Transcription
Disaster Recovery Plan InformationProject NameVersionYour Company NameDisaster Recovery Plan InformationDateConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 1 of 25
Disaster Recovery Plan InformationProject NameVersionRevision HistoryDateVersionAuthorChange‘COPYRIGHT NOTICEConfidential – 2015 Documentation ConsultantsAll rights reserved. These materials are for internal use only. No part of these materials may bereproduced, published in any form or by any means, electronic or mechanical, including photocopy or anyinformation storage or retrieval system, nor may the materials be disclosed to third parties without the writtenauthorization of (Your Company Name).Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 2 of 25
Disaster Recovery Plan InformationProject NameVersionTable of Contents1 Purpose .51.11.2What is Disaster Recovery . 5Goals, Objectives, and Scope . 52 General Disaster Plan Information .62.12.22.32.42.5Disaster Recovery Team. 6Disaster Recovery Time . 7Disaster Recovery Site. 7Critical Services or Information . 7Technology Priority for Services and Applications . 82.5.1 Disaster Recovery Areas-Examples . 93 Response Process .113.13.23.33.43.53.6Notice of Problem . 11Problem Assessment . 11Problem Resolution. 11Disaster Condition Declaration . 12Notification Procedures . 12Recovery Procedures . 124 Technology Infrastructure Recovery Plan Samples .144.1Network Recovery Plan. 144.1.1 Network Testing . 144.2Windows Server Recovery Plan . 154.2.1 Windows Server Testing . 154.3Electronic Mail Recovery Plan. 164.3.1 Electronic Mail Testing . 174.4Telecommunications Recovery Plan . 184.4.1 Telecommunications Testing . 184.5Applications Infrastructure. 195 Training and Documentation Requirements .196 Glossary .207 APPENDIX .217.17.27.37.47.57.6Executive Sponsors . 21User Information . 21Applications . 22Equipment Inventory . 23Production Site Data Communications Configuration . 23Recovery Site(s) Data Communications Configuration . 24Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 3 of 25
Disaster Recovery Plan InformationProject NameVersion7.77.8Data Communications Equipment . 24Network Diagram-Sample . 25Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 4 of 25
Disaster Recovery Plan InformationProject NameVersionNote: Text displayed in blue italics is included to provide guidance to the author and should bedeleted before publishing the document. In any table, select and delete any blue line text; thenclick Home Styles and select “Table Text” to restore the cells to the default value.1 PurposePurpose describes the intent of the document, which is to provide disaster recovery (DR) planinformation in the event of a crisis or an emergency situation that warrants movement toanother location.1.1 What is Disaster RecoveryDisaster recovery is the process whereby a company would restore any loss of data in the event of fire,vandalism, natural disaster, or system failure.A disaster recovery plan is part of an overall contingency plan to complete that restoration task andkeep the company running. A disaster recovery plan is required for any publicly traded company andcompanies that need to minimize loss. This disaster recovery declaration plan is designed forconditions under which the company site is unable to function under standard daily businessprocedures.1.2 Goals, Objectives, and ScopeThis section describes the goals, objectives, and scope of the plan, e.g.,oooooIntent of the planWhat it will addressWhat scenarios are being planned forTimeframes considered, andOther planning assumptions.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 5 of 25
Disaster Recovery Plan InformationProject NameVersion2 General Disaster Plan Information2.1 Disaster Recovery TeamThe disaster recovery team is composed of a predefined group of employees from various businessunits of the company. These employees should be trained to perform their disaster recoveryresponsibilities.Provide Disaster Team Member information in the following table.Team MemberArea of ResponsibilityWorkTelephone #HomeTelephone #Cell #Information TechnologyHuman nicationDisaster Recovery SiteProviderConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 6 of 25
Disaster Recovery Plan InformationProject NameVersion2.2 Disaster Recovery TimeRecovery time to start and maintain operations is vital to the financial needs of the company.The following are sample categories and tiers to begin operations, services, and technology inthe event of a disaster: The organization needs to define those items.Disaster Recovery CategoryRecovery TimeInfrastructure0-8 HoursMission Critical or Tier One8-24 HoursMission Essential or Tier Two24 - 48 HoursBusiness Unit Essential or Tier Three48 - 72 HoursBusiness Unit Essential or Tier Four120 HoursNew applications not yet assigned acriticality ranking.To be determined; defaults to priority 4 untilmanagement approval is received of a differentpriority2.3 Disaster Recovery SiteA disaster recovery site should be pre-configured specifically for disaster circumstances. Thelocation of the disaster recovery site is: (Enter location here).2.4 Critical Services or InformationProvide a methodology to ensure that mission critical services are identified. See the followingtable with example information.Service ServicesServices where the company’s revenue would be directly impacted ifcertain technology services are not available are given the highestpriority. Data required for these services will be copied to thedisaster recovery site in real time in the event of an emergency.ProductivityServicesThese technology services allow the company to work moreproductively and save operating expenses. These services will beprioritized from an economical standpoint.TechnologyInfrastructureThese are the basic technology services required by businessoperations such as redundant electrical, cooling, network, security,internet access, telephones, email, etc.Employee OfficesOffices space for “X” number of employees at the disaster recoverysite. The site will be configured for easy remote access from homeConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 7 of 25
Disaster Recovery Plan InformationProject NameVersionService ns for employees who will not have access to office space.To minimize costs in the event of a disaster, employees could bringtheir laptops. Other equipment should be purchased quickly to meetcomputing needs if necessary.2.5 Technology Priority for Services and ApplicationsCategorize technology services and applications according to the priority in which they will berecovered under disaster conditions. This priority categorization is part of a joint effort betweenthe Information Technology staff and the Business Unit employees who use the specifictechnology services or applications. The priority settings should be approved by seniormanagement and not be changed without proper approval.Provide information on how services, applications, and databases will be restored (e.g.,timeframe, recovery tier, point of failure, last offsite backup, intraday backup, etc.). Thefollowing table shows recovery category examples.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 8 of 25
Disaster Recovery Plan InformationProject NameVersion2.5.1 Disaster Recovery Areas-ExamplesOffice Space & Technology Infrastructure – Revenue Dependent TechnologiesThese technology services are essential to the company’s revenue stream.ooRecovery Time: 0 – 8 HoursEquipment Strategy: Equipment on site for immediate technology requirementsServiceDescriptionCompany NetworkEmailInternetTelecommunications & VoiceMailWindows Server- Security andshared network drives.Tier One & Two – Operational Productivity TechnologiesThe technology services in tiers one and two allow the company to operate efficiently using automatedprocesses in daily business operations.ooRecovery Time: 24 – 48 HoursEquipment Strategy: Equipment on site to meet aggressive recovery eHuman ResourcesInformation Technology-tocorporate applicationsConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 9 of 25
Disaster Recovery Plan InformationProject NameVersionTier Three – Operational Productivity TechnologiesTier three applications provide productivity improvements and are not revenue dependent. Recovery Time: 48 – 72 HoursEquipment Strategy: Equipment contract in place for guaranteed 24 hour delivery.ServiceDescriptionOperations and MaintenanceTier Four – Operational Productivity Technologies – 120 Hour RecoveryThe technology services in tier four are the lowest priority items that are not time sensitive. They will berecovered in relation to their respective priorities depending on the timing of any disaster condition.ServiceDescriptionFinance, e.g., Accounting GLReporting Expense AccountReporting Property TaxManagementInformation Technology, e.g., ComputerManagement IT Help DeskLegalConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 10 of 25
Disaster Recovery Plan InformationProject NameVersion3 Response Process3.1 Notice of ProblemProvide information about how to report a problem to management or staff, e.g., by phone oremail.3.2 Problem AssessmentProvide information on how to perform the initial analysis.3.3 Problem ResolutionProvide information about how to resolve a problem, e.g., the following table provides a samplemethodology to resolve problems.Incident InformationResolutionCategory 1, routineincidentUse normal help desk or on-call procedures.Category 2 or 3 incidentHelp Desk (during the day) or on-call person (after hours)notifies team management. Start the assessment process andescalate the incident if necessary.Category 4 incidentNotify the head of IT and the Local IT Disaster Recoverycoordinator and implement Disaster Recovery procedures.Notify the IncidentManager of the incidentIncident Manager starts the damage specific shift assignmentswith communication to appropriate employees. Activate the Disaster Recovery Plan. Start damage assessment process. Prepare damage report and incident severity. Determine Incident Command Team assignments,e.g., determine timeframe to setup other teams,contact Team Leaders, and request non-critical staffto remain at home until further notice.Make decision (yes/no) to relocate data center processing tobackup site. Designate Recovery Team(s), leaders, and staff. Notify team(s) of disaster. Implement the recovery plan.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 11 of 25
Disaster Recovery Plan InformationProject NameVersion3.4 Disaster Condition DeclarationDefine how and when a disaster declaration can be declared, e.g.,Authorization: A minimum of two (2) members of the company’s senior management teamshould have the authority to declare a disaster recovery condition. When a disaster recoverycondition is declared by senior staff the following initial steps should be initiated:Notify the following individuals or groups immediately of the disaster recovery declaration:1. Senior Staff Member2. Disaster Recovery Team3. Disaster Recovery Site Provider3.5 Notification ProceduresDefine how and when IT management, the Emergency Management Response Team, and DRTeam Members will be notified. Identify what information and/or instructions will be provided ateach level of notification.3.6 Recovery ProceduresThe following table provides sample recovery procedures.TopicDescriptionBackupTapes andOffsiteStorageDescribe backup process and frequency. Define offsite storage locations and recall procedures, e.g., vendorcontacts, delivery locationsComputerRecoveryDocument mainframe setup. Document recovery process, e.g., restore backup tape, DASDrestore & cataloging, TCP/IP modifications. Describe the LAN topology and protocols used (e.g., Ethernet,ATM). Provide LAN production structures and recovery locations. Provide system configurations, vendors, and their contact data. Provide a procedures checklist on how servers will be configured,validated, loaded, etc. Provide Web Site information, e.g., hardware, software, andconfigurations used to create and host the web site. Review website to ensure hard-coded IP addresses, domain names,or drive letters to reduce system recovery implementation time. Ensure Security Policies and Controls are maintained. Modify DNS server names providing URL mappings to IP addressesServerRecoveryWebSupportConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 12 of 25
Disaster Recovery Plan InformationProject NameVersionTopicDescriptionwhen necessary.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 13 of 25
Disaster Recovery Plan InformationProject NameVersion4 Technology Infrastructure Recovery Plan Samples4.1 Network Recovery PlanPrerequisites Frame relay network installed at disaster recovery site.Action ary RouterTelnet to primary routerNetwork Administrator or DisasterRecovery CompanyDisconnectCompanySecondaryRouterTelnet to backup routerNetwork Administrator or DisasterRecovery CompanyConfigureDisasterRecoveryNetwork as theCompanyNetworkTelnet to internet addressDisaster Recovery Company4.1.1 Network TestingSample Test Plan StepsTest ItemDescriptionInternal NetworkAddressing TestFrom a computer on the disaster recovery site network, ping serversTCP/IP address at various locations and multiple disaster recovery siteservers to ensure network connectivity is established correctly.Internal NetworkName TestFrom a computer on the disaster recovery site, ping network servernames to ensure internal DNS servers are functioning properly. Performa trace route to ensure proper network routing and naming.Internal NetworkBrowsing TestBrowse the internal network to ensure Windows browsing is functioningproperly. Perform a trace route to ensure proper network routing andnaming.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 14 of 25
Disaster Recovery Plan InformationProject NameVersion4.2 Windows Server Recovery PlanPrerequisites Network installed at disaster recovery site Domain controller at disaster recovery siteAction ItemDescriptionTeam Member ResponsibilityReconfigureDomainReplicationDNS Configuration – Changedomain to point to itself.Use Sites and Services toreconfigure domain at thereplication hub.Modify WINS to replicate to alldomain controllers.Size disaster recovery domaincontrollers.Technology Infrastructure ManagerFile ServerRenamingRename Windows file servers atthe disaster recovery site toproduction server names.Technology Infrastructure ManagerPrint ServingSetup acquired printers in theevent of an emergency.Technology Infrastructure Manager4.2.1 Windows Server TestingSample Test Plan StepsTest ItemDescriptionWindows FileSharingVerify access thru the Windows Run window or Windows Explorer.Test ReplicationVerify changes made on the disaster recovery domain controllers arebeing replicated to at least three domain controllers.Printer TestPrint to test printer at the disaster recovery site.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 15 of 25
Disaster Recovery Plan InformationProject NameVersion4.3 Electronic Mail Recovery PlanPrerequisites Network Installed at Disaster Recovery Site Windows Server Recovery - Active Directory domain controller(s) and global catalogserver(s) names, domain administrator account, and password. Replacement hardware and component device drivers are disk mirror compatible. Disk mirror of the operation system and exchange program files from the productionsystem. Backups of exchange databases. Exchange master administrator account name and password. IP addressing information of new environment (if applicable).Action ItemRecover theoperatingsystem,exchangeprogram files,and disk arrays.RegistrychangesExchangeservices andattributesDrive lettersExchangeAccessinformationRecipient UpdateService DomainControllerDescriptionResponsibilityRecover the operating system, exchangeprogram files, and recreate the disk arrays toprepare for database restore. Perform this forall exchange servers that have productionmailbox stores: Operating system and exchangeprogram files Disk arraysPerform registry changes to make exchangeaware of new domain controllers and globalcatalog servers if they are not present in therecovery environment.Verify the exchange services start, e.g., Microsoft Exchange SystemAttendant Microsoft Exchange InformationStoreVerify drive letters are correct and attached. Operating system Transaction logs Mailbox stores Computer DVD / CD-ROMUpdate Exchange Access information with newDomain Controller(s) and Global Catalogserver(s) information.Modify the Recipient Update Service DomainController.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 16 of 25
Disaster Recovery Plan InformationProject NameVersionAction ItemExchange FolderStructureExchangerestore andmountingprocessOutlook WebAccessDescriptionResponsibilityUpdate the exchange folder structure (e.g.,create directories-transaction log) and createblank mailbox stores with drives based ondatabase paths reflected in System Manager. Change the restore status of allstores to be restored anddismounted. Restore Exchange Databases frombackup using Backup Exec. Mount databases after the restore.Perform configuration changes needed forOutlook Web Access (OWA) server(s).4.3.1 Electronic Mail TestingSample Test Plan StepsTest ItemDescriptionOutlook WebAccessUsing Outlook Web Access (OWA), start Internet Explorer and go tocompany’s OWA address at https://webmail.companyname.com.LogonLogon using your network ID and password.Inbox MessagesVerify that messages displayed in your Inbox are current or as of therestored backup period.Send Mail1Send mail to an Internet account that you have access to. Verify that itwas received in this Internet mailbox.Send Mail2Send mail from your Internet account to your account. Verify that it wasreceived in your mailbox.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 17 of 25
Disaster Recovery Plan InformationProject NameVersion4.4 Telecommunications Recovery PlanPrerequisites Office space setup completed with telephone handsets.Action rm the local exchange providerto forward company telephonenumbers to numbers assigned atthe disaster recovery site.Communications ManagerHandset SetupProvide to Disaster RecoveryCompany the MAC addresses ofany additional phone handsetsthey wish to use (with usernamesassigned to each phone).Communications ManagerSite SetupImplement final configurationsteps for Call Manager services atthe disaster recovery site.Disaster Recovery CompanyVoice MailSetup voice mail on the company’sCall Manager.Disaster Recovery CompanyVoice RecordingImplement a voice recording on thecompany’s Call Manager at the DRsite.Communications Manager4.4.1 Telecommunications TestingSample Test Plan StepsTest ItemDescriptionInternal CallingMake an IP Phone to IP Phone call from one number at the disasterrecovery site to another number at the disaster recovery site.External CallingMake a local phone call to a number outside of the building, 10 digitdialing (include area code) is required. Also from an external phonemake a call into the disaster recovery site to make sure the site is able toreceive external calls and test the number transfer service.International &Long DistanceMake both a long distance and international call.Voice MailCheck if voice mail is functional. From another phone leave a messageat your number to check the message waiting light.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 18 of 25
Disaster Recovery Plan InformationProject NameVersion4.5 Applications InfrastructureProvide a recovery plan and test plan steps for major applications, e.g., Financials Payroll & Human Resources Treasury Tax Marketing Database Time Entry.5 Training and Documentation RequirementsProvide training and documentation information that is required to support the disasterrecovery process, applications, system, operations or services., training plans, trainingmaterials, support documentation, and user documentation.Training / DocumentationResourceConfidential – 2015 Documentation Consultants (www.SDLCforms.com)ScheduleCommentsDocument: 9150Page 19 of 25
Disaster Recovery Plan InformationProject NameVersion6 GlossaryList any document terms that may not be fully understood without some explanation.TermDefinitionDisasterrecoveryDisaster recovery is the process whereby a company would restore any loss ofdata in the event of fire, vandalism, natural disaster, or system failure.DisasterRecovery PlanA disaster recovery plan is part of an overall contingency plan to complete thatrestoration task and keep the company running. A disaster recovery plan isrequired for any publicly traded company and companies that need to minimizeloss. This disaster recovery declaration plan is designed for conditions underwhich the company site is unable to function under standard daily businessprocedures.Confidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 20 of 25
Disaster Recovery Plan InformationProject NameVersion7 APPENDIX7.1 Executive SponsorsLast NameFirst NameApplication Name7.2 User InformationLast NameFirst NameDept.DR RepConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Application NameDocument: 9150PurposePage 21 of 25
Disaster Recovery Plan InformationProject NameVersion7.3 ose1 8hours224hours348hours472 hours53-5days6 5daysConfidential – 2015 Documentation Consultants (www.SDLCforms.com)ManagerLocationDocument: 9150Primary andSecondary e 22 of 25
Disaster Recovery Plan InformationProject NameVersion7.4 Equipment InventoryEquipment TypeIDModelServerXYZ1Compaq DL380Telephone1Cisco 7960ServiceFile ServerIP Addressxx.xx.xxx.xxx7.5 Production Site Data Communications ConfigurationIDDescriptionBandwidthConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Vendor / ContactAgency / PersonContact #sDocument: 9150Date Last TestedPage 23 of 25
Disaster Recovery Plan InformationProject NameVersion7.6 Recovery Site(s) Data Communications ConfigurationIDDescriptionBandwidthVendor / ContactAgency / PersonContact #sDate Last Tested7.7 Data Communications EquipmentDevice TypeDescriptionSerial NumberContact Agency /PersonDate Last Tested / By WhomRoutersSwitchesConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 24 of 25
Disaster Recovery Plan InformationProject NameVersion7.8 Network Diagram-SampleConfidential – 2015 Documentation Consultants (www.SDLCforms.com)Document: 9150Page 25 of 25
Activate the Disaster Recovery Plan. Start damage assessment process. Prepare damage report and incident severity. Determine Incident Command Team assignments, e.g., determine timeframe to setup other teams, contact Team Leaders, and request non-critical staff to remain at home until further notice.
