IT Disaster Recovery Plan

Businesses use information technology to quickly and effectively process information. Employees use electronic mail and Voice Over Internet Protocol (VOIP) telephone systems to communicate. Electronic data interchange (E I) is used to transmit data including orders and payments from one company to another. !ervers process information and store large amounts of data. esktop computers" laptops and #ireless devices are used $y employees to create" process" manage and communicate information. %hat do you #hen your information technology stops #orking& 'n information technology disaster recovery plan (I( )P) should $e developed in con*unction #ith the $usiness continuity plan. Priorities and recovery time o$*ectives for information technology should $e developed during the $usiness impact analysis. (echnology recovery strategies should $e developed to restore hard#are" applications and data in time to meet the needs of the $usiness recovery. Businesses large and small create and manage large volumes of electronic information or data. +uch of that data is important. !ome data is vital to the survival and continued operation of the $usiness. (he impact of data loss or corruption from hard#are failure" human error" hacking or mal#are could $e significant. ' plan for data $ackup and restoration of electronic information is essential. )ecovery strategies should $e developed for Information technology (I() systems" applications and data. (his includes net#orks" servers" desktops" laptops" #ireless devices" data and connectivity. Priorities for I( recovery should $e consistent #ith the priorities for recovery of $usiness functions and processes that #ere developed during the $usiness impact analysis. I( resources required to support time,sensitive $usiness functions and processes should also $e identified. (he recovery time for an I( resource should match the recovery time o$*ective for the $usiness function or process that depends on the I( resource. Information technology systems require hard#are" soft#are" data and connectivity. %ithout one component of the -system". the system may not run. (herefore" recovery strategies should $e developed to anticipate the loss of one or more of the follo#ing system components/
• • • • •

0omputer room environment (secure computer room #ith climate control" conditioned and $ackup po#er supply" etc.) 1ard#are (net#orks" servers" desktop and laptop computers" #ireless devices and peripherals) 0onnectivity to a service provider (fi$er" ca$le" #ireless" etc.) !oft#are applications (electronic data interchange" electronic mail" enterprise resource management" office productivity" etc.) ata and restoration

(his information can $e accessed at the primary $usiness site or any alternate site using a #e$ $ro#ser. (his is a very e3pensive solution that only larger companies can afford. 5sing standardi2ed hard#are #ill help to replicate and reimage ne# hard#are. . Internal Recovery Strategies +any $usinesses have access to more than one facility. (he plan should include a strategy to ensure that all critical information is $acked up. Developing an IT Disaster Recovery Plan Businesses should develop an I( disaster recovery plan. Identify critical soft#are applications and data and the hard#are required to run or data is mirrored $et#een the t#o sites" data can $e restored at the alternate site and processing can continue.installation on replacement equipment. (hese sites are fully configured data centers #ith commonly used hard#are and soft#are products. ata streams" data security services and applications can $e hosted and managed $y vendors. 1o#ever" there are other solutions availa$le for small to medium si2ed $usinesses #ith critical $usiness applications and data to protect. for I( disaster recovery. Ensure that copies of program soft#are are availa$le to ena$le re. !u$scri$ers may provide unique equipment or soft#are either at the time of disaster or store it at the hot site ready for use. 'ssuming data is $acked up off. (est the plan periodically to make sure that it #orks. ocument the I( disaster recovery plan as part of the $usiness continuity plan. It $egins $y compiling an inventory of hard#are (e.g. (hey utili2e dual data centers capa$le of handling all data processing needs" #hich run in parallel #ith data mirrored or synchroni2ed $et#een the t#o centers. 1ard#are at an alternate facility can $e configured to run similar hard#are and soft#are applications #hen needed. servers" desktops" laptops and #ireless devices)" soft#are applications and data. Vendor Supported Recovery Strategies (here are vendors that can provide -hot sites. Prioriti2e hard#are and soft#are restoration. If an outage is detected at the client site $y the vendor" the vendor automatically holds data until the client4s system is restored. (hese vendors can also provide data filtering and detection of mal#are threats" #hich enhance cy$er security.!ome $usiness applications cannot tolerate any do#ntime.