WIXLIB

Client Name IT Disaster Recovery PlanTemplateBy Paul Kirvan, CISA, CISSP, FBCI,CBCP

Revision HistoryREVISIONOriginal 1.0DATENAMEDESCRIPTIONAll Rights Reserved, 2009, TechTarget2

Table of ContentsInformation Technology Statement of Intent . 5Policy Statement . 5Objectives . 5Key Personnel Contact Info . 6Notification Calling Tree . 7External Contacts . 8External Contacts Calling Tree . 101 Plan Overview . 111.1Plan Updating. 111.2Plan Documentation Storage. 111.3Backup Strategy . 111.4Risk Management . 112 Emergency Response . 122.1Alert, escalation and plan invocation . 122.1.1 Plan Triggering Events . 122.1.2 Assembly Points . 122.1.3 Activation of Emergency Response Team . 122.2Disaster Recovery Team . 132.3Emergency Alert, Escalation and DRP Activation . 132.3.1 Emergency Alert . 132.3.2 DR Procedures for Management . 142.3.3 Contact with Employees . 142.3.4 Backup Staff. 142.3.5 Recorded Messages / Updates . 142.3.7 Alternate Recovery Facilities / Hot Site . 142.3.8 Personnel and Family Notification . 143 Media . 153.1Media Contact . 153.2Media Strategies. 153.3Media Team . 153.4Rules for Dealing with Media . 154 Insurance . 155 Financial and Legal Issues . 165.1Financial Assessment . 165.2Financial Requirements . 165.3Legal Actions . 166 DRP Exercising. 16Appendix A – Technology Disaster Recovery Plan Templates. 17Disaster Recovery Plan for System One . 17Disaster Recovery Plan for System Two . 19Disaster Recovery Plan for Local Area Network (LAN). 21Disaster Recovery Plan for Wide Area Network (WAN) . 23All Rights Reserved, 2009, TechTarget3

Disaster Recovery Plan for Remote Connectivity . 25Disaster Recovery Plan for Voice Communications . 27Appendix B – Suggested Forms . 29Damage Assessment Form . 29Management of DR Activities Form. 29Disaster Recovery Event Recording Form . 30Disaster Recovery Activity Report Form . 30Mobilizing the Disaster Recovery Team Form . 31Mobilizing the Business Recovery Team Form. 31Monitoring Business Recovery Task Progress Form. 32Preparing the Business Recovery Report Form . 32Communications Form. 33Returning Recovered Business Operations to Business Unit Leadership . 33Business Process/Function Recovery Completion Form . 34All Rights Reserved, 2009, TechTarget4

Information Technology Statement of IntentThis document delineates our policies and procedures for technology disaster recovery, as well asour process-level plans for recovering critical technology platforms and the telecommunicationsinfrastructure. This document summarizes our recommended procedures. In the event of anactual emergency situation, modifications to this document may be made to ensure physicalsafety of our people, our systems, and our data.Our mission is to ensure information system uptime, data integrity and availability, and businesscontinuity.Policy StatementCorporate management has approved the following policy statement: The company shall develop a comprehensive IT disaster recovery plan.A formal risk assessment shall be undertaken to determine the requirements for thedisaster recovery plan. The disaster recovery plan should cover all essential and critical infrastructureelements, systems and networks, in accordance with key business activities. The disaster recovery plan should be periodically tested in a simulated environment toensure that it can be implemented in emergency situations and that the managementand staff understand how it is to be executed. All staff must be made aware of the disaster recovery plan and their own respectiveroles. The disaster recovery plan is to be kept up to date to take into account changingcircumstances.ObjectivesThe principal objective of the disaster recovery program is to develop, test and documenta well-structured and easily understood plan which will help the company recover asquickly and effectively as possible from an unforeseen disaster or emergency whichinterrupts information systems and business operations. Additional objectives include thefollowing: The need to ensure that all employees fully understand their duties in implementingsuch a planThe need to ensure that operational policies are adhered to within all plannedactivitiesThe need to ensure that proposed contingency arrangements are cost-effectiveThe need to consider implications on other company sitesDisaster recovery capabilities as applicable to key customers, vendors and othersAll Rights Reserved, 2009, TechTarget5

Key Personnel Contact InfoName, TitleContact OptionContact NumberWorkAlternateMobileHomeEmail AddressAlternate EmailWorkAlternateMobileHomeEmail AddressAlternate EmailWorkAlternateMobileHomeEmail AddressAlternate EmailWorkAlternateMobileHomeEmail AddressAlternate EmailWorkAlternateMobileHomeEmail AddressAlternate EmailWorkAlternateMobileHomeEmail AddressAlternate EmailAll Rights Reserved, 2009, TechTarget6

Notification Calling TreePersonIdentifyingIncidentAll Rights Reserved, 2009, TechTarget7

External ContactsName, TitleContact OptionContact NumberLandlord / Property ManagerAccount Number NoneWorkMobileHomeEmail AddressPower CompanyAccount NumberTelecom Carrier 1Account NumberTelecom Carrier 2Account NumberHardware Supplier 1Account NumberServer Supplier 1Account Number.Workstation Supplier 1Account NumberOffice Supplies 1Account Number C3095783WorkMobileHomeEmail AddressWorkMobileFaxHomeEmail AddressWorkMobileHomeEmail AddressWorkMobileEmergency ReportingEmail AddressWorkMobileFaxEmail AddressWorkMobileHomeEmail AddressWorkMobileHomeEmail AddressAll Rights Reserved, 2009, TechTarget8

Name, TitleInsurance – NameAccount NumberSite Security –Account NumberOff-Site Storage 1Account NumberOff-Site Storage 2Account NumberHVAC –Account NumberPower Generator –Account NumberOther –Account NumberContact OptionContact NumberWorkMobileHomeEmail AddressWorkMobileHomeEmail AddressWorkMobileHomeEmail AddressUser IDPasswordHomeEmail AddressWorkMobileHomeEmail AddressWorkMobileHomeEmail AddressWorkMobileHomeEmail AddressAll Rights Reserved, 2009, TechTarget9

External Contacts Calling TreeAll Rights Reserved, 2009, TechTarget10

1Plan Overview1.1Plan UpdatingIt is necessary for the DRP updating process to be properly structured and controlled.Whenever changes are made to the plan they are to be fully tested and appropriateamendments should be made to the training materials. This will involve the use offormalized change control procedures under the control of the IT Director.1.2Plan Documentation StorageCopies of this Plan, CD, and hard copies will be stored in secure locations to be definedby the company. Each member of senior management will be issued a CD and hard copyof this plan to be filed at home. Each member of the Disaster Recovery Team and theBusiness Recovery Team will be issued a CD and hard copy of this plan. A masterprotected copy will be stored on specific resources established for this purpose.1.3Backup StrategyKey business processes and the agreed backup strategy for each are listed below. Thestrategy chosen is for a fully mirrored recovery site at the company’s offices in .This strategy entails the maintenance of a fully mirrored duplicate site which will enableinstantaneous switching between the live site (headquarters) and the backup site.KEY BUSINESS PROCESSIT OperationsTech Support - HardwareTech Support - SoftwareFacilities ManagementEmailPurchasingDisaster RecoveryFinanceContracts AdminWarehouse & InventoryProduct SalesMaintenance SalesHuman ResourcesTesting Fully Mirrored Recovery site Workshop Fully Mirrored Recovery site Call CenterWeb Site1.4BACKUP STRATEGYFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteOff-site data storage facilityFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteFully mirrored recovery siteRisk ManagementThere are many potential disruptive threats which can occur at any time and affect thenormal business process. We have considered a wide range of potential threats and theAll Rights Reserved, 2009, TechTarget11

results of our deliberations are included in this section. Each potential environmentaldisaster or emergency situation has been examined. The focus here is on the level ofbusiness disruption which could arise from each type of disaster.Potential disasters have been assessed as follows:Potential DisasterProbability RatingImpact RatingFlood34Fire34TornadoElectrical stormsAct of terrorismAct of sabotageElectrical powerfailure555534Loss of communications networkservices44Probability: 1 Very High, 5 Very LowBrief Description Of PotentialConsequences & RemedialActionsAll critical equipment is locatedon 1st FloorFM200 suppression systeminstalled in main computercenters. Fire and smokedetectors on all floors.Redundant UPS array togetherwith auto standby generatorthat is tested weekly & remotelymonitored 24/7. UPSs alsoremotely monitored.Two diversely routed T1 trunksinto building. WAN redundancy,voice network resilienceImpact: 1 Total destruction, 5 Minor annoyance2Emergency Response2.1Alert, escalation and plan invocation2.1.1 Plan Triggering EventsKey trigger issues at headquarters that would lead to activation of the DRP are: Total loss of all communications Total loss of power Flooding of the premises Loss of the building2.1.2 Assembly PointsWhere the premises need to be evacuated, the DRP invocation plan identifies twoevacuation assembly points: Primary – Far end of main parking lot; Alternate – Parking lot of company across the street2.1.3 Activation of Emergency Response TeamWhen an incident occurs the Emergency Response Team (ERT) must be activated. TheERT will then decide the extent to which the DRP must be invoked. All employees mustbe issued a Quick Reference card containing ERT contact details to be used in the eventof a disaster. Responsibilities of the ERT are to:All Rights Reserved, 2009, TechTarget12

Respond immediately to a potential disaster and call emergency services;Assess the extent of the disaster and its impact on the business, data center, etc.;Decide which elements of the DR Plan should be activated;Establish and manage disaster recovery team to maintain vital services and return tonormal operation;Ensure employees are notified and allocate responsibilities and activities as required.2.2Disaster Recovery TeamThe team will be contacted and assembled by the ERT. The team's responsibilitiesinclude: Establish facilities for an emergency level of service within 2.0 business hours; Restore key services within 4.0 business hours of the incident; Recover to business as usual within 8.0 to 24.0 hours after the incident; Coordinate activities with disaster recovery team, first responders, etc. Report to the emergency response team.2.3Emergency Alert, Escalation and DRP ActivationThis policy and procedure has been established to ensure that in the event of a disaster orcrisis, personnel will have a clear understanding of who should be contacted. Procedureshave been addressed to ensure that communications can be quickly established whileactivating disaster recovery.The DR plan will rely principally on key members of management and staff who willprovide the technical and management skills necessary to achieve a smooth technologyand business recovery. Suppliers of critical goods and services will continue to supportrecovery of business operations as the company returns to normal operating mode.2.3.1 Emergency AlertThe person discovering the incident calls a member of the Emergency Response Team inthe order listed:Emergency Response Team If not available try: All Rights Reserved, 2009, TechTarget13