Scribd Logo
Upload

Welcome to Scribd!

  • Disaster Recovery Planning

    Uploaded by

    Willow
    8 views5 pages

    Original Title

    DISASTER RECOVERY PLANNING

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views5 pages

    Disaster Recovery Planning

    Uploaded by

    Willow

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    DISASTER RECOVERY PLANNING

    • Disasters such as earthquakes, floods, sabotage, and even power failures can be catastrophic
    to an organization’s computer center and information systems.

    • The more dependent an organization is on technology, the more susceptible it is to these


    types of risks. For businesses such as Amazon.com or eBay, the loss of even a few hours of
    computer processing capability can be catastrophic.

    • To survive such an event, companies develop recovery procedures and formalize them into a
    disaster recovery plan (DRP).

    • This is a comprehensive statement of all actions to be taken before, during, and after any
    type of disaster. Although the details of each plan are unique to the needs of the organization,
    all workable plans possess four common features:

    1. Identify critical applications

    2. Create a disaster recovery team

    3. Provide site backup

    4. Specify backup and off-site storage procedure

    Identify Critical Applications

    • The first essential element of a DRP is to identify the firm’s critical applications and associated
    data files.

    • Too often, this task is incorrectly viewed as a technical computer issue and therefore
    delegated to IT professionals. Although the technical assistance of IT professionals will be
    required, this task is a business decision and should be made by those best equipped to
    understand the business problem.
    1
    Creating a Disaster Recovery Team

    • Recovering from a disaster depends on timely corrective action. Delays in performing


    essential tasks prolongs the recovery period and diminishes the prospects for a successful
    recovery. To avoid serious omissions or duplication of effort during implementation of the
    contingency plan, task responsibility must be clearly defined and communicated to the
    personnel involved.

    Providing Second-Site Backup

    • Among the options available the most common are mutual aid pact; empty shell or cold site;
    recovery operations center or hot site; and internally provided backup.

    Mutual Aid Pact

    • A mutual aid pact is an agreement between two or more organizations (with


    compatible computer facilities) to aid each other with their data processing needs in
    the event of a disaster. In such an event, the host company must disrupt its processing
    schedule to process the critical transactions of the disaster-stricken company

    2
    • In effect, the host company itself must go into an emergency operation mode and cut
    back on the processing of its lower-priority applications to accommodate the sudden
    increase in demand for its IT resources.

    • The popularity of these reciprocal agreements is driven by economics; they are


    relatively cost-free to implement.

    Empty Shell

    • The empty shell or cold site plan is an arrangement wherein the company buys or
    leases a building that will serve as a data center. In the event of a disaster, the shell is
    available and ready to receive whatever hardware the temporary user needs to run
    essential systems.

    • This approach, however, has a fundamental weakness. Recovery depends on the


    timely availability of the necessary computer hardware to restore the data processing
    function.

    Recovery Operations Center

    • A recovery operations center (ROC) or hot site is a fully equipped backup data center
    that many companies share.

    • In addition to hardware and backup facilities, ROC service providers offer a range of
    technical services to their clients, who pay an annual fee for access rights. In the event
    of a major disaster, a subscriber can occupy the premises and, within a few hours,
    resume processing critical applications.

    Internally Provided Backup

    • Larger organizations with multiple data processing centers often prefer the self-
    reliance that creating internal excess capacity provides. This permits firms to develop
    standardized hardware and software configurations, which ensure functional
    compatibility among their data processing centers and minimize cutover problems in
    the event of a disaster.

    Backup and Off-Site Storage Procedures

    • All data files, applications, documentation, and supplies needed to perform critical
    functions should be automatically backed up and stored at a secure off-site location.
    Data processing personnel should routinely perform backup and storage procedures to
    obtain and secure these critical resources.

    • Operating System Backup

    • Application Backup

    • Backup Data Files

    • Backup Documentation

    3
    • Backup Supplies and Source Documents.

    • Testing the DRP

    • The organization’s management should seek measures of performance in each of the


    following areas:

    (1) the effectiveness of DRP team personnel and their knowledge levels;

    (2) the degree of conversion success (i.e., the number of lost records);

    (3) an estimate of financial loss due to lost records or facilities;

    (4) the effectiveness of program, data, and documentation backup and


    recovery procedures

    Audit Objective

    • The auditor should verify that management’s disaster recovery plan is adequate and feasible
    for dealing with a catastrophe that could deprive the organization of its computing resources.

    Audit Procedures

    • In verifying that management’s DRP is a realistic solution for dealing with a catastrophe, the
    following tests may be performed

    • Site Backup

    • evaluate the adequacy of the backup site arrangement

    • Critical Application List

    • review the list of critical applications to ensure that it is complete

    • Software Backup

    • verify that copies of critical applications and operating systems are stored off-
    site

    • Data Backup

    • verify that critical data files are backed up in accordance with the DRP

    • Backup Supplies, Documents, and Documentation

    • verify that the types and quantities of items specified in the DRP such as
    check stock, invoices, purchase orders, and any special purpose forms exist in a secure
    location

    • Disaster Recovery Team

    • verify that members of the team are current employees and are aware of
    their assigned responsibilities
    4
    OUTSOURCING THE IT FUNCTION
    • Oftencited benefits of IT outsourcing include

    • improved core business performance

    • improved IT performance (because of the vendor’s expertise)

    • reduced IT costs.

    • By moving IT facilities offshore to low labor-cost areas and/or through economies of scale (by
    combining the work of several clients), the vendor can perform the outsourced function more
    cheaply than the client firm could have otherwise

    Core Competency Theory

    • argues that an organization should focus exclusively on its core business competencies, while
    allowing outsourcing vendors to efficiently manage the non–core areas such as the IT
    functions.

    Risks Inherent to IT Outsourcing

    • Failure to Perform

    • Vendor Exploitation

    • Outsourcing Costs Exceed Benefits

    • Reduced Security

    • Loss of Strategic Advantage

    You might also like