Doc 32 Disaster Recovery Plan

8/14/2019 Doc 32 Disaster Recovery Plan

1/3

Syntel CQA Forum Diaster Recovery Plan CQA Doc No 32

Definitions

Disaster is any sudden or unplannedcalamitous event that causes a significantdisruption in information systems and/ortelecommunications systems that affects theoperation of an organization.

Disaster Recovery/Business Contingency

These are commonly used terms to refer tothe recovery of service following either adisaster or other actions which would disruptbusiness activity.

Recovery Plan is a documents used to defineactions to be taken in the event of a disasterand reduce the number of decisions requiredduring a stressful situation.

Business resumption is the process ofrestoring business activity to an acceptablelevel, and then to a normal level after anemergency event has disrupted normal

operations.Purpose and Scope

Most organizations now have installed verycomplicated on-line and diverse networksystems. Although organizations may havesimilar equipment and operating systems,they generally do not have the capacity toadd a large number of users from another on-line environment to their systems even if thetechnical problems could be solved.

A trend is evolving to provide alternate sitesnear the central local systems where any

additional equipment needed can be shippedin rapidly, and critical on-line operations forthe organization can be resumed in areasonable time.

Redundancy in the communications networkand a tie-in to the alternate site, or the abilityto rapidly tie-in, is an important part of thedisaster plan. This type of site is called a coldbackup site, as opposed to a hot backup sitewhich contains all equipment necessary tostart immediate operations.

DISASTER PLANNING PROCESS

In the event of a disaster, a business shouldhave a back-up for the following:

Data file storage and retrieval

Customer Services

Communications and User Operations

Hardware

Software

User operations

Facilities for MIS and for users

An effective disaster recovery plan clearlyidentifies even the obvious details of how youwill respond to disaster to ensure some ofthose details do not escape attention. Itspells out those details, which establishes theplan is comprehensive and well-organized.

It is important to keep in mind, that the aimof the planning process is to:

Assess existing vulnerabilities

Implement disaster avoidance and

prevention procedures

Develop a comprehensive plan that will

enable the organization to reactappropriately and in a timely manner ifdisaster strikes

Create an an awareness program to

educate management and seniorindividuals who will be required toparticipate in the project

Preparing for a Disaster

This section contains the minimum stepsnecessary to prepare for a possible disasterand as preparation for implementing therecovery procedures. An important part ofthese procedures is ensuring that the off-sitestorage facility contains adequate and timelycomputer backup tapes and documentationfor applications systems, operating systems,support packages, and operating procedures.

General Procedures

Responsibilities have been given for ensuringeach of following actions have been takenand that any updating needed is continued.

Maintaining and updating the disaster

recovery plan.

Ensuring that periodic scheduled rotation

of backup media is being followed for theoff-site storage facilities.

Maintaining and periodically updating

disaster recovery materials, specificallydocumentation and systems information,stored in the off-site areas.

Software Safeguards

Administrative software and data are securedby full backups each week and differentialbackups each weekday evening. The firstbackup of each month is retained for one

10718264.doc Page 1of 3


2/3


year. Nightly differential backups are retainedin Systems & Operations until the next fullbackup. A copy of the full backups is alsostored in a safe deposit box. Backups arestored on 4mm DAT tapes and other compactmedia.

Recovery Procedures

Systems & OperationsIn case of either a move to an alternate site,or a plan to continue operations at the mainsite, the following general steps must betaken:

Determine the extent of the damage and

if additional equipment and supplies areneeded.

Obtain approval for expenditure of funds

to bring in any needed equipment andsupplies.

Notify local vendor marketing and/orservice representatives if there is a needof immediate delivery of components tobring the computer systems to anoperational level even in a degradedmode.

If it is judged advisable, check with third-

party vendors to see if a faster deliveryschedule can be obtained.

Notify vendor hardware support personnel

that a priority should be placed onassistance to add and/or replace any

additional components.

Notify vendor systems support personnel

that help is needed immediately to beginprocedures to restore systems software

Order any additional electrical cables

needed from suppliers.

Rush order any supplies, forms, or media

that may be needed.

In addition to the general steps listed at

the beginning of this section, thefollowing additional major tasks must befollowed in use of the alternate site:

Notify officials that an alternate site will

be needed for an alternate facility.

Coordinate moving of equipment and

support personnel into the alternate sitewith appropriate personnel.

Bring the recovery materials from the off-

site storage to the alternate site.

As soon as the hardware is up to

specifications to run the operatingsystem, load software and run necessarytests.

Determine the priorities of the client

software that need to be available andload these packages in order. Thesepriorities often are a factor of the time of

the month and semester when thedisaster occurs.

Prepare backup materials and return

these to the off-site storage area.

Set up operations in the alternate site.

Coordinate client activities to ensure the

most critical jobs are being supported asneeded.

As production begins, ensure that

periodic backup procedures are beingfollowed and materials are being placed

in off-site storage periodically.

Work out plans to ensure all critical

support will be phased in.

Keep administration and clients informed

of the status, progress, and problems.

Coordinate the longer range plans with

the administration, the alternate siteofficials, and staff for time of continuingsupport and ultimately restoring theSystems & Operations section.

Managing Recovery ProceduresA disaster recovery plan must do more thanidentify alternatives. It should identify how allmembers of a business organization shouldrespond in the event of a disaster. Thisincludes the following:

Develop a clear chain of command. It

should be clear whom employees need togo to if they see a problem.

Establish a clear sense of individual

responsibility. All employees should betrained to look for signs of disaster and torespond immediately when they seethese.

Documenting Procedures and TrainingEmployees

Documentation of the disaster recovery planneeds to be readily available to allemployees. It should be

written out and frequently revised as the

business and threats change;

10718264.doc Page 2of 3


3/3


available on the business network;

referred to frequently in the training and

ongoing education of all employees.

Training should help build employeeawareness of what disasters might look likeas they begin. Also, employees need to beaware of how, in addition to notifyingsomeone else, they might immediatelyrespond. Training should include

practice exercises;

clearly written documents but

frequent instruction in identifying whois to be notified and how to respond toa disaster.

Testing the Disaster Recovery Plan

A disaster recovery plan is only as good as itsability to be put into action. You may want toconsider the following kinds of tests of your

plan to maintain its effectiveness:

An initial comprehensive test of

responses to several kinds of disasters

Tests that simulate specific disasters,

affecting one part of the network

Tests that simulate worst-case scenarios,

when the entire network is affected

10718264.doc Page 3of 3

Documents

Doc 32 Disaster Recovery Plan