Disaster Recovery Plan - Business Continuity Plan Template

ISO 27000 ( formerly ISO 17799 ) - Sarbanes-Oxley - HIPAA - PCI-DSS Compliant

This Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant.  The Disaster Planning Template comes as a Word document and includes:

• Disaster Recovery Plan and Business Continuity Template
• Business and IT Impact Analysis Questionnaire
• Work Plan
• Disaster Planning Audit Program
• Incident (Media) Communication Plan/Policy

Features include:

• Compliance with ISO 27000 ( ISO 27001, ISO 27002, and ISO 27031), Sarbanes-Oxley and HIPAA standards
• Web Site Disaster Recovery Planning Form
• Department Disaster Recovery Activation Workbook
  • Quick Reference Guide
  • Team Alert List (Form)
  • DRP Team Responsibilities
  • DRP Team Checklist
  • Critical Function(s) Definition
  • Normal Business Hour Response Procedures
  • After Hours Response Procedures
  • DRP Location(s) Definition
  • DRP Recovery Procedures
  • Notification Procedures
  • Notification Call List (Form)
• Updated Business and IT Impact Analysis Questionnaire
• Vendor Disaster Recovery Questionnaire
• Vendor Phone List Form Updated
• Key Customer Notification Form
• Critical Resources to be Retrieved Form
• Business Continuity Off-Site Materials Form

The premium edition contains full multi-page job descriptions for:

• Chief Information Officer
• Chief Security Officer
• Chief Compliance Officer
• VP Strategy and Architecture
• Director Disaster Recovery and Business Continuity
• Director e-Commerce
• Director Media Communications
• Manager Disaster Recovery
• Manager Disaster Recovery and Business ContinuityDisaster Recovery Coordinator
• Disaster Recovery - Special Projects Supervisor
• Manager Database
• Capacity Planning Supervisor
• Manager Media Library Support
• Manager Site Management; and
• Pandemic Coordinator

The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement.  The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

• Plan Introduction
• Business Impact Analysis - including a sample impact matrix
• DRP Organization Responsibilities pre and post disaster - drp checklist
• Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
• Recovery Strategy including approach, escalation plan process and decision points
• Disaster Recovery Procedures in a check list format
• Plan Administration Process
• Technical Appendix including definition of necessary phone numbers and contact points
• Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available.
• Work Plan to modify and implement the template.  Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)

There is a extensive section that show how a full test of the DRP can be conducted.  It includes

• Disaster Recovery Manager Responsibilities
• Distribution of the Disaster Recovery Plan
• Maintenance of the Business Impact Analysis
• Training of the Disaster Recovery Team
• Testing of the Disaster Recovery Plan
• Evaluation of the Disaster Recovery Plan Tests
• Maintenance of the Disaster Recovery Plan

Click on the link below to get the DRP/BC sample pages now and make it a part of your disaster recovery toolkit.

Testimonial - Dave Baker - City of Hamilton - I have found the DRP template invaluable!

Testimonial - Bob Rifenbury -MCSE/CCNA Lauch Testing Lab - The DRP Template saved me about 6 months of work!

Testimonial -  Kelly Keeler - Martin's Point Health Care - I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from.  weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!

Testimonial - Juan Stamos - Mexico City Corporation - We had a DRP in place, but needed a more user friendly structure.  The Disaster Recovery Template (Gold edition) has that structure.  It was very easy to quickly move our DRP into Janco's DRP Template -- a real added value.

* Update service is for 12 months unless it is purchased within 30 days of the purchase of the Template.  Janco reserves the right to validate purchase of the customer was made for the template.

 

This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Guide

 

 

 

 

 

Disaster Recovery Planning News

---

DRP versus BCP

Disaster recovery planning is one of the most important jobs of the IT professional. It includes working with upper management and winning the cooperation of all departments to make a working recovery plan. The two main parts are the Business Continuity Plan (BCP) and the Disaster Recovery Plan (DRP). These have to go hand-in-hand procedurally. The BCP focuses more on the schedule and timing of the DRP, so that in the event of a disaster the business can function normally. The three stages of a DRP are Prevent, Detect and Correct.

 

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters.  

 

- more info

---

Disaster Recovery budgets remain stable

A report into business continuity and disaster recovery budgets finds:

• According to a IT budget survey, 32 percent of enterprises had planned to increase spending on business continuity and disaster recovery by at least 5 percent in 2011. The reality is that budgets have stayed constant rather than increased as anticipated.
• Business continuity and disaster recovery budgets in 2011 have been an average of six percent of IT operating and capital budgets.
• The likely culprit in stalled business continuity and disaster recovery spending is the continuing economic uncertainty. Even in the best of economic times, it's difficult to build the business case for an initiative such as business continuity that's primarily about cost avoidance rather than return on investment. In tough economic times, it's almost impossible.

 

- more info

---

Business Continuity Planning

Horizon scanning is essential to avoid surprises in business continuity planning, but identifying the most likely thing to bite you next is tricky.

Looking beyond the imminent plannin risks contained in in every day events the top 3 worries are:

• Supply Chain - Will an economic or political crisis mean disruption to this as a result of protest and civil unrest or even secession from monetary union?
• Severe weather - Most enterprises are geared up for "average" weather. As we see extremes of drought, cold and storm will the strain on the infrastructure become a major cause of business interruptions?
• Social Media - Increasingly organizations believe that these are essential to their businesses, yet they are provided externally, funded through advertising and beyond the control of the organization. How can we provide resilience/continuity for these? Should we?
  

- more info

---

Social media a disaster planning tools

Government agencies are turning to social media technology to manage disasters and improve public safety.

A growing number of agencies are tapping into Facebook and Twitter to monitor events and provide near real-time notifications. And some are now taking social media a step further by communicating internally or sharing information and comments across offices or agencies.

A September Congressional Research Service report, Social Media and Disasters: Current Uses, Future Options, and Policy Considerations, noted that social media already plays an important role in disasters, but the use of the technology for emergency management is growing.

In Fort Worth and Tarrant County in Texas, for instance, a joint emergency operations center has switched on social media tools that improve communication across dozens of agencies and departments throughout the state. Police, firefighters, healthcare providers and others use push-to-talk radio, cellular telephony, and text messaging (including text documents and file sharing) to interact with an IP telephony infrastructure located in a response center. This allows teams to coordinate immediate responses, regardless of the underlying communications technology.

• CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
• Backup and Backup Retention Policy
• Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
• BYOD Access and Use Policy (Includes electronic BYOD Access and Use Agreement Form)
• Incident Communication Plan Policy (Updated to include social networks as a communication path)
• Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
• Mobile Device Access and Use Policy
• Patch Management Policy
• Outsourcing Policy
• Record Management, Retention, and Destruction Policy
• Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
• Service Level Agreement (SLA) Policy Template with Metrics
• Social Networking Policy (includes electronic form)
• Telecommuting Policy (includes 3 electronic forms to help to effecively manage work at home staff)
• Travel and Off-Site Meeting Policy
• IT Infrastructure Forms

- more info

---

Disaster Recovery Business Continuity Basics

The basics of a Disaster Recovery Business Continuity Plan are defined in the Janco Disaster Recovery Business Continuity Template. They are:

• Develop the contingency planning policy statement. A formal department or agency policy provides the authority and guidance necessary to develop an effective contingency plan.
• Conduct the business impact analysis (BIA). The BIA helps to identify and prioritize critical IT systems and components.
• Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
• Develop recovery strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
• Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system.
• Plan testing and training exercises. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.
• Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.

- more info

---

Disaster Planning is Required for Virtual Applications

A number of customers using the Microsoft-hosted Dynamics CRM Online and its Office 365 cloud service were reporting performance problems.
 
One CRM Online customer said problems began in the morning. The @MSCloudUS twitter account acknowledged the Office 365 problems, starting in the afternoon (EST).

The Disaster Planning Template addresses these issues. On the CRM Online front, "performance is slow for most users, to the point that some can’t use CRM at all," one Microsoft CRM user said. His company is based in the U.S., he said, but international users of the system were affected, as well.

A Microsoft spokesperson said, "We were made aware of a few customers experiencing difficulty using their Microsoft Dynamics CRM Online service this morning.  The customer impact was limited to some organizations in North America and has been resolved.  Microsoft takes any downtime seriously, and customers will be reimbursed service charges per the terms of our SLA which guarantees  99.9% uptime."

- more info

---

Disasters impact companies of all sizes

The list of natural and manmade disasters with which businesses have had to contend early in the 21st century is long. Many organizations have felt the devastating effects of the September 11 terrorist attacks, acts of bioterrorism involving anthrax, and bombings in London, Madrid and Bali. The severe acute respiratory syndrome (SARS) outbreak, the South Asian tsunami and Hurricane Katrina also have had costly, far-reaching impacts on businesses.

Disruptions resulting from these and other disasters have rippled across supply chains, shaken entire industries and taken their toll on employee, customer and partner relations. Not surprisingly, organizations of all types and sizes are making crisis preparedness and response a key focus of their business continuity planning. Chances are, your organization is taking a proactive approach and continually looking at ways to minimize the impact that potential crises can have on your business processes and technology systems. Yet, even though your company's business continuity plan most likely serves to protect your company's physical assets, such as its data, network(s), core business applications and facilities, how well does it address the human side of disasters?

         

- more info

---

Weather and climate disasters impact the South East the most

Disaster Recovery and Business Continuity plans need to consider natural weather and events. The effects that natural events have on the environment directly and indirectly may be harmful to people. Forest fires and volcanoes harm air quality. Hurricanes and floods can contaminate water supplies and damage wastewater facilities. Any of these can spread contaminated materials into the environment.
Weather Disasters.

2011 went into the books as a year of environmental disasters on an unprecedented global scale that have affected the lives and livelihoods of billions of people. The United States alone set a record with 12 separate billion-dollar weather/climate disasters in 2011, with an aggregate damage total of approximately $52 billion, according to the National Oceanic and Atmospheric Administration. Thus, data backup and recovery has become a hot topic among IT managers.

 

- more info

---

Major Disaster Recovery Failure with an Outsource Provider

Virginia's Department of Motor Vehicles along with 25 other state agencies  hasn't been able to process requests for licenses and ID cards. These systems are supposed to be up and running six days after the outages started to appear.Northrop Grumman  manages Virginia's IT infrastructure under a $2.3 billion IT services contract.

The Virginia Information Technologies Agency (VITA) said in a statement that teams have been working throughout the weekend to restore data. In a nutshell, the IT infrastructure of the state of Virginia was reportedly crushed by an EMC storage area network failure. The Richmond Times-Dispatch reports that several systems are still down. The same paper said that Northrop Grumman will have to pay a fine for the failure. And the real kicker is that recently revised its contract with Northrop Grumman and extended the deal for three years. The state paid an additional $236 million for better service from Northrop Grumman.

Highlights of the Revised Contract - Operational Efficiencies

• Consolidates and strengthens Performance Level Standards with a 15% increase in penalties across the board if Northrop Grumman fails to perform on clearly identified and measured performance standards. - PAY-UP 
• Improves Incident Response teams to determine technology failures and expedite repair - FAILED
• Institutes clear performance measurements for Northrop Grumman that agencies can easily track - FAILED
• Adds new services to contract such as improved disaster recovery and enhanced security features - FAILED

Among the key parts of the VITA statement:

Successful repair to the storage system hardware is complete, and all but three or possibly four agencies out of the 26 agency systems have been restored. Agencies continue to perform verification testing.

Progress continues, but work is not yet complete for the three or four agencies that have some of the largest and most complex databases. These databases make the restoration process extremely time consuming. The unfortunate result is the agencies will not be able to process some customer transactions until additional testing and validation are complete.

According to the manufacturer of the storage system (EMC), the events that led to the outage appear to be unprecedented. The manufacturer reports that the system and its underlying technology have an exemplary history of reliability, industry-leading data availability of more than 99.999% and no similar failure in one billion hours of run time.

The outage was blamed on the failure of two circuit boards installed and maintained by EMC. It is a big disconcerting that two circuit boards can bring down a state’s IT infrastructure for nearly a week.

Among the things that don't add up in the Virginia IT outage:

• Why wouldn't these boards be replaced quickly?
• Why was there a single point of failure?
• Service was restored for 16 agencies, but 10 require a lengthy restoration of data. Where was the disaster planning? After all, Northrop Grumman touted its disaster recovery for the state just two years ago.
• Where did the IT management fail?

- more info

---

Tools for Disaster Recovery planing

When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing field. Safe recovery distances can also mean painfully slow replication and backup across the WAN in addition to the costs to accomplish this.

Janco's "Disaster Recovery and Business Continuity Template" leads the way to implementation of the latest disaster recovery technologies and cost savings strategies. Enterprise of all sizes can build a functional disaster recovery plan with this tool and make your own disaster recovery efforts more efficient.

- more info