How to write an IT DR plan

How to write an IT Disaster Recovery plan

www.databarracks.com | 2www.databarracks.com | 2

DISCLAIMER

These are universal principles, but every

plan is unique


IT DR PLAN VS BUSINESS CONTINUITY PLAN

Poli

cyManagement

IT Infrastructure

BCP

IT Disaster Recovery


IT DR PLAN VS BUSINSESS CONTINUITY PLAN

Business Continuity Planning

IT Disaster Recovery

Business Continuity Planning

IT Disaster

Recovery


HOW TO WRITE AN IT DR PLANSelect the teams and determine responsibility

• Risk register and Matrix1. Risk identification

• Business Impact Analysis (BIA)2. Assess vulnerability to those risks

• Business Impact Analysis (BIA) 3. Determine impact on the business

• Service catalogues and technology dependency mapping

4. Identify critical business functions / IT services

• Putting the capability in place 5. Design & implement mitigation strategies

• Writing the runbook 6. Agree activation plans

• Agree testing, documentation and KPIs 7. Testing

• Keeping the DR plan up to date 8. Ongoing changes and maintenance


SELECTING THE TEAM


1. RISK IDENTIFICATION2. ASSESS VULNERABILITY 3. DETERMINE IMPACTRisk assessment & Business Impact Analysis (BIA)


4. IDENTIFY CRITICAL BUSINESS FUNCTIONS & IT SERVICES• Think services not IT assetsDefining your recovery objectives


5. DESIGN AND IMPLEMENT MITIGATION STRATEGIES

• People• Facilities• Suppliers• Replication and backup

Think beyond technology


6. AGREE ACTIVATION PLANSWriting the runbook


6. AGREE ACTIVATION PLANS

• To fail over, or not to fail over?• When should you ‘invoke’ or

move from Incident Response Team to Crisis Management Team?

Writing the runbook



Name(contact number)









Communication - call-trees, contact card, mass notifications



• Make these plans specific enough that they can be followed but general enough to cover different incidents

Example incidents:

• IT failure• Power failure• Cyber incident

Plan for the incidents you have identified


7. TESTING

• IT failure– SAN failure• Power failure– Kingsway fire• Cyber incident– You’ve been hacked

Example disasters


7. TESTING

Have you tested?

Was it successful?

Did it meet your recovery objectives?

KPIs and Metrics


8. ONGOING CHANGES & MAINTENANCE


IF YOU REMEMBER NOTHING ELSE!

1. Know who is responsible and in charge

2. Have a plan of how to communicate (staff, customers and suppliers)

3. Write the plan (or update the plan)

www.databarracks.com | 19

RESOURCES

• Business Continuity Institute– http://www.thebci.org/

• World Economic Forum Global Risk Report– http://

www.weforum.org/reports/global-risks-report-2015

• London Risk Register– http://

www.london.gov.uk/mayor-assembly/mayor/london-resilience/risks

• Cross-sector Safety and Security Communication– http://www.vocal.co.uk/cssc/

• Environment Agency – flood warnings– http://

apps.environment-agency.gov.uk/flood/31618.aspx

• Business continuity management systems -- Guidelines for business impact analysis (BIA)– http://

www.iso.org/iso/catalogue_detail.htm?csnumber=50054

http://www.thebci.org/

http://www.thebci.org/

http://www.weforum.org/reports/global-risks-report-2015



http://www.london.gov.uk/mayor-assembly/mayor/london-resilience/risks




http://www.vocal.co.uk/cssc/

http://www.vocal.co.uk/cssc/

http://apps.environment-agency.gov.uk/flood/31618.aspx



http://www.iso.org/iso/catalogue_detail.htm?csnumber=50054



Questions?

How to write an IT DR plan

Technology

Transcript of How to write an IT DR plan