Introduction

to Disaster
Recovery

Module 1
You Will Learn How To…

~ Develop a disaster recovery philosophy

~ Describe the basic principles of disaster recovery
planning
~ Describe and establish a business continuity and
disaster recovery function
~ Understand the steps of disaster recovery planning
~ Understand the role of IT and network management in
disaster recovery
Disasters and Disaster Recovery

~ Disaster strikes often

~ Everyday life is filled with incidents that can
disrupt business
~ A disaster recovery plan allows for:
• Business continuity during a disaster
• Restoration of normal operations
Developing a Disaster Recovery
Philosophy

~ A disaster recovery philosophy is rooted in:

• An organization’s desire to protect and preserve its positive
public image
• An organization’s physical assets
• The lives of the organization’s employees
~ The image includes:
• High levels of customer satisfaction
• Faith of stockholders
• Other stakeholders for an organization
Organizations and Disasters

~Many organizations have suffered through a disaster

~The ones that have not are not immune
~Out of 250 organizations surveyed, three of every 10
organizations surveyed for this book have been through a
disaster
Disaster Recovery Planning

~ The process of assessing risks that an

organization faces
~ Developing, documenting, implementing,
testing, and maintaining procedures
~ Minimize losses after a disaster
Status of Disaster Recovery Planning

~Nearly three of every four organizations have a disaster

recovery plan in place
~Disasterrecovery planning is still a new process in
many organizations
Disaster Recovering Planning Process

~ Too many people consider disaster recovery planning a

mechanical process
~ There are certainly tedious and laborious aspects to
developing a plan
~ Organizations have cultures, spirits, and images that
permeate relationships with
• The organization
• Customers
• Business partners
• The public at large
Customers

~ A customer’s view of an organization is crucial to the organization’s

success
~ Marketing managers hope customers see products as high quality
and a good value
~ New customers are difficult and costly to gain
~ Less costly to keep current customers satisfied
~ Customer satisfaction is a prime marketing tool
~ A good public image is an asset that takes years to achieve and
considerable diligence to maintain
Stockholder and Investor Relations

~ Maintaining investor faith is extremely important

~ Institutional investor confidence is important
~ Considerable effort is exerted to develop the faith and trust of
investors
~ Efforts to maintain faith are less expensive than those required to
regain lost faith
~ Organizations want to be viewed in the most positive light possible
~ Backup computers, emergency networks, and temporary quarters
are only tools
Disaster Recovery Planning

~ Intensified since September 2001

~ Three of every 10 organizations surveyed report
that their spending for disaster recovery
planning has increased
~ One of every 10 organizations reports that
spending has increased dramatically
Disaster Recovery Planning
 Basic Principles of Disaster Recovery
Planning

~ No off-the-shelf disaster recovery plan can meet

the needs of all organizations
~ An effective plan recognizes an organization’s size
and other defining characteristics
Planning Principles

~ A solid plan requires the support and participation of

• Upper-level management
• All business unit managers
• Legal counsel
• Directors of all functional departments such as Human
Resources, Facilities Management, IT, and Corporate security
~ Assessing risk requires time consuming, detailed
analysis
Planning Principles

~ All policies and procedures must

• Support the critical needs of business operations
• Comply with all relevant laws and regulations
• Be understood by the parties responsible for implementing
hem
• Be approved by upper management
~ The plan must clearly delineate and document chain of
command of the managers responsible for declaring,
responding to, and recovering from a disaster
 Planning Principles

~ The disaster recovery system must facilitate and allow control of

communications among
• Decision makers
• Managers
• Staff
• External support organizations
• Law enforcement
• Emergency services
• Media
~ All policies and procedures must be available to all departments,
managers, and staff during response and recovery
 Planning Principles

~ All employees involved in disaster response and recovery must be

trained to
• Implement documented procedures
• Address unanticipated problems
~ Procedures must be tested and rehearsed
~ Planners must continually evaluate new threats and business
conditions as they develop
~ During disaster response and recovery, the organization must
• Evaluate the effectiveness of its procedures
• Monitor the physical safety and mental health of employees
Process of Disaster Recovery Planning

~ Implementing the plan and responding to disaster is an

organization-wide effort
~ Plan development requires many types of knowledge and skills
~ Every organization-wide effort is laden with social and political
obstacles that need to be addressed
~ Each step of planning is interrelated and builds upon the others
~ The disaster recovery planning team is responsible for developing
the plan
Establishing Continuity and Recovery
Function
~ Disaster recovery function consists of the people,
departments, and support organizations that
implement the plan and facilitate disaster recovery
~ How this function is organized depends on
• The geographical dispersal of facilities within an organization
• The type of facilities occupied
• The number of employees
• Other factors
 Staff of an Organization’s Disaster Recovery
Function

~ A centralized authority or group

• Coordinates the development of disaster recovery plans
• Plays a role in disaster response and recovery
~ Managers and staff in functional departments have
enterprise-wide roles in disaster response and recovery
~ Department managers and representatives from business
units have roles in disaster response and recovery to
ensure the continued function of their business units
 Understanding the Steps of Disaster
Recovery Planning

~ Disaster recovery planning consists of eight major steps

~ Smaller organizations may be able to develop and
document a plan in a few months
~ In larger organizations, initial planning can take many
months and sometimes years
~ Management and all other members of the planning
team need to understand
• The steps involved in developing a plan
• How these steps build upon each other and fit together as a
whole
Step One

~ The first step is organizing the disaster recovery

planning team
~ The team must be a well-rounded group that represents
all the functions of an organization
~ Requires a high-level manager as a champion
~ Ideally, the champion should be the CEO or a high-level
manager designated by the CEO
 Step One

~ The team must also have a designated leader, or two people who act
as co-leaders
~ Each participating department should assign a primary
representative and an alternate to the team for continuity
~ The team should be trained in disaster recovery planning
~ Once in place, it should establish a schedule of activities, including
meeting times and dates for completing the eight steps of planning
~ There should be an awareness campaign about disaster recovery
planning within the organization
 Step Two

~ Assessing the risk that an enterprise faces is the next step

~ A business impact analysis is a method of assessing risks and
determining the potential economic loss that could occur as a result
of these risks
• All business processes must be identified and analyzed
• The planning team should review legal and contractual requirements to
determine the consequences of business disruption
• The results help guide disaster recovery planning and help the team
develop procedures for recovering from various types of incidents
Worst Disasters
Step Three

~ The third step is establishing the roles that each department,

business partner, and outside service organization plays in disaster
recovery
~ The planning team determines the contribution that each
department can make to the plan and disaster recovery
~ Organization with multiple locations must identify local
departments and employees who can participate in disaster
recovery planning
~ The planning team also determines the role that other
organizations should play in the plan
 Step Four

~ Developing actual disaster recovery policies and procedures is the

next step
~ Disaster recovery policies are the guidelines that govern the
development of disaster recovery procedures
~ Disaster recovery procedures are step-by-step methods
designed to restore an organizational function or business process
~ Developing policies and procedures to recover from disasters
requires attention to detail and thorough analysis
~ Procedures must be established for each step of disaster recovery
and response
 Step Five

~ The fifth step of the disaster recovery plan is to document the

policies and procedures developed in the previous step
~ Part of this documentation is done in conjunction with drafting,
reviewing, and approving policies and procedures
~ The approved documentation is included in the actual disaster
recovery plan
~ A group must be established to manage documentation and the
cycles of reviews, approvals, and updates
~ The document must include all contact information
 Step Six

~ Implementing the disaster recovery plan is next

~ During this step
• The final plan is distributed to all of the departments, organizations,
and employees involved in disaster response and recovery
• The planning team begins to intensify the internal and external
awareness programs to ensure that all parties know about the plan
• Executives are briefed on the plan and their roles in disaster response
and recovery
• Staff in all departments are trained on general and department specific
procedures
• Any outside services or equipment is purchased or contracted
Step Seven

~The next step is to test and rehearse parts of the plan, and
eventually to run a live simulation of a disaster
~A disaster recovery rehearsal is a live simulation in which all
departments and support organizations run through the entire
disaster recovery process, just as they would during an actual
disaster
~Managers in eight of every 10 organizations surveyed think that
testing and rehearsing disaster recovery plans is beneficial
Plan Testing and Rehearsal
Step Eight

~ The final step is often called the maintenance phase

~ Once the plan is developed and tested, the planning team must
continually
• Assess the emergence of new threats
• Adjust for changes in organizational structure
• Determine the impact of new technology on recovery procedures
~ In many industries, planning teams may also need to monitor
changes in laws and regulations that may affect their disaster
recovery requirements
~ When procedures are changed and documentation is updated,
training requirements and staff skills must be updated as well
Frequency of Plan Updates
Role of IT and Network Management in
Disaster Recovery
~ Most organizations rely heavily on their computer
systems and communications networks
~ The IT and network management in every organization
have essential roles in disaster recovery planning and
response
~ Knowledgeable representatives from IT and network
management need to be assigned to the team
 IT Representation

~ At least one representative is needed for each of the following

functions:
• Data center operations
• Network management
• Desktop computing
• Voice communications
~ At least one person is needed for each major IT application,
including
• Financial management support
• Supply chain systems
• Enterprise resource planning (ERP)
• Human resources support
 IT Representation

~ During risk assessment and business impact analysis, IT

and network managers need to
• Help the team answer critical questions about the potential
consequences of system downtime
• Assist in developing and documenting procedures for end-user
departments and the IT departments that facilitate disaster
response and recovery
IT Representation

~ During risk assessment and business impact analysis,

IT and network managers need to
• Help develop and deliver training to department managers and
employees who will assist in recovery procedures for computer
systems and networks
• Help test and rehearse procedures to ensure that their
organization can effectively recover from a disaster
 IT Managers Role

~ IT and network managers have a key role in supporting

and managing the ongoing disaster recovery plan
~ Plans and procedures must be updated
~ IT and network managers must determine
• How each new upgrade or additional application affects these
plans and procedures, then
• Inform the staff who maintain disaster recovery documents of
the necessary changes to keep the plan current
• Develop new training materials as needed
 Chapter Summary

~ Disaster recovery planning is the process of assessing

risks that an organization faces, then developing
procedures to return to normal operations quickly
~ No off-the-shelf disaster recovery plan can possibly meet
the needs of all organizations
~ Understanding the basic principles of disaster recovery
planning can keep team members from getting lost in the
long process
Chapter Summary

~ The disaster recovery function consists of the people,

departments, and support organizations that
implement the disaster recovery plan and facilitate
recovery
~ There are eight steps in the process of developing a
disaster recovery plan
~ Most organizations rely heavily on computer systems
and communication