Paper focuses on disaster recovery planning and the steps we need to take to prepare
a successful disaster recovery plan.
The main use of a disaster recovery (DR) plan is to get the company’s
operations inefficient way after being in by a disaster. Disaster
recovery (DR) plan gives an organized way to deal with unforeseen occurrences
that could possibly crash the whole IT foundation of an organization, which includes
equipment, programming, systems, procedures, and
Securing your organization’s assets in its infrastructure and their capacity to
direct business are the key purposes of implementing
an IT disaster recovery design. Companies
can’t bear to be non-operational due to
territorial power blackouts, cyberattacks or equipment failures. Consistently down programs and applications
convert into lost income. A DR design guarantees that remote
workplaces and branch areas are considered when any disaster happens, and it
can guarantee they are secured.
IT disaster recovery designs give well-established methods to recoup frameworks
and systems which are disrupted, and they enable associations to continue
The objective of these procedures is to limit any negative effects to
This Disaster Recovery Plan is created to ensure the continuation of business operations
if a disaster occurs.
This will give a compelling agreement that can be utilized to recover all key organizational
aspects of the required time span using
key records that are stored off-site.
This Plan is only one of a few designs that will give methods to deal with disaster
These designs can be used independently, however, are intended to support each
other. This arrangement enables
the capacity to deal with coordination exercises encompassing any emergency
Recent surveys after the devastating impacts of Hurricanes Harvey and Irma
shows that the small business owners don’t invest too much time to plan worst
we can’t stop the natural disasters, we can plan ahead to lessen their
devastation and increase company’s odds of survival. Having a disaster plan can spare an
organization’s assets, secure the wellbeing of its representatives and limit
The Majority of companies consider disasters are only floods, hurricanes,
tornados or earthquakes.
But In reality, Disasters are any events
that obviate your business from accessing the data and machines it requires to
operate from your company such as cyber-attacks, power/hardware failures.
The main key issues and questions that need to consider while planning for a
disaster plan are:
Data replication is the most important
factor for any disaster recovery plan.
Will your current DR strategy meet the
company’s needs in the occurrence of a disaster?
Has the company determined which servers
are important and which are expendable? Have new technologies been implemented
that can organize and redirect resources as per that hierarchy?
Is there any employee back up plan?
Does everybody understand what to do in a
any recovery plan, there is a list
of possibilities and recovery procedures to consider and make the recovery
process successful, all the involved employees are required to guarantee that
these assumptions are correct and existing.
All employees affected by this plan are
responsible for accepting their role in a
This plan will be frequently maintained.
The recovery procedure documented in the
plan should be tested once a year.
All employees must react immediately and
effectively throughout the recovery process.
of Disaster recovery plan:
recovery and business congruity are basic parts of the general risk
administration for an association.
Since the greater part of the dangers can’t be avoided, organizations are
introducing disaster recovery and business progression plans to get ready for
possibly disrupted occasions.
The two procedures are similarly important since they give important
information on how the business will proceed after serious disasters. In case of a disaster, the
operations of your organization rely on
the capacity to replicate your IT infrastructure and information. The disaster recovery design
stipulates how an organization will be prepared in case of disaster, what the
organization’s reaction will be, and what steps it will take to guarantee that
operations can be reestablished.
Business continuity arranging proposes a more extensive way to deal with
guarantee your business is working, after a calamity, as well as in case of similar
Organizations rely on a diverse array of
interconnected information systems to meet the needs of its clients. The goal of disaster recovery
planning is to protect the company in the event that all/key aspects of the
company’s operations are rendered unusable.
Preparedness is the key.
The company needs to initiate an
Enterprise Disaster Recovery Program to
first eliminate or reduce disaster risk in critical technology areas and then
plan for facilitation and the timely and predictable restoration of key
applications, data, and supporting critical infrastructure.
Organizations need to understand the importance of
Protecting the assets of the corporation is a high priority. The DR program model should ensure
consistency between the organization’s Event Management, Site Emergency
Response, Business Continuity, Enterprise Disaster Recovery and Public Health
The layers need to be interrelated and should
work together to provide maximum protection and risk mitigation. Company’s Technology should design
multiple ways to reduce the probability of a disaster. These could include the failover of
production processing to geographically dispersed production or non-production
systems; full asynchronous data replication of production storage pools;
software-based database asynchronous replication; and media data restores. These capabilities should be combined
to help achieve the objective of resuming operation with limited to no data
loss or disruption to stakeholders.
Core to the recovery solution design for any company should be the multiple
data center approach.
The primary data centers should be located in the areas which are not prone to large-scale disasters such as hurricanes or tornados. Many Organizations select one of the
following Disaster recovery tiers when designing the process:
No off-site data
vaulting without a hotsite
Offsite vaulting with a hotsite
Electronic vaulting to hotsite
Zero data loss
avoiding a disaster is impossible. However, the recovery programmers should be based on
anticipating and planning for the common types of disasters and designing
solutions to address them. Disaster
Protection addresses recovery from the most probable disaster scenarios and worst case scenarios. An Organizational DR strategy should
involve identifying critical business processes and transitioning these
critical applications, data, and supporting infrastructure to an alternate
recovery location in a timely manner, thereby reducing the impact of a
technology event to the critical business clients. This Program should use a variety of recovery strategies
which would align with the defined
criticality of the application. Business critical
applications, as defined by the Business Impact Analysis process should be
given the highest priority.
time is the period of time within which systems, applications or functions must
be recovered after a disaster outage is declared. The RTO is measured in minutes, hours, or days and is an
important consideration in recovery planning. The Recovery Point Objective (RPO) is the point in time to
which you must recover data as defined by the business. Highlights of the DR protection components
An Organization’s data centers should be able to operate in a
power outage mode for up to 3 days. If the Data Center continues to get fuel to run the
generators, they are designed to run in this mode indefinitely.
Operational backups are designed to use high-performance disk-to-disk primary copy with
physical offsite second copy tape.
DR Active and DR Standby recovery solutions employ
Active-Active and/or Active-Standby components located in two geographically
separate data centers where either site can fully support the production
application in the event of a disaster with minimal manual intervention.
Managed Services and Business Continuity
Technology should standardized disaster recovery solutions as part of its
managed solutions for the business. A DR Solution is a specific set of recovery specifications
implemented for an application or component of an application. Applications can contain either a
single consistent DR Solution or they can contain multiple DR Solutions. Where multiple DR Solutions are in
use the overall application RTO is reported as the longest single component’s
RTO. Business Continuity
and Disaster Recovery Plans must be developed, exercised and maintained in
order to limit losses caused by disruptions to critical business operations and
to enable efficient and effective recovery. The Business Continuity and DR Plans include processes and
controls to protect the business of Organizations, the life, and safety of workforce members, as well as to
protect the image, reputation, assets, and resources of the organization.
Roles and Responsibilities
Recovery Lead personnel:
The DRL (Disaster recovery lead) is
commonly designated by the business segment or application group to head the
disaster recovery effort for specific applications by managing and directing
the following disaster recovery tasks as required:
Drive DR activities to ensure executive
application owners own the recoverability of their critical applications and
the appropriate DR documents are created and kept current.
Oversee DR Plan development, maintenance,
analysis, exercises and Senior Leadership certification sign-off. Ensure plans are of high quality and
contain the information required to
support the recovery time and recovery point objectives.
Assess and communicate aggregate recovery
risks and bring them into strategic discussions with group/segment senior
Event Management – facilitate the
implementation of Application DR Plans, communication and decision making
within the Segment.
Disaster Recovery Team
The Enterprise DR team should be developed
to facilitate, oversee, advise, manage and track all aspects of the recovery as
The Enterprise DR team manages the following recovery planning tasks as
DR Program compliance across the Organizations enterprise
Coordination with the Enterprise Response
and Resiliency Program
DR program coordination with Segment DRLs
to comply with DR Policy
Annual DR exercises, findings, and
remediation tracking of exercise issues
Facilitation of DR Plan development as
well as maintenance and certification of DR Plans
Response to auditors and/or regulators
regarding DR program and exercise results
DR program coordination with Organizations Technology Infrastructure Services to
continuously review overall DR capabilities to determine and guide potential
Training to prepare for annual DR
DR reporting through DR Plan Key
Performance Indicators (KPIs)
DR Plans will be created and maintained for
each information system, including all application and infrastructure systems
that are used in a production capacity at an organization. The DR Plans will be followed during DR tests
and when performing DR in the event of a disaster. A
DR Test will be performed to ensure that the system can be recovered as
expected and that RTO and RPO requirements can be achieved. It will also ensure that the system functions
properly in a recovered state and can be successfully failed back to production
if necessary. The following activities will initiate DR
The implementation of a new system in which an
initial DR Test will be performed to qualify the DR Process, irrespective of DR
Recurring DR testing schedules and periodic site
Requests for a test from a business unit or project
team or based on some regulatory requirement.
DR testing may be performed in a non-production
environment, such as a Validation environment if the non-production environment
closely matches the production environment.
A DR Test may be limited to a single system or
may include several interrelated systems being tested in parallel. Periodically, site level tests may also be
performed consisting of a large number of infrastructure and business systems
and may encompass the systems.
initial DR Test to qualify the DR process of a new or changed system will be
accomplished by executing a hard-copy of an approved DR Procedure and a
Performance Copy of an approved DR Protocol to record the test, and by
referencing an approved Administration SOP.
All DR testing after the initial test will be
accomplished by executing a hard-copy of an approved DR Procedure and an
approved DR Form to record the test, and by referencing an approved
DR Tests that fail will be repeated until a
successful test has been achieved. The
cause for test failures may include failures in technology, and/or functional
failures. The root cause must be identified and
remediated prior to retesting.
Remediation steps may include updates to documentation or technology or
may require technical training to address gaps in skill set. A more significant technology-based failure
could trigger a gap remediation effort.