Disaster Recovery Plan - Business Continuity Plan Template

ISO 27000 ( formerly ISO 17799 ) - Sarbanes-Oxley - HIPAA - PCI-DSS Compliant

Data center and information systems infrastructure are the backbone enabler's of most companies’ critical business processes. When organizations experience a major disaster or disruption, ensuring operational continuity for critical business processes requires that IT and electronic data be recovered in a timely manner.

The IT Disaster Recovery Business Continuity Template delivers a proven solution designed to protect and, if necessary, relocate critical information systems to alternate data center facilities. The Disaster Recovery Business Continuity Template does this by employing a comprehensive strategic and tactical planning approach that aligns recovery solutions with key business requirements and tolerances for disruption. The Disaster Recovery Business Continuity Template also delivers an actionable recovery plans that will direct your staff to respond to events beginning from the point of an initial data center disruption through alternate site relocation, operational recovery and return to your home facilities.

The Disaster Recovery Business Continuity Template has helped hundreds of organizations across a broad spectrum of industries in the creation of actionable Disaster Recovery and Business Continuity plan.

This Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The Disaster Planning Template comes as a Word document and includes:

Disaster Recovery Plan and Business Continuity Template
Business and IT Impact Analysis Questionnaire
Work Plan
Disaster Planning Audit Program

New are:

Compliance with ISO 27000 ( ISO 27001 and ISO 27002), Sarbanes-Oxley and HIPAA standards
Web Site Disaster Recovery Planning Form
Department Disaster Recovery Activation Workbook
- Quick Reference Guide
- Team Alert List (Form)
- DRP Team Responsibilities
- DRP Team Checklist
- Critical Function(s) Definition
- Normal Business Hour Response Procedures
- After Hours Response Procedures
- DRP Location(s) Definition
- DRP Recovery Procedures
- Notification Procedures
- Notification Call List (Form)
Updated Business and IT Impact Analysis Questionnaire
Vendor Disaster Recovery Questionnaire
Vendor Phone List Form Updated
Key Customer Notification Form
Critical Resources to be Retrieved Form
Business Continuity Off-Site Materials Form

The premium edition contains 14 full job descriptions. They are:

Chief Information Officer
Chief Security Officer
Chief Compliance Officer
VP Strategy and Architecture
Director Disaster Recovery and Business Continuity
Director e-Commerce
Manager Disaster Recovery
Manager Disaster Recovery and Business Continuity
Disaster Recovery Coordinator
Disaster Recovery - Special Projects Supervisor
Manager Database
Capacity Planning Supervisor
Manager Media Library Support
Manager Site Management

The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

Plan Introduction
Business Impact Analysis - including a sample impact matrix
DRP Organization Responsibilities pre and post disaster - drp checklist
Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
Recovery Strategy including approach, escalation plan process and decision points
Disaster Recovery Procedures in a check list format
Plan Administration Process
Technical Appendix including definition of necessary phone numbers and contact points
Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available.
Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)

There is a extensive section that show how a full test of the DRP can be conducted. It includes

Disaster Recovery Manager Responsibilities
Distribution of the Disaster Recovery Plan
Maintenance of the Business Impact Analysis
Training of the Disaster Recovery Team
Testing of the Disaster Recovery Plan
Evaluation of the Disaster Recovery Plan Tests
Maintenance of the Disaster Recovery Plan

Click on the link below to get the DRP/BC sample pages now and make it a part of your disaster recovery toolkit.

Testimonial - Dave Baker - City of Hamilton - I have found the DRP template invaluable!

Testimonial - Bob Rifenbury -MCSE/CCNA Launch Testing Lab - The DRP Template saved me about 6 months of work!

Testimonial - Kelly Keeler - Martin's Point Health Care - I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from. weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!

Testimonial - Juan Stamos - Mexico City Corporation - We had a DRP in place, but needed a more user friendly structure. The Disaster Recovery Template (Gold edition) has that structure. It was very easy to quickly move our DRP into Janco's DRP Template -- a real added value.

* Update service is for 12 months unless it is purchased within 30 days of the purchase of the Template. Janco reserves the right to validate purchase of the customer was made for the template.

This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Guide

Learn more about Data Destruction

Disaster Recovery Business Continuity News

Disaster Recovery Business Continuity for Remote Offices

Data residing outside the data center at remote and branch offices (ROBOs) accounts for a significant portion of an enterprise's information store, yet it often either is protected with inefficient backup processes or is not protected at all -- leaving companies at risk on many fronts.

In a recent research report, high priority projects for ROBOs included improving information security measures; ensuring compliance with government, industry or corporate governance mandates; and improving Disaster Recovery Business Continuity processes.
- more info

DRP and Security Plans key to compliance

Preparing for a disaster requires detailed planning, preparation and testing. Knowing what IT assets need to be recovered, where to recover them and how to recover them are the essence of IT Disaster Recovery. The most difficult challenge is mapping the prioritized business requirements to the IT assets so that recovery can be staged. The recovery strategy then evolves based on the available options which support the required recovery objectives. The resulting Disaster Recovery plans contain all of the information detailing where to go, who is to do what and the information required to rebuild servers, restore applications and data as well as restart and synchronization procedures. - more info

DRP Template

If you are new to recovery planning, make sure that you research the subject thoroughly before embarking on a disaster recovery project. Consider engaging a consultant (internal or external to your organization) to help you in your project planning effort. Disaster recovery planning is not a two-month project, neither is it a project that once completed, you can forget about. An effective recovery plan is a live recovery plan. The plan must be maintained current and tested/exercised regularly.

The primary objective of a Business Resumption Plan is to enable an organization to survive a disaster and to reestablish normal business operations. In order to survive, the organization must assure that critical operations can resume normal processing within a reasonable time frame. Therefore, the goals of the Business Resumption Plan should be to:

Identify weaknesses and implement a disaster prevention program;

minimize the duration of a serious disruption to business operations;

facilitate effective co-ordination of recovery tasks; and

reduce the complexity of the recovery effort.
- more info

Why is diaster and business continuity planning important

Federal, State and Local Governments are chartered to mitigate and control the event, provide life and safety measures, and then restore infrastructures. The Red Cross provides emergency relief in the form of food, health and shelter. If insured, an insurance company will settle damage claims and provide monetary relief. However, none of these organizations will, or can, recover your business. Your companys recovery is strictly up to you, and it commences with a solid business continuity/disaster recovery plan.

Should your company experience a disaster, the first 72 hours following the incident will be the most critical in your recovery efforts. How you respond during that period will determine if your business will survive or not. Furthermore, the most important hour is the one immediately following the event. If ever required, your Business continuity plan will enable you to respond in a systematic and organized fashion. It will guide your organization, step-by-step, from responding to the actual event all the way through to full occupancy of your repaired facility.
- more info

Simple Disaster Planning Activities

Creating a disaster recovery plan is a complex task; however there are a number of basic steps that you can follow to start thre process

Prepare your systems, processes, and people for an organized response to disaster when it strikes.

Identify critical IT systems and develop a long-range strategy.

Select and train your disaster recovery team.

Conduct a Business Impact Analysis.

Determine risks to your business from natural or human-made causes.

Get management support.

Create appropriate plan documents.

Test your plan.
- more info

Disaster Plan & Business Continuity Infrastructure

The key technology elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP) infrastructure are the primary data center, a remote site that duplicates the resources in that primary location and the method used to get files (master and transaction) between the two sites - such as high-bandwidth network connections. The best DRP/BCP strategies follow a "redundant every-thing" philosophy throughout the data center. Multiple mainframes and servers should run in the production and backup data facilities. Then, if a component in the production system encounters problems, it immediately fails over to the local backup as a first line of defense.

Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.

- more info

White House email system down for a day

High tech White House falls down when its email disaster plan does not work.

The White House Press Secretary Robert Gibbs announced at a 1:45 p.m. press briefing that he was unable to send out the customary week-ahead memo as the White House e-mail system was "not working so well." D.C. reporters got their next e-mail from the White House around 8:30 the following morning indicating that the outage lasted most of a day.
- more info

How to calculate the cost of downtime

One overlooked truth is that downtime costs accelerate in a non-linear fashion every hour. If a system fails for five minutes, the costs are fairly low because manual methods (paper and pencil) of making records or communicating by telephone instead of e-mails can suffice to conduct business. Over an extended period, however, the volume of work overwhelms the manual processes. Yet some businesses - such as Amazon or e-Bay - cannot run at all on manual processes. Business and financial operations increasingly deteriorate, and the rate of dollar losses grows - sometimes to the point of fatally damaging the business.

In addition, when assessing the financial impact of downtime, you need to consider factors such as potential lost revenue, reductions in worker productivity, and damaged market reputation. In some cases, downtime can even reduce shareholder confidence, which can create unnecessary and unplanned costs. Financial analysts and accountants at your company can help you come up with the factors at your company that are affected by downtime and contribute to its costs.
- more info

Disaster Planning Considerations

Many enterprises have taken a segmented approach to Business Continuity and Availability, adding point technology and reactive services to address disaster recovery. This approach can be very complex, time-consuming and costly. The task becomes much easier when a single vendor takes responsibility for architecting, implementing, testing and supporting the solution.

There is an increase in the number of companies and organizations requiring 24 x 365 days of IT uptime. In fact, ESG research indicates that 36% of enterprises indicate they will incur significant revenue loss or other adverse business impact if they have even an hour or less of downtime on their mission-critical applications. Almost 15% indicate they cannot tolerate any downtime.1 In the past, this type of business demand was only consigned to a relatively small group. However, many more organizations of all sizes, in all industries and located across the globe, now require applications to be running and data to be always available. The needs of these organizations go far beyond simply recovery, requiring an environment that maintains business continuity during and immediately after a disaster. To make it more interesting, the number and types of applications that require this level of protection is very diverse.
- more info

Many Businesses Fail After a Disaster

Businesses' reliance on IT systems and digital data has never been greater. The 2007 Best's Underwriting Guide found that only 6% of companies that suffer catastrophic data loss survive while 43% never reopen and 51% close within 2 years of the disaster. Best's Underwriting Guide 2007 also found that 93% of the companies that did not have their data backed up in the event of a disaster went out of business. An analysis of SMBs' prioritization of disaster recovery, backup and high availability for 2008 shows that businesses understand the risks to their business and the value of protection. However, many organizations still think that backup is a sufficient disaster recovery plan. However, mid-sized enterprises are at the most risk to disaster and are more likely to rely strictly on backup as a disaster recovery plan.

The needs and resources of mid-market firms are unique. Midsized companies must work with limited finances infrastructure and human resources. Robust disaster recovery used to be affordable and manageable only by large enterprises. Mid-sized enterprises relied more on backup than on a formal disaster recovery plan. As businesses' reliance on IT has grown, backup has increasingly shown its weaknesses. However, the introduction and maturation of several key technologies, such as virtualization, have brought affordable and easily implementable Disaster Recovery and Business Continuity to small and mid-sized companies. SMBs do not always equate virtualization with Disaster Recovery and Business Continuity because awareness of the many virtualization applications is just starting to grow.
- more info