RSS News Feed Feed Description
 
Disaster Recovery Planning Template

Disaster Recovery Audit ProgamDisaster Recovery Plan Template
Business Continuity Planning
ISO 27000, ISO 27001, ISO 27002 (formerly ISO 17799),
Sarbanes - Oxley, PCI-DSS, and HIPAA Compliant

  

 

This Disaster Recovery Plan (DRP) can be used as a template for any enterprise. The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The Disaster Planning Template comes as a Word document and includes:

  • Disaster Recovery Plan Template

  • Business and IT Impact Analysis Questionnaire

  • Work Plan

  • Disaster Recovery & Business Continuity Audit Program

New with version (version history) are (Sarbanes Oxley, HIPAA, PCI-DSS, and ISO 27000 Compliant):

  • Web Site Disaster Recovery Planning Form

  • Department Disaster Recovery Activation Workbook

    • Quick Reference Guide

    • Team Alert List (Form)

    • DRP Team Responsibilities

    • DRP Team Checklist

    • Critical Function(s) Definition

    • Normal Business Hour Response Procedures

    • After Hours Response Procedures

    • DRP Location(s) Definition

    • DRP Recovery Procedures

    • Notification Procedures

    • Notification Call List (Form)

  • Vendor Disaster Recovery Questionnaire

  • Vendor Phone List Form Updated

  • Key Customer Notification Form

  • Critical Resources to be Retrieved Form

  • Business Continuity Off-Site Materials Form

Included in the template is Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager.  The premium edition contains 11 full job descriptions.

Clients can also subscribe to Janco's DRP update service and receive all updates to the DRP Template for 18 months* from the date of purchase. 

The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement.  The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

  • Plan Introduction

  • Business Impact Analysis - including a sample impact matrix

  • DRP Organization Responsibilities pre and post disaster - drp checklist

  • Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.

  • Recovery Strategy including approach, escalation plan process and decision points

  • Disaster Recovery Procedures in a check list format

  • Plan Administration Process

  • Technical Appendix including definition of necessary phone numbers and contact points

  • Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available.

  • Work Plan to modify and implement the template.  Included is a list of deliverables for each task.

There is a extensive section that show how a full test of the DRP can be conducted.  It includes

  • Disaster Recovery Manager Responsibilities

  • Distribution of the Disaster Recovery Plan

  • Maintenance of the Business Impact Analysis

  • Training of the Disaster Recovery Team

  • Testing of the Disaster Recovery Plan

  • Evaluation of the Disaster Recovery Plan Tests

  • Maintenance of the Disaster Recovery Plan

  

Testimonial - Dave Baker - City of Hamilton - I have found the DRP template invaluable!

Testimonial - Bob Rifenbury -MCSE/CCNA Lauch Testing Lab - The DRP Template saved me about 6 months of work!

Testimonial -  Kelly Keeler - Martin's Point Health Care - I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from.  weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!

Testimonial - Juan Stamos - Mexico City Corporation - We had a DRP in place, but needed a more user friendly structure.  The Disaster Recovery Template (Gold edition) has that structure.  It was very easy to quickly move our DRP into Janco's DRP Template -- a real added value.


* Update service is for 12 months unless it is purchased within 30 days of the purchase of the Template.  Janco reserves the right to validate purchase of the customer was made for the template.

 

This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Template, Disaster Recovery

 

 

 

 

 

 

 

 

 

 

Site Map

 

What Should a Data Center Disaster Plan Have

Disaster Plan for Data CentersWhat should a Data Center Disaster Plan Have?  Janco has found that a go Disaster Recovery Plan should have:

  • A section that describes the strategy and procedures for recovering Data Center processing of applications should a disaster substantially disrupt operations.
  • The disaster recovery plan should ben organized into three parts: the main body which provides a general description of the disaster recovery strategy and program, the appendices provide detailed information for conducting the recovery, and the attachments provide supplemental information. The main body is public information and may be freely distributed; the appendices and attachments contain sensitive information that is restricted to the individuals responsible for recovering Data Center operations. The appendices and attachments must be destroyed when updated versions are received.
  • The plan is frequently updated to reflect current hardware, software, procedures, applications, and staffing. Revisions are distributed to the disaster recovery team members at least twice a year following the disaster recovery tests.
... more info

There is More to Disaster Planning Than Creating Backup Files

Disaster Plan AuditThe definition of the necessary level of data backup and restoration processes are crucial components of business continuity and disaster recovery planning. But they are not the only factors that the enterprise and its IT organizations need to consider when defining the strategy they will use in protecting critical data against various disasters including unforeseen events such as severe weather, natural disasters or power failures. They also need to take into account applications, servers, networks, communications, work spaces, and the people who run the applications.

How can organizations effectively evaluate their business continuity needs and ensure that the technologies in place are effective? One key step is to conduct a business impact analysis which examines all the business functions and assesses the damage if a function suffers outages. Storage systems - and more specifically the data that’s stored in them - are extremely relevant for business continuity. But so are the applications, servers, networks and people who run the applications.

Metric for business continuity and disaster recovery include timelines for recovery point objectives (RPOs) and factors defined as recovery time objectives (RTOs).  For data to be available when needed, it needs to be replicated to a remote site. Depending on the desired RPO, that could be synchronous or asynchronous data transfer. In some cases it could be a combination of data that is replicated synchronously to a location that is geographically close and then asynchronously replicated to an out-of-region recovery center.

But data is only part of the equation. Servers, networks and other IT components also play a major role. Just having the data replicated might be okay for a disaster recovery environment with longer acceptable recovery time objectives.  The high cost of storage, communications, network access, and software replication are just a few of the challenges in implementing adequate business continuity.  For a complete real business continuity plan, more than just the data needs to be replicated and available at a secondary site - employee workstations, communication, servers, and applications need to be available. Only with a complete business continuity and disaster recovery plan and strategy in place can organizations ensure continuous operation of the enterprise and availability of vital information.

... more info

Risk Assessment is First Step in Disaster Recovery and Business Continuity Planning

The first step in creating a disaster recovery plan (see Disaster Recovery Plan Template Business Continuity - http://www.e-janco.com/DisasterPlanning.htm) is conducting a risk analysis of your business operation, (see Threat Vulnerability Assessment - Sarbanes Oxley 
Compliance Tool - http://www.e-janco.com/threat.htm) computer applications, and your computer systems.  List all the possible risks that threaten the continuity of your business operations, system uptime, and evaluate how imminent they are in your particular IT entity. Anything that can cause a system outage is a threat, from relatively common man-made threats like virus attacks and accidental data deletions (most common occurrence) to more rare natural threats like floods and fires. Determine which of your threats are the most likely to occur and prioritize them using a simple system: rank each threat in two important categories, probability and impact. In each category, rate the risks as low, medium, or high.

For example, a small distribution company (revenues of $25,000,000) located in Florida could rate  a hurricane an high probability with a high impact, an earthquake threat as low probability and high impact, while the threat of utility failure due to a power outage could rate high probability and high impact. So in this company's risk analysis, a hurricane and power outage would be a higher risk than an earthquake and would therefore be a higher priority in the disaster recovery plan.

... more info

Disaster Recovery Communication Requirements Defined

Disaster RecoveryDisaster Recovery Planning requires a communication network in place that meets at least the following requirements:

  • Voice: It would be absolutely essential for disaster recovery personnel to communication with one another on a common voice channel. A useful service in this regard is provided by the push-to-talk voice call system that has been incorporated by the GSM standard in its Phase 2+ version as an additional service. The push-to-talk system enables an almost instant voice connection to be setup between the speaker and the intended call recipients, thus saving precious time in emergency situations.
  •  Data: Disaster recovery personnel at the disaster site must be able to exchange data with the Remote Command Center in real time. Further, the personnel must be able to exchange data with one another. Lastly, they should be able to connect to the public internet and possibly to a remote third party via a secure link.
  • Location information: Each of the disaster recovery personnel at the disaster site must be able to ’see’ the locations of all other active personnel in a specified area, relative to their own positions. This service may prove crucial in situations where in a worker want to warn nearby workers of dangerous conditions (e.g. collapsing buildings after an earthquake) or wants to request backup for immediate help in rescuing disaster victims.
... more info

Staff Training Critical for Business Continuity

 Business Continuity Planning
A statistic that may be alarming to those with remote locations who may not be properly managing the storage at those sites is that up to 80 percent of the information deemed "important" to "critical" for the average multiple-location business resides in their branch offices. That means the office manager, salesperson, or computer-savvy marketing guy is responsible for 80 percent of the company’s future! Whether that person takes vacation, business trip, gets too busy or simply forgets to perform the nightly backup, your data is at risk.

Even if the job is assigned to the most responsible person in the entire company – the person who’s always around – there's no guarantee that the job will be done correctly, consistently, or in a timely manner across sites. The office manager at one site may have a different method than the inside sales representative in another location. The marketing manager at a third site may perform the task with less consistency than the other two.

... more info