuity Institute) The first 24 hours is for saving lives; second 24 hours is for saving data; third 24 hours is

for ensuring accessibility to data.

Key objectives:

To limit the extent of disruption and damage. To minimize the financial impact of the interruption. To minimize interruptions to business operations. To establish alternative locations and means of operation. To train management on emergency procedures. To provide for smooth, secure and rapid restoration of business operations.

Step 2: Create an Emergency Response Team & Leadership

Name Title Role Address (Physical)

Address (Email)

Phone Alternate

Communication

Note: Attach copies of your organization chart and complete contact information of employees, clients, vendors, and distribution channel partners here. Create laminated copies of contact list(s) for each employee to keep in his/her wallet or purse.

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

3

Step 3: Assess and & Manage Risk of Disaster A. Identify & categorize disaster risk for your business. Factor impact on revenue, productivity

and clients/reputation.

Business Risk Assessment

Affected Business Area

Impact Probability of Failure

Single Event Loss

Expectancy

Estimated # of Incidents/Year

Estimated Cost of Mitigation

Note

Comments:

Sample:

Business Risk Assessment

Affected Business Area

Impact Probability of Failure

Single Event Loss

Expectancy

Estimated # of Incidents/Year

Estimated Cost of Mitigation

Note

Company-wide High Low $500,000 0.1 $10,000

No redundant UPS for phones

Shipping Dept. High Low $100,000 0.2 $15,000 No backup server

Marketing/Sales Moderate High $3,000 2 $6,000 CRM not redundant

Comments:

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

4

B. List of all critical systems and applications involved in daily business operations, like payroll, accounts payable/receivable, orders and CRM.

Systems & Applications

Application/System Critical? Weighted

Value Inaccessibility

Cost/Hour Replacement

Cost

Affected Business

Area Note

Comments:

Sample:

Systems & Applications

Application/System Critical? Weighted Value

Inaccessibility Cost/Hour

Replacement Cost

Affected Business Area

Note

Phone System Critical 9 $24,000 $45,000 Company

ERP System Critical 7 $17,000 $45,000 Sales/Acctg.

Adobe Reader No 2 $250 $5,000 Marketing/Sales

Comments:

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

5

Step 4: Take Inventory

Take physical inventory of all equipment and supplies. This list should be updated frequently and should include all critical components of your business.

This list may include the following:

Servers Workstations Routers/Switches Spare workstations Telephones Software applications General office supplies

Backup power supply Air conditioner/ heater Physical files Humidifier or dehumidifier General data communication External disks/drives

(*Include maintenance agreement for aforementioned.)

Inventory

Item Manufacturer/Model Quantity Serial

# Own/Lease Receipt

Support Phone

# Cost

Hardware Software

Miscellaneous Office Supplies Comments:

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

6

Step 5: Establish Offsite Data Backup Procedures

All company data – servers, workstations, laptops – should be regularly backed up at a secure, offsite location at least once per day to protect against disasters that could potentially wipe out critical business information.

Backups should be regularly documented and tested on a quarterly basis.

Data Backup System Component (Server, desktop, etc.)

Location of

backup

Frequency of backup

Backup performed

by:

Frequency of backup testing

Frequency of recovery testing

Comments

Comments:

Outsourcing Disaster Recovery

5 Questions to Ask Your Prospective DR or Data Backup Provider

1 What is your recovery interval?

2 Who's responsible for data restoration post disaster?

3 Do you document your backup procedures?

4 How often do you test your backup plan?

5 What are staffing levels in an emergency?

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

7

Step 6: Arrange Alternate Means of Operation

Follow the steps on the checklist below to ensure continuance of operations:

Alternate Means of Operation

Checklist:

Create, distribute, and review employee safety and evacuation routes and procedures.

Have an alternate workplace and living arrangements established well in advance of disaster.

Determine which applications will be remotely accessed during and immediately after disaster.

Establish remote access capabilities utilizing browser access for data & applications.

Arrange transportation to and from alternate workplace.

Setup the delivery and the receipt of mail.

Establish emergency office supplies.

Set arrangements for rented or purchased equipment, as needed.

Identify number of remote / backup workstations needed.

Establish means of communication once operations are temporarily shut down or relocated.

Arrange for alternate means of communication at temporary workplace. (Land lines,

cellphones, Internet access, etc.)

Compile, update and verify contact list of employees, clients, vendors, and distribution

channel partners (Cell Phone Numbers, Email, Social Media, such as Twitter.)

Create laminated copies of contact list(s) for each employee.

Protect against lost laptops and mobile devices

Record all serial and model numbers of all mobile devices.

Install laptop tracking and remote data deletion capabilities to protect company assets and

data.

In the event laptop data must be remotely destroyed:

Ensure your organization is in compliance with appropriate data destruction

policies.

Request a certificate of destruction to ensure the data are properly disposed.

Use best practices for securing wireless networks.

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

8

Step 7: Test Disaster Preparedness Plan In Advance.

According to Microsoft, nearly three fourths of companies that test their tape backups found backup failures. Should be regularly tested on a quarterly basis.

Testing Procedures Test the Following on a Quarterly Basis

Data restoration - Define “recovery” and test recovery interval times.

Where will the restore occur?

How long will it take to restore?

Are the backups up-to-date and good?

Is the data accurate?

Is the offsite data backup compatible with new hardware and software?

Can the data be remotely accessed?

Are software versions the same as your production system?

Backup power supply.

Questions to ask about your current systems.

What is the estimated time needed to replace or repair a duplicate system?

Are software licenses tied to the CPU serial number?

Is software media with proper versions available for building a new system?

Step 8: Plan Execution

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

9

Disaster Plan Implementation Checklist:

Declare the emergency and implementation of plan (Emergency response leader)

Assemble disaster recovery team and review tasks of each member

Classify the nature and degree of disaster

Make decision to stay or temporarily relocate to predetermined alternate workspace

Review and distribute alternate communication plans

Notify all lists (clients, employees, vendors & suppliers) of emergency declaration and plan

Notify primary vendors for assistance with problems incurred during emergency

Notify insurance companies

Activate user participation plan

List and keep track of all company devices that are moved to alternate workspace

Take copies of operational and procedural documentation

Maintain constant communication with all lists during and immediately following disaster on:

Extent of damage

Telephones, facilities, power, systems, networks

Other human resource-related events

Declaration of emergency "conclusion"

Restoration of normal business operations

Step 9: Post Mortem - Debrief & Document

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

10

Disaster preparedness plan should be systematically reviewed and tested, especially post-disaster.

Post Mortem Grading Report List Item Overall Grade Notes

Ability to recover individual applications and systems from off-site location.

Ability to restore backup data and systems to pre-disaster levels. (Servers and individual workstations)

Ability of management to determine priority of human resource actions.

Ability of management to determine priority of applications.

Ability to recover and process successfully without key people.

Ability of the plan to clarify areas of responsibility and chain of command.

Productivity and efficiency of work produced at alternate workplace.

Effectiveness of security procedures during the disaster and recovery period.

Ability to accomplish emergency evacuation and first-aid responses.

Ability to quickly communicate with key personnel or assigned alternates.

Ability of employees to work effectively with a temporary loss of on-line information.

Ability of employees to continue day-to-day operations without non-critical applications or tasks.

Availability of peripheral equipment, such as copiers, printers and scanners.

Availability of important forms and paper stock.

Availability of other supplies equipment, such as air conditioners.

Availability of supplies, transportation, and communication.

Ability to adapt plan to lessen disasters effect.

Step 10: Maintain Records of Plan Changes

©2011 Xvand Technology Corporation | 832-204-4909 | www.isutility.com | questions@xvand.com

11

Keep your plan current. Keep records of changes to your configuration, your applications, and your backup schedules and procedures.

Complimentary Disaster and Security Assessment to Get You Started:

It is critical to determine what technology is right for your organization and which services or products should be outsourced. Whether or not you choose to engage with IsUtility®, we’d like offer you the following tools to get you on the road to successful disaster preparedness.

This personalized and confidential IT assessment will uncover potential security risks and vulnerabilities. Includes a comprehensive report on how to best optimize your IT assets and protect your organization from IT disasters. Schedule your free audit at http://info.isutility.com/securityassessment.