Disaster Recovery Plan - Business Continuity Plan Template
ISO 27000 ( formerly ISO 17799 ) - Sarbanes-Oxley - HIPAA - PCI-DSS Compliant
Data center and information systems infrastructure are the backbone enabler's of most companies’ critical business processes. When organizations experience a major disaster or disruption, ensuring operational continuity for critical business processes requires that IT and electronic data be recovered in a timely manner.
The IT Disaster Recovery Business Continuity Template delivers a proven solution designed to protect and, if necessary, relocate critical information systems to alternate data center facilities. The Disaster Recovery Business Continuity Template does this by employing a comprehensive strategic and tactical planning approach that aligns recovery solutions with key business requirements and tolerances for disruption. The Disaster Recovery Business Continuity Template also delivers an actionable recovery plans that will direct your staff to respond to events beginning from the point of an initial data center disruption through alternate site relocation, operational recovery and return to your home facilities.
The Disaster Recovery Business Continuity Template has helped hundreds of organizations across a broad spectrum of industries in the creation of actionable Disaster Recovery and Business Continuity plan. 
This Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The Disaster Planning Template comes as a Word document and includes:
- Disaster Recovery Plan and Business Continuity Template
- Business and IT Impact Analysis Questionnaire
- Work Plan
- Disaster Planning Audit Program
- Incident (Media) Communication Plan/Policy
Features include:
Compliance with ISO 27000 ( ISO 27001, ISO 27002, and ISO 27031), Sarbanes-Oxley and HIPAA standards - Web Site Disaster Recovery Planning Form
- Department Disaster Recovery Activation Workbook
- Quick Reference Guide
- Team Alert List (Form)
- DRP Team Responsibilities
- DRP Team Checklist
- Critical Function(s) Definition
- Normal Business Hour Response Procedures
- After Hours Response Procedures
- DRP Location(s) Definition
- DRP Recovery Procedures
- Notification Procedures
- Notification Call List (Form)
- Updated Business and IT Impact Analysis Questionnaire
- Vendor Disaster Recovery Questionnaire
- Vendor Phone List Form Updated
- Key Customer Notification Form
- Critical Resources to be Retrieved Form
- Business Continuity Off-Site Materials Form
- Chief Information Officer
- Chief Security Officer
- Chief Compliance Officer
- VP Strategy and Architecture
- Director Disaster Recovery and Business Continuity
- Director e-Commerce
- Director Media Communications
- Manager Disaster Recovery
- Manager Disaster Recovery and Business ContinuityDisaster Recovery Coordinator
- Disaster Recovery - Special Projects Supervisor
- Manager Database
- Capacity Planning Supervisor
- Manager Media Library Support
- Manager Site Management; and
- Pandemic Coordinator
The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:
- Plan Introduction
- Business Impact Analysis - including a sample impact matrix
- DRP Organization Responsibilities pre and post disaster - drp checklist
- Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
- Recovery Strategy including approach, escalation plan process and decision points
- Disaster Recovery Procedures in a check list format
- Plan Administration Process
- Technical Appendix including definition of necessary phone numbers and contact points
- Job Description for Disaster Recovery Manager (3 pages long) - entire disaster recovery team job descriptions are available.
- Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)
- Disaster Recovery Manager Responsibilities
- Distribution of the Disaster Recovery Plan
- Maintenance of the Business Impact Analysis
- Training of the Disaster Recovery Team
- Testing of the Disaster Recovery Plan
- Evaluation of the Disaster Recovery Plan Tests
- Maintenance of the Disaster Recovery Plan
Click on the link below to get the DRP/BC sample pages now and make it a part of your disaster recovery toolkit.
Testimonial - Dave Baker - City of Hamilton - I have found the DRP template invaluable!
Testimonial - Bob Rifenbury -MCSE/CCNA Launch Testing Lab - The DRP Template saved me about 6 months of work!
Testimonial - Kelly Keeler - Martin's Point Health Care - I have received and I began using the template immediately. IT IS GREAT! Made this process a snap for me. Cut my documentation time down from. weeks to hours! This document has made, what began to be an overwhelming process turn into a snap!
Testimonial - Juan Stamos - Mexico City Corporation - We had a DRP in place, but needed a more user friendly structure. The Disaster Recovery Template (Gold edition) has that structure. It was very easy to quickly move our DRP into Janco's DRP Template -- a real added value.
* Update service is for 12 months unless it is purchased within 30 days of the purchase of the Template. Janco reserves the right to validate purchase of the customer was made for the template.
This template is not for resale or re-distribution - Disaster Recovery Planning Template Disaster Recovery Guide
Learn more about Data Destruction
Disaster Recovery Business Continuity News
Can you use the cloud for Disaster Recovery and Business Continuity?
In December 2010 Google launched Message Continuity, a new cloud-based disaster recovery and business continuity service for Microsoft Exchange. A year later, Google has announced the end of that service, leaving many organizations with the task of finding an alternative Microsoft Exchange business continuity service.
While the vendor said that existing contracts will continue to be serviced until their renewal date, for some early adopters of this service will only have a few weeks, or even days, to find an alternative solution.
This raises a warning flag about the wisdom of relying on the public cloud companies for any services which may be critical to your day-to-day activities; or for business continuity.
The cloud brings many new solutions for disaster recovery and business continuity: but buyer beware has never been more crucial. Service level agreements only apply if your supplier is in business; and there is certainly no requirement for suppliers to provide any support or service once a contract expires.
After this termination of service can you trust Google or any other vendor to host a mission-critical service?
- more info
Core disaster recovery planning questions
Whether your business is a one-man operation or it employs a thousand people, the starting point is the same: identify the processes critical to your success. To do this, you should first define what critical means in your business. Rank each process according to that definition, and then ask how long can your business survive without it, who performs it, and what IT resources support it.
Questions you can ask:
- more info
- Can you simply not survive without this process? This should be your primary priority. Your business continuity plan must protect all primary priorities when a disaster strikes.
- Can you survive only a day or two without it? This should be a secondary priority. Your business continuity plan should address all secondary priorities after primary priorities are handled.
- Can you survive a week or more without it? Add it to your list of low priorities.
Maximum Tolerable Period of Disruption
- more info
BS 25999 defines the maximum tolerable period of disruption (MTPD) as :the duration after which an organization's viability will be irreparably damaged if delivery of a particular product or service cannot be resumed". It advises companies to " assess over time the impacts if the activity is disrupted" and " establish the MTPD of each activity". It instructs us to identify the latest time by which an activity must be resumed, establish the minimum level to which resumption must be achieved, and set the time within which normal activity levels must be restored. It says companies should " identify any inter-dependent activities, assets, supporting infrastructure or resources that also have to be maintained"
Disaster Preparedness equals risk, resilience and effective disaster recovery planning
Most people who are involved in emergency management are aware of the four primary phases of emergency management: prevention/mitigation, preparedness, response and recovery.
Recovery includes short-term measures taken to restore essential functions and systems, as well as longer-term activities intended to facilitate a return to pre-emergency conditions, or ideally to improve conditions through mitigation measures.
- more info
Importance of data recovery for mid-sized companies
Identifying the right tools for data recovery in the disaster recovery and business continuity processes is extremely important to the success and continuity of middle‐sized organizations. These tools need to be integrated without requiring an expensive and disruptive overhaul of existing IT infrastructure, and without adding to or demanding more of IT staff.
One key to this is to build on existing data storage and protection equipment. Tape is the best option when expanding on existing processes, because tape is a medium that is affordable.
- more info
What is ISO 27031:2011
ISO 27031:2011 Information and communications technology (ICT) continuity management, developed originally by the British Standards Institution (BSI), was accepted as an ISO standard in 2011 and represents a management systems-based implementation of an IT disaster recovery program. It has six key principles:
- Protecting the ICT environment from incidents, failures and disruptions;
- Detecting incidents at the earliest possible time;
- Reacting to incidents as efficiently as possible;
- Recovering by identifying and implementing appropriate recovery strategies;
- Operating in disaster recovery mode.
- Returning to normal operations.
While ISO 27031 is intended for use in the larger context of a business continuity program, organizations have successfully implemented this standard and then later grew into business continuity.
Structured as a management systems-based standard, ISO 27031 has two main components: the management system and the process. The management system is intended to ensure that an organization has a documented process to execute ICT continuity management. It utilizes the plan-do-check-act (PDCA) cycle consistent with ISO and other management system based standards. The process details the necessary components to provide the recovery capability. While the management system described in ISO 27031 can be established solely for IT disaster recovery, there are elements of the process that assume the existence of an overall business continuity program. As you can see below, ICT requirements are established by business continuity requirements typically determined during a business impact analysis.
The process of developing, maintaining, and improving an ICT capability are defined as five high level components:
- Understanding the ICT requirements for business continuity with the purpose of determining the ICT continuity services needed to support the business continuity requirements. The process requires understanding the components of critical services in production, their current continuity capability and the gap between current capabilities and business continuity requirements. The analysis should also focus on actions that can be taken to improve the resiliency of the production environment;
- Determining ICT continuity strategies with the purpose of developing both an overall ICT continuity management strategy and strategies for each critical ICT service that closes gaps identified during the previous phase;
- Developing and implementing ICT strategies with the purpose of implementing the chosen strategies, including establishing the necessary organizational structure, plans and procedures;
- Exercising and testing with the purpose of ensuring that the strategies and plans work as intended;
- Maintenance, review and improvement with the purpose of ensuring that ICT continuity strategy remains current and appropriate.
For those familiar with BS 25999-2:2007, the business continuity management standard, the structure above is consistent with sections four through six of that standard.
Given the similarities to BS 25999, ISO 27031 is the logical choice for implementing a disaster recovery capability in organizations that either utilize BS 25999 for business continuity or have other management systems-based programs. It also provides solid guidance for organizations that have no business continuity or other structure in place to serve as a basis for disaster recovery development. Establishing a management system as part of an ISO 27031 implementation will provide the necessary governance and provide a platform for the development of a more comprehensive business continuity program.
- more info
Mirrored DR architecture
Data consistency is achieved by mirroring all back-end databases at the SAN level. Here, the IT architect has two choices: synchronous or asynchronous SAN replication. The former provides virtually instantaneous recovery, with perfect consistency, but with the glaring drawback of a severe distance limitation between mirrors to minimize latency, since transactions can't be committed on the primary database until they are written to disk and acknowledged by the secondary.
- more info
National Preparedness Goal released
The Department of Homeland Security has announced the release of the first edition of the National Preparedness Goal. This is the first deliverable required under Presidential Policy Directive (PPD) 8 : National Preparedness.
The goal sets the vision for nationwide preparedness and identifies the core capabilities and targets necessary to achieve preparedness across five mission areas laid out under PPD 8: prevention, protection, mitigation, response and recovery.
The goal also sets out future steps that will be taken to comply with PPD 8. These include:
- A National Preparedness System
- A series of National Frameworks and Federal Interagency Operational Plans
- A National Preparedness Report
- A Campaign to Build and Sustain Preparedness.
The latter will provide an integrating structure for new and existing community-based, nonprofit, and private sector preparedness programs, research and development activities, and preparedness assistance.
Read the National Preparedness Goal (PDF)
- more info
Social network integrated in disaster recovery template
During the disaster recovery and business continuity processes this year in many companies proved the worth of having social networks integrated in their disaster recovery and business continuity plans. However, Janco has found only about 25% of businesses have added social media like Facebook or Twitter to their disaster recovery and business continuity plans.
Depending on the scope of the disaster -- a national horror such as September 11 or an 8.9 earthquake -- the use of social media can ease some of the communication burden for government and businesses. Australian government agencies extensively used social media during the country's recent regional flooding. In the United Kingdom, the Resilient Nation project recommends that government set forth initiatives to leverage citizens' ready access to social networks.
Janco's disaster recovery business continuity template take this into consideration.
The Disaster Recovery Plan (DRP) is provided in Word and PDF format. It is a complete DRP and can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption.
- more info
Budgeting for business continuity
Budget overseers are hard pressed to come up with a business case for spending money on a capability that may never need to be used unless there are significant legal or regulatory mandates for creating one. That explains why fewer than 50 percent of organizations have continuity plans, and of those that do, less than 50 percent actually test their plans - which is tantamount to having no plan at all.
For such a strategy to work well, it must:
- have known end points (a permanent and fixed recovery site),
- redundant hardware and software, and
- a cadre of personnel dedicated to maintaining identical configurations at the remote recovery facility as are present at the production site.
This helps explain why "geo-clustering" has not become the dominant paradigm of disaster recovery methodology after nearly forty years of trying. This does not, however, diminish the need to reduce the time-to data of recovery strategies - especially for "always-on" applications. Certain application functions need to be available non-stop or in very short order following an interruption event.
- more info
