Contributed by: Sumaira Sardar

Disaster Recovery Planning-A Systematic Approach

The Disaster Recovery Planning (DRP) is an important element of Business Continuity Planning. It is essential that the organizations take the development and maintenance of the disaster recovery plan seriously because of the fact that unfortunate events can occur at any time. Most organizations cannot function without electronic communication i.e., e-mail, so re-establishing e-mail service is usually a top priority. Similarly they also rely on their web sites to provide services, both inside and externally. For such organizations, a minimum sufficient Internet connection would be a part of the initial disaster recovery steps. All layers of management and employees should be informed that a disaster recovery plan is required in order to make sure that crucial functions of the organization are able to continue in the event of a disaster.

The Policy for Disaster Recovery Planning

The strategic level of the organization should issue a comprehensive policy statement on disaster recovery planning which should contain the following instructions:

ü  A formal risk assessment should be undertaken in order to determine the requirements for the disaster recovery plan.

ü  The disaster recovery plan should be tested at regular intervals to ensure that it can be implemented in crisis situations and that the management and staff know how it is to be executed.

ü  The disaster recovery plan should encompass all essential and critical business activities.

ü  All staff must be made aware of the disaster recovery plan and the key persons to be contacted during the disaster should be identified.

ü  The disaster recovery plan is to be kept up to date.

Overall Approach to DRP

The overall approach to Disaster Recovery Planning (DRP) is as follows:

ü  Strategic level commitment secured

ü  Classify the threats and risks

ü  Manage the risks as part of risk management

ü  Business impact analysis

ü  Develop strategies

ü  Test, identify and maintain the plan

ü  Maintain a crisis management team

Disaster Recovery Strategies

The following are four universal strategies to disaster recovery:

1. Duplicate Systems

The rapid recovery strategy calls for a duplicate set of computer hardware, data, communications equipment, power supply, and an Internet connection, ready for commencement at an alternate site.

With this strategy, recovery times are measured in minutes or hours. This is also called “mirror site”. It is basically a redundant setup elsewhere, running in parallel to the computer systems in production. All transactions are automatically recorded by the production systems and the Duplicate system. If a disaster hits the production site, the Duplicate system enters in and continues the operation. A mirror site is the most expensive solution but provides the best disaster protection; however, not many organizations can pay for or need this strategy.

2. Hot-site Service

A hot-site is an agreement with a recovery services provider to access a physical location equipped with the necessary hardware. This strategy has comparatively high continuing operating costs and the shorter the guaranteed time period, the more costly the payment.

Typically, hot-site service provides recovery within a few hours to a few days.

3. The Vendor Subscription

Another disaster recovery strategy is a subscription for reliable shipment of servers and other critical equipment –commonly known as "Vendor-Subscription." This involves an agreement with a recovery services vendor for the guaranteed delivery of computer hardware to the customer's alternate recovery site. This strategy is generally less expensive than other two.

4. Acquisition

The least receptive strategy involves purchasing the required computer hardware, data, and communications equipment at the time of the disaster. This strategy has the lowest operating costs, as there is virtually no cost unless a disaster happens. Costs of acquiring equipment at the time of a disaster are potentially the most expensive, as a premium price may be paid to get quick delivery. Recovery times for this strategy are usually measured in weeks.

Maintenance of Disaster-Recovery Plan

The increase in technological based processes over the recent past years has significantly increased the level of dependency upon the availability of systems and information for the business to function properly. These changes are likely to continue, and it is likely that the only certainty is that the pace of change will continue to increase.

It is necessary for the disaster recovery plan to keep pace with these changes in order for it to be of use in the event of alarming emergency.

Make sure that the Plan Can-Run on Its Own

It may happen that when disaster strikes, the staff who wrote the recovery plan may not be available to execute it. You have to make sure that your Disaster Recovery Plan will work with or without the internal key people who wrote it.