Upload
kapildev
View
216
Download
0
Embed Size (px)
Citation preview
8/14/2019 Doc 32 Disaster Recovery Plan
1/3
Syntel CQA Forum Diaster Recovery Plan CQA Doc No 32
Definitions
Disaster is any sudden or unplannedcalamitous event that causes a significantdisruption in information systems and/ortelecommunications systems that affects theoperation of an organization.
Disaster Recovery/Business Contingency
These are commonly used terms to refer tothe recovery of service following either adisaster or other actions which would disruptbusiness activity.
Recovery Plan is a documents used to defineactions to be taken in the event of a disasterand reduce the number of decisions requiredduring a stressful situation.
Business resumption is the process ofrestoring business activity to an acceptablelevel, and then to a normal level after anemergency event has disrupted normal
operations.Purpose and Scope
Most organizations now have installed verycomplicated on-line and diverse networksystems. Although organizations may havesimilar equipment and operating systems,they generally do not have the capacity toadd a large number of users from another on-line environment to their systems even if thetechnical problems could be solved.
A trend is evolving to provide alternate sitesnear the central local systems where any
additional equipment needed can be shippedin rapidly, and critical on-line operations forthe organization can be resumed in areasonable time.
Redundancy in the communications networkand a tie-in to the alternate site, or the abilityto rapidly tie-in, is an important part of thedisaster plan. This type of site is called a coldbackup site, as opposed to a hot backup sitewhich contains all equipment necessary tostart immediate operations.
DISASTER PLANNING PROCESS
In the event of a disaster, a business shouldhave a back-up for the following:
Data file storage and retrieval
Customer Services
Communications and User Operations
Hardware
Software
User operations
Facilities for MIS and for users
An effective disaster recovery plan clearlyidentifies even the obvious details of how youwill respond to disaster to ensure some ofthose details do not escape attention. Itspells out those details, which establishes theplan is comprehensive and well-organized.
It is important to keep in mind, that the aimof the planning process is to:
Assess existing vulnerabilities
Implement disaster avoidance and
prevention procedures
Develop a comprehensive plan that will
enable the organization to reactappropriately and in a timely manner ifdisaster strikes
Create an an awareness program to
educate management and seniorindividuals who will be required toparticipate in the project
Preparing for a Disaster
This section contains the minimum stepsnecessary to prepare for a possible disasterand as preparation for implementing therecovery procedures. An important part ofthese procedures is ensuring that the off-sitestorage facility contains adequate and timelycomputer backup tapes and documentationfor applications systems, operating systems,support packages, and operating procedures.
General Procedures
Responsibilities have been given for ensuringeach of following actions have been takenand that any updating needed is continued.
Maintaining and updating the disaster
recovery plan.
Ensuring that periodic scheduled rotation
of backup media is being followed for theoff-site storage facilities.
Maintaining and periodically updating
disaster recovery materials, specificallydocumentation and systems information,stored in the off-site areas.
Software Safeguards
Administrative software and data are securedby full backups each week and differentialbackups each weekday evening. The firstbackup of each month is retained for one
10718264.doc Page 1of 3
8/14/2019 Doc 32 Disaster Recovery Plan
2/3
Syntel CQA Forum Diaster Recovery Plan CQA Doc No 32
year. Nightly differential backups are retainedin Systems & Operations until the next fullbackup. A copy of the full backups is alsostored in a safe deposit box. Backups arestored on 4mm DAT tapes and other compactmedia.
Recovery Procedures
Systems & OperationsIn case of either a move to an alternate site,or a plan to continue operations at the mainsite, the following general steps must betaken:
Determine the extent of the damage and
if additional equipment and supplies areneeded.
Obtain approval for expenditure of funds
to bring in any needed equipment andsupplies.
Notify local vendor marketing and/orservice representatives if there is a needof immediate delivery of components tobring the computer systems to anoperational level even in a degradedmode.
If it is judged advisable, check with third-
party vendors to see if a faster deliveryschedule can be obtained.
Notify vendor hardware support personnel
that a priority should be placed onassistance to add and/or replace any
additional components.
Notify vendor systems support personnel
that help is needed immediately to beginprocedures to restore systems software
Order any additional electrical cables
needed from suppliers.
Rush order any supplies, forms, or media
that may be needed.
In addition to the general steps listed at
the beginning of this section, thefollowing additional major tasks must befollowed in use of the alternate site:
Notify officials that an alternate site will
be needed for an alternate facility.
Coordinate moving of equipment and
support personnel into the alternate sitewith appropriate personnel.
Bring the recovery materials from the off-
site storage to the alternate site.
As soon as the hardware is up to
specifications to run the operatingsystem, load software and run necessarytests.
Determine the priorities of the client
software that need to be available andload these packages in order. Thesepriorities often are a factor of the time of
the month and semester when thedisaster occurs.
Prepare backup materials and return
these to the off-site storage area.
Set up operations in the alternate site.
Coordinate client activities to ensure the
most critical jobs are being supported asneeded.
As production begins, ensure that
periodic backup procedures are beingfollowed and materials are being placed
in off-site storage periodically.
Work out plans to ensure all critical
support will be phased in.
Keep administration and clients informed
of the status, progress, and problems.
Coordinate the longer range plans with
the administration, the alternate siteofficials, and staff for time of continuingsupport and ultimately restoring theSystems & Operations section.
Managing Recovery ProceduresA disaster recovery plan must do more thanidentify alternatives. It should identify how allmembers of a business organization shouldrespond in the event of a disaster. Thisincludes the following:
Develop a clear chain of command. It
should be clear whom employees need togo to if they see a problem.
Establish a clear sense of individual
responsibility. All employees should betrained to look for signs of disaster and torespond immediately when they seethese.
Documenting Procedures and TrainingEmployees
Documentation of the disaster recovery planneeds to be readily available to allemployees. It should be
written out and frequently revised as the
business and threats change;
10718264.doc Page 2of 3
8/14/2019 Doc 32 Disaster Recovery Plan
3/3
Syntel CQA Forum Diaster Recovery Plan CQA Doc No 32
available on the business network;
referred to frequently in the training and
ongoing education of all employees.
Training should help build employeeawareness of what disasters might look likeas they begin. Also, employees need to beaware of how, in addition to notifyingsomeone else, they might immediatelyrespond. Training should include
practice exercises;
clearly written documents but
frequent instruction in identifying whois to be notified and how to respond toa disaster.
Testing the Disaster Recovery Plan
A disaster recovery plan is only as good as itsability to be put into action. You may want toconsider the following kinds of tests of your
plan to maintain its effectiveness:
An initial comprehensive test of
responses to several kinds of disasters
Tests that simulate specific disasters,
affecting one part of the network
Tests that simulate worst-case scenarios,
when the entire network is affected
10718264.doc Page 3of 3