Developing an Effective Disaster Recovery Plan

Similar documents
Business Continuity & Disaster Recovery

Mock Disaster Exercises How to Test True Capability

Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Protecting Information Assets - Unit #9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Operational Resiliency for a Virtualized Environment

Is Your H/A Truly High Availability. Richard Dolewski

Enabling a Comprehensive Platform for BCMP that integrates People, Process and Technology

SERVICE DESCRIPTION DISASTER RECOVERY AS A SERVICE

Disaster Recovery Service Guide

RFP Sections 5-8

Unitrends Installation

Services Guide April The following is a description of the services offered by PriorIT Consulting, LLC.

Introduction WHITE PAPER. 10 Guidelines for Preparing to Set Up a Paperless Office and the Benefits a Paperless Office Brings to your Business

An introduction to business continuity planning

Citi Institutional Clients Group - Business Continuity Management

EBOOK. BUILD VS. BUY: Calculate the TCO of BDR

Sanovi DRM for VMware SRM. Technical Brief

Implementing Microsoft Azure Infrastructure Solutions

SunGard: Cloud Provider Capabilities

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions

Right Start Remote Implementation (RIS) of a DL4300 Backup & Recovery Appliance

White Paper. Managed IT Services as a Business Solution

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT

The Outsourced IT Hiring Guide

Discovering the TAC 202 Information Security Standard

Application Migration to Cloud Best Practices Guide

Data Protection and Management of Virtualized Infrastructure. Raymond Goh Senior Systems Engineer Asia Region

REVISED 5 NOVEMBER 2018 SERVICE DEFINITIONS

AKTIVOV Asset Management System

COURSE OUTLINE: Course 20533C- Implementing Microsoft Azure Infrastructure Solutions

Simplify SAP operations. FUJITSU Integrated System PRIMEFLEX for SAP Landscapes

Medidata Clinical Cloud (MCC) Validation

20533: Implementing Microsoft Azure Infrastructure Solutions

Advanced Quick Start Service. AvePoint Statement of Work

FGFOA Workday HR/FM ERP in the Cloud. Brian Battles Deputy CFO, City of Orlando. February 23, 2017

Cloud Failover Appliance

Compunnel Digital CLOUD MIGRATION

Top 10 pitfalls to avoid when re-inventing your disaster recovery program

REPLICATION, BACKUP AND RECOVERY

ESCAPE ALL LIMITATIONS. How to Capture a Bigger Share of. Strong Data Protection for Microsoft Server 2012: Unitrends Enterprise Backup

Implementing Microsoft Azure Infrastructure Solutions

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

How to Choose a Managed Services Provider

Tabletop Exercises. for Cybersecurity. Maintaining a healthy incident response. White Paper. By Michael Everett, Security Analyst

(ISC)2 CISSP EXAM BUNDLE

What are the key considerations for choosing cloud or on-premise budgeting software? How to determine what's the best for your organization.

Always On: Unitrends DRaaS Disaster Recovery Services

Outsourcing for Success. Moving from In-house to an FIS Outsourced Solution

Cloud Inevitability? Alternative Considerations

Executive Presentation on using Management Dashboards to support the processes of Infrastructure, Production, Compliance, and Recovery Certification

Building a Standard for Business Continuity Planning

Yale University Business Continuity Planning Quick Start Guide

Disaster Recovery Strategies for the BlackBerry Enterprise Solution

Implementing Microsoft Azure Infrastructure Solutions (MS 20533)

Business Continuity and Disaster Recovery Overview

What s the Weakest Link in DR plans? Canadian companies confess their shortcomings

Course 20533C Implementing Microsoft Azure Infrastructure Solutions

About Us. Under one roof. Why work with us? The A (to Z) team. Awards & associations

Disaster Recovery as a Service (DRaaS) How innovation in the Cloud enables disaster recovery at minimal costs

The ABCs of BDR: A Primary on the Essentials of Backup and Disaster Recovery

Disaster Recovery Planning

Introducing ISO 22301

WorkiQ Resource Requirements

Application Performance Management Advanced for Software as a Service

Proven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations

Equipping You For Success

Microsoft FastTrack For Azure Service Level Description

The Evolution of Data Protection

REQUEST FOR PROPOSAL (RFP)

Business Management System Evaluation Checklist

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

CEI Vendor Exit Strategy

BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING. Marci McCloskey, CISA, ABCP Toan Nguyen, CIA, ABCP

ADVANCES IN DOCUMENT MANAGEMENT TECHNOLOGY FOR HUMAN RESOURCES WHITE PAPER

Enterprise-wide Business Continuity and Disaster Recovery Planning. Presented by Kelley Okolita

Understanding Return On Investment (ROI) and Total Cost of Ownership (TCO) for Machine Translation

BCM Lite a quick and easy guide to BCM for beginners and/or small businesses

Case Study: Eurostar

HP Data Replication Solution Service for HP 3PAR Remote Copy

A Guide to Business Continuity

City of Saskatoon Business Continuity Internal Audit Report

Infor Cloverleaf Integration Suite

Oracle Systems Optimization Support

FGFOA 2017 Focus on the Future

Finally, Affordable Enterprise-Grade Disaster Recovery Using the Cloud

HP Data Replication Solution Service for 3PAR Virtual Copy

Tier I assesses an institution's process for identifying and managing risks. Tier II provides additional verification where risk is eviden

Oracle Systems Optimization Support

BUSINESS CONTINUITY PLANNING WORKPROGRAM

NEWSCYCLE Operational Services Marcel Badowski

Case Study BONUS CHAPTER 2

Meet Our Presenter. Equipping You For Success: An ISO Certification Case Study

SERVICE DESCRIPTION MANAGED PRIVATE CLOUD

Information Technology Analysis Hydro-Quebec Management Presentation. October 30th 2004

RELIABLEIT. How to Choose a Managed Services Provider. Finding Peace of Mind

Breaking Out of the Security Metrics Matrix: Steps in the Right Direction

PDSA Special Report. Why Move to the Cloud

Notice is hereby given of the following changes to the above-referenced SOLICITAITON:

Transcription:

Developing an Effective Disaster Recovery Plan We will figure it out! or What is the point, anyway? January 2017 1

MHA CONSULTING, INC. KEY FACTS A 17-year proven track record of applying industry standards and best practices across a diverse pedigree of clients. 17 Years in operation. 15 Average years industry experience. CAPABLE Comprehensive suite of services. GLOBAL Diverse, global client base. SAAS Compliance and risk tools. A simple mission: Ensure the continuous operations of our client s critical processes. SENIOR LEADER Richard Long Practice Leader Phoenix, Arizona www.mha-it.com Services include Business Continuity, Crisis Management, Disaster Recovery, IT Best Practices and Physical Security. SaaS tools include BCM Compliance and Residual Risk. 2

DIVERSE, GLOBAL CLIENT BASE SERVICES HEALTHCARE EDUCATION FINANCIAL INSTITUTIONS CONSUMER PRODUCTS INSURANCE TRAVEL & ENTERTAINMENT GOVERNMENT/UTILITY 3

COMPREHENSIVE SOLUTIONS PRACTICES ASSESS THE CURRENT ENVIRONMENT RECOVERY STRATEGIES/ SOLUTIONS RESPONSE & RECOVERY PLANS EXERCISES MAINTAIN & IMPROVE Current State Assessment Business Impact Analysis Business Recovery Strategies Data Center Recovery Strategies Crisis Management Business Recovery IT Disaster Recovery Training & Awareness Mock Disaster Exercises Update Recovery Plans Update Current State Assessment Threat & Risk Assessment BCMMETRICS TM Compliance Confidence (C2) Plan Functional Walkthroughs Alternate Worksite Exercises Update Business Impact Analysis & Threat Assessment BCMMETRICS TM Residual Risk (R2) 4

THE CLASS DEVELOP AN EFFECTIVE DISASTER RECOVERY PLAN PROVIDE USABLE & EFFICIENT INFORMATION AND INSTRUCTIONS Why plans and documentation are necessary. Strategies to develop the documentation. Integration with Business Continuity Plans. For accurate and reliable recovery of technology: Necessary content. Organization of the content. Exercise options and strategies. Keeping the documentation relevant. 5

THE BIG PICTURE Risk Maturity Compliance Resilience Readiness 6

DEFINITIONS RECOVERY TIME OBJECTIVE VS. ACTUAL TIME TO RECOVER ENVIRONMENT RECOVERY POINT OBJECTIVE VS. ACTUAL ACCEPTABLE DATA LOSS Recovery Time Objective Desired state business requirements. Recovery Time Actual Current capability provided by IT. Recovery Point Objective Desired state business requirements. Recovery Point Actual Current capability provided by IT. 7

DISASTER RECOVERY PLAN WHAT IS A DISASTER RECOVERY PLAN? All the necessary information to effectively recover the technical environment to support business functions during an outage event. There are typically multiple plans associated with disaster recovery. Consider the disaster recovery plan as the overall strategy and high-level order of system, technology and application recovery. Often, each technology or environment will have an individual technical recovery plan. Both the high level and individual plans should be formal and reviewed documents. Regular (annual) updates are recommended. Upon significant changes to the environment, the plan should be updated as part of the production implementation. 8

WHY RECOVERY PLANS? WHY SPEND TIME DEVELOPING PLANS? DR is dead most of our apps are in the cloud. Our technology team knows what to do. We will figure it out. Recovery is automated/scripted. We really only click a few buttons. 9

WHY RECOVERY PLANS? DR IS DEAD Most events are self-inflicted (recent airline outages). Unanticipated events not natural disasters. Customers will NOT understand. 10

WHY RECOVERY PLANS? THE TEAM WILL KNOW HOW TO EXECUTE People are good at what they do every day. You don t recover every day. They will be tired or trying to perform multiple recoveries. You may be using secondary resources or contractors. 11

WHY RECOVERY PLANS? WE WILL FIGURE IT OUT True, but that will take time. Your strategy to meet RTO/RPO is mostly likely based on best case. There will be unexpected issues even in best case. Often the actual recovery time does not meet the RTO. Time is almost always a limiting factor. Often the recovery environment is not completely in sync with production. 12

DEVELOPMENT STRATEGIES HOW TO DEVELOP PLANS? Use current documentation. Leverage production changes (implementations or new functionality testing). Document during exercises. Phased approach start high level, then develop detail. 13

DEVELOPMENT STRATEGIES USE EXISTING TASKS WHEN DEVELOPING PLANS Production Implementations/Changes: Modify any documentation used for production implementations or testing related to changes in environments as a basis for recovery or validation tasks. Architecture or systems overviews may be available as well. Technology Testing/Validation: These will often have relevant tasks or environment information which should be included in the documentation. Environment-specific tasks based on the implemented architecture are often found during these tests. DR Tests: As time has been allocated to perform the testing, use this time to take screens shots, note specific tasks and exceptions. Even if plans have been developed, this is where functional information will be identified. Current Documentation: Review and either update or reference current documentation. This is especially useful for architecture, server and storage details, as well as personnel responsibilities and contact information. 14

RELEVANT CONTENT WHAT CONTENT SHOULD BE INCLUDED? Institutional information. Technology or environment-specific information. Exceptions. Integration between systems. Special configuration or settings. Validation steps (more than just the tools shows green ). Architecture information as a reference. Personnel needed. 15

RELEVANT CONTENT THINK IN TERMS OF CONTENT FOR ACTUAL EVENTS Often documentation is based on testing and not what will occur in a real event. Include all necessary servers, storage, technologies (e.g., load balancers, all remote access environments). Third party dependencies. Integration/communication between recovery sites. 16

RELEVANT CONTENT INCLUDE SPECIFIC INSTITUTIONAL & TECHNOLOGY INFORMATION Specific settings or needs based on your organization s requirements e.g., security settings which may be more restrictive, naming conventions that may be confusing, shared environments (DB/App). Technology states e.g., storage use which may raise concerns, special server settings, non-standard use of technology. Supporting technologies that are critical to recovery (authentication, load balancing). Manual steps due to non-critical administrative tools. Exceptions to processes or processing: Changes in backups, performance, availability. 17

RELEVANT CONTENT VALIDATION STEPS List the condition of the technologies in detail: Expected memory, CPU, storage. Number of servers per VM host. Services or processes which should be running. Connectivity. Do NOT assume just because an environment is up everything is correct. 15 30 minutes of time spent verifying expected states will save hours of troubleshooting and frustration by non- IT personnel. 18

RELEVANT CONTENT INTEGRATION What are the integration technologies? File-based, API, DB connections. FTP, VPN, direct. Timing of data movement. Data synchronization state. Steps to rerun or update data to ensure systems are in sync. Third party connections. Communication steps or milestones based on dependencies. 19

RELEVANT CONTENT ORGANIZATION HOW SHOULD CONTENT BE ORGANIZED? Actionable content at the beginning of the document. Checklist based limit narrative. Reference and audit information in appendices. Architecture information in appendices. 20

RELEVANT CONTENT - EXAMPLE PLAN TABLE OF CONTENTS Table of Contents I. PLAN OVERVIEW A. System / Application Description B. Recovery Strategy II. ENVIRONMENTAL AND INFRASTRUCTURE RESTORATION A. Environmental Recovery Action Tasks B. Operating System Restore/Recovery Procedures or Scripts III. FUNCTIONAL RESTORATION A. Functional Recovery Action Tasks and Dependencies B. Data Base Restore/Recovery Procedures or Scripts C. Application Restore/Recovery Procedures or Scripts IV. DATA RECOVERY/SYNCHRONIZATION AND BUSINESS VALIDATION A. Data Recovery/Synchronization Action Tasks B. Data Recovery/Synchronization Procedures or Scripts C. Business Validation Tasks D. Business Validation Procedures and Scripts V. RESUME PROCESSING A. Action Tasks B. Post Turnover Tasks C. Deviations to Normal Operating Procedures VII. RETURN TO PRIMARY SITE A. Approach for Returning to Normal Business Locations VIII. APPENDICES INFORMATION IN SECTIONS BELOW MAY IN LINKS TO OTHER DOCUMENTS A. Plan Information B. Recovery Team Member Roles and Skill List C. Offsite Storage Information D. Backup and/or Replicated Information E. Hardware Mapping Between Primary and Failover Site F. Hardware/Software Primary Site Configurations and Requirements G. Hardware/Software Failover Site Configurations & Requirements H. Department Work Requirements (Forms/Documentation/Workstations) I. Critical Functions and Inputs/Outputs/Dependencies J. Recovery Timeline and Plan Assumptions 21

INTEGRATION WITH BUSINESS CONTINUITY PLANS CHECK YOUR BUSINESS CONTINUITY PLANS FOR RELEVANT INFORMATION Access methods to environment(s). Number of individuals who will access over time (each day or over the course of the event). Changes to business processes. Technology that needs to be recovered that may not be included in the IT DR listing: Security keys. Remote access requirements (Citrix, RDP or department specific). Shadow IT-based technologies or apps. 22

ADDITIONAL THOUGHTS OTHER RELEVANT DR TECHNICAL RECOVERY PLAN THOUGHTS More frequent tests with individual or several environments. Secondary resource execution with primary resource not available. Tabletop plan review with secondary resources to review documentation. Plan review as part of change control. Include plan review as milestone in production change or implementation project plans. 23

SO, WHAT ARE THE NEXT STEPS? WHAT DO WE DO NOW? HOW DO WE START OR CONTINUE? AREAS TO REVIEW WHERE TO PRIORITIZE Prioritize development based on environment criticality. Develop recovery tasks, then validation tasks. Environments that do not have documentation. Base infrastructure (server, VM, network, authentication). Integrations. Technology gaps. Resource constrained areas. SaaS/IaaS environments. Validate recovery strategy. 24

FINAL THOUGHTS THINGS TO THINK ABOUT Consider your organization and where you can leverage time and content for documentation rather than adding an additional task. Prioritize the content based on the important information. Develop a high-level run book based on technology dependencies, application dependencies, RTOs and potential resource constraints. Checklist-based with reference to current documentation. Limit duplicate copies of information/data. Perfect is the enemy of the good. Something is better than nothing. Focus on the outcome, become target focused, and concentrate on the ability to successfully recover. 25

FINAL THOUGHTS 26

SUMMARY Documentation is important due to unforeseen circumstances, potential staffing issues, recovery time requirements, etc. Use current documentation, technology validation tests, implementations, etc. Include proprietary information, environment-specific information. Actionable information at the front of the documentation, informational, audit data in appendices. Reference Business Continuity information in the plans in summary. 27

UPCOMING WEBINARS CALCULATING BCM ROI, Michael Herrera WEDNESDAY MARCH 8, 2017 AT 11:00 A.M. PST 28

Richard Long MHA Consulting, Inc. long@mha-it.com www.mha-it.com Office: (888) 689-2290 Mobile: (602) 370-1864 29

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback