Disaster Recovery
-
Upload
mcgovern-consulting-group-lcc -
Category
Technology
-
view
398 -
download
1
Transcript of Disaster Recovery
Provided by:The McGovern Consulting Group, LLC
Your Local Sage 100 Fund Accounting Business Partner
888-876-1544 | www.mcgoverncg.com
Disaster Recovery Planning For YourOrganization
Agenda
• Who is the McGovern Consulting Group?• What is your current plan?• Basic questions you need to ask• Common mistakes organizations make• How to develop a plan – steps involved• Repeating the cycle• Methods to developing plan• Options to consider in developing the plan – Simple to
Advanced
Learning Objectives
Goal - Understand Disaster Recovery Best Practices
Why Do We Need A Disaster Recovery Plan ?
The National Archives & Records Administration reported that93% of the companies that lost their data for 10 days or morefiled for bankruptcy within one year of the disaster
Basic Questions
• What options do we have available to us?• What is the cost involved in each method?• What are the ramifications of each method?• How much data can the organization afford to lose?
More Basic Questions
• What if we have an event at the building?• Would we be able to restore the information to
another location with ease?• Are the only backups we have of our data all
stored within one location?
Common Mistakes
• Not involving the day-to-day users• An incomplete plan• Plan not tested• No plan at all
Disaster Recovery Plans
• Developing a Written Disaster Recovery Plan– Information Gathering– Plan Development– Plan Testing– Maintain the Plan
Disaster Recovery Plans - InformationGathering
• Organize your Project Team– Appoint Project Leader– Identify Planning teams– Set Project Deadline
• Conduct Business Analysis– Identify functions, processes and systems– Interview Personnel– Analyze results to determine critical systems,
applications and business procedures– Prepare impact analysis
Disaster Recovery Plans - Information Gathering(cont’d)
• Conduct Risk Analysis– Review backup system/procedures– Review data security– Identify systems that support critical mission functions
(Payroll!)– Identify vulnerabilities(floods, hurricanes, fires, etc.)– Assess Probability ofsystem failure or disruption– Prepare risk and securityanalysis
Disaster Recovery Plans - Information Gathering(cont’d)
• Develop Strategic Outline for Recovery– Detail steps in workflow for each critical function
• POLICY and PROCEDURE MANUAL• Make sure the workflow shows enough detail that someone
else could perform task without supervision– Identify the minimal requirements if a disruption did occur– Identify alternate methods of processing – (Processing payroll
Manually)– Identify any processes with very little tolerance for downtime– Identify primary contact for each critical function– Identify alternate contact if primary person for that role is
unavailable– Identify key vendors
Disaster Recovery Plans - Information Gathering(cont’d)
• Review Onsite and Off Site Backup Procedures– Can records be created from other sources– Are backups stored offsite– Number of backup generations available both on and off-site– Are there more than one person that has authorization to
retrieve off-site backups?– Data backups are not enough
• Have copies of mission critical application softwarestored off-site
• Have all installation/user keys stored off-site• Have contact information for Vendor/Support stored
offsite– Determine how much downtime you can afford to have
Disaster Recovery Plans - Information Gathering(cont’d)
• Take Inventory– Equipment
• Computer and storage devices (Workstations and Servers)– Annotate the functions and applications that are used on each– Rate each resource as critical or disposable– Critical resources are those that cannot be rebuilt quickly from
new hardware and a backup (app servers, database etc)– Disposable resources are those that can be recreated from
backups and installed disks easily– Focus your attention on plans to recover from failure of only
the critical resources as your first step– Do it this month
• Cell Phones & Contracts• Funding Source Agreements
Disaster Recovery Plans - Information Gathering(cont’d)
• Take Inventory– Update Inventory (Fixed Asset)– Last maintenance date– Serial Numbers– Replacement costs– Insurance– Pictures for insurance– Notes
Disaster Recovery Plans
• Plan Development– Criteria for invoking the plan
• Who decides to implement plan –Implementing plan can be costly
– Roles and Responsibilities• For every member of the organization should
someone not be available• No task is too small to document
– Procedures for operating in contingency mode– Criteria to return to normal operations– Procedures to Return to normal operations
Physical Plant Related Recovery Plan
• Office space• Lights• Heat/ac• Power• Water• Delivery transportation
IT Related Recovery Plans
• Hardware• Power• Internet• Email• Phone Service• Applications (Do you have media and license
keys?)• Data recovery from backup? (Do you have
backups offsite?)• Tech support contact information? (Vendors –
phone number)
People Related Recovery Plan
• Who knows how to contact vendors?• Who knows how to cut payroll checks?• Who knows how to process credit card
payments?• Is there more than one person who can
perform each critical business transaction?• Do you have cell phone numbers to reach
employees/volunteers/Board Members/othercritical people
Assignments and Execution
• What steps need to be taken to restore thisprocess?
• Who has the authority with vendors to do so?• Who has the required knowledge or training?• Is there a backup operator to execute the
plan if the primary is unavailable orunreachable?
• Who can make decision to enact the plan?• Assign roles and communicate expectations
to staff
Preconditions/ Preventative Plans
• What needs to be part of your regularoperating plan to enable your disasterrecovery plans?
• Set these actions in motion as part of yourfinished recovery plan
Never Ending Cycle
Disaster Recovery Plans• Plan Testing
– TEST– TEST– Re-TEST
• Test each business process in your section when finished andat least annually after that!
• Make sure that your interactions with your vendors work asplanned
• Streamline your plan based on your test results
• It is unlikely your plan will work exactly as you have planned it,do not be disappointed and focus on making corrections for thenext test.
Still Not Sure Where to Start?
• Method One– “Follow the Money” planning methodology
• Trace how money flows through your organization• Start with income (donations grants, revenue, etc)• Map where that money goes as expenditures• Document the process flow and include all the systems
used to process the transactions• Method Two
– “Committed Services” planning methodology• Identify services your organization provides (meals,
counseling, etc).• Map how raw materials used in that service become
usable and delivered (groceries, people, transportation).• Document the process flow and include all the systems
used to process the transactions
Decide Criteria for Invoking the Plan
• What is the maximum amount of time aprocess can be unavailable before actionmust be taken
• At what point does the cost of executing theplan become secondary to the outage?
Disaster Recovery Plans
• Review your business processes at least annually• Update the processes for changes in how things work• Plan Maintenance
– Review changes in technology– Review changes in environment– Review changes in procedures– Review changes in staff roles and responsibilities– Update documents– Develop Maintenance triggers and procedures
• Examples:– Did you add new software applications– Add new vendors you rely on?– Are there new processes or services to constituent you need to
protect?
Gosh Where Did I Put That Plan?
• Here in my desk• On 3 duplicate and encrypted USB drives
carried by 3 different key Director teammembers (updated monthly)
• Available on encrypted secure storage onthe internet to select Director teammembers
Backing Up
• Tolerance for data loss
• Backup system
• Verify backup system
Options – Data itself and Processing
• Simplistic Ways– Copy Item to USB Jump Drive– External Hard Drive– Online backup
• More Advance Ways– Cloud Storage– Dedicated Hosted Server– ASP– SaaS
– *** If you still need further explanation on these, let ustalk after this session or we will provide a follow upweb meeting
Tools Available to You
• www.techsoup.org/toolkits/disasterplan• Techsoup Disaster recovery guide (PDF)• Disaster planning: what organizations need to
know to protect their tech (webinar)• Disaster planning backup backup backup
Take Away - Fix Your Backup Strategy
• Find out if you are doing backups at all• Make a list of additional data that needs backing
up• Get a plan in place to backup everything on the
list weekly• Store your backups offsite• Do it this week
Start Talking About the Need for a Full Plan
• Your Executive Director and Board ofDirectors should easily realize the need
• Pass around this presentation foreducation
• Ask for assignment of a projectmanager / owner
• Begin a project plan• Ask for a budget
Take Away
• Outline of a plan we found online thathas been helpful for us develop our owninternal plan
• Should you need assistance infacilitating the completion of the planplease let us know.
Get Connected With The McGovern Consulting Group Today ToLearn About Upcoming Events
Twitter – www.twitter.com/McgovernCG
Facebook – www.facebook.com/McgovernCG
LinkedIn – http://www.linkedin.com/company/mcgovern-consulting-group-llc
YouTube – www..YouTube.com/McGovernCG
SlideShare – www.slideshare.net/mcgoverncg
Blog – www.mcgoverncg.com/blog
CONNECT WITH US
888-876-1544 | www.mcgoverncg.com