You are previewing IT Disaster Recovery Planning For Dummies®.
O'Reilly logo
IT Disaster Recovery Planning For Dummies®

Book Description

If you have a business or a nonprofit organization, or if you’re the one responsible for information systems at such an operation, you know that disaster recovery planning is pretty vital. But it’s easy to put it off. After all, where do you start?

IT Disaster Recovery Planning For Dummies shows you how to get started by creating a safety net while you work out the details of your major plan. The right plan will get your business back on track quickly, whether you're hit by a tornado or a disgruntled employee with super hacking powers. Here's how to assess the situation, develop both short-term and long-term plans, and keep your plans updated.

This easy-to-understand guide will help you

  • Prepare your systems, processes, and people for an organized response to disaster when it strikes

  • Identify critical IT systems and develop a long-range strategy

  • Select and train your disaster recovery team

  • Conduct a Business Impact Analysis

  • Determine risks to your business from natural or human-made causes

  • Get management support

  • Create appropriate plan documents

  • Test your plan

  • Some disasters get coverage on CNN, and some just create headaches for the affected organization. With IT Disaster Recovery Planning For Dummies, you’ll be prepared for anything from hackers to hurricanes!

    Table of Contents

    1. Copyright
    2. About the Author
    3. Author's Acknowledgments
    4. Foreword
    5. Introduction
      1. About This Book
      2. How This Book Is Organized
        1. Getting Started with Disaster Recovery
        2. Building Technology Recovery Plans
        3. Managing Recovery Plans
        4. The Part of Tens
      3. What This Book Is—and What It Isn't
      4. Assumptions about Disasters
      5. Icons Used in This Book
      6. Where to Go from Here
      7. Write to Us!
    6. I. Getting Started with Disaster Recovery
    7. 1. Understanding Disaster Recovery
      1. 1.1. Disaster Recovery Needs and Benefits
        1. 1.1.1. The effects of disasters
        2. 1.1.2. Minor disasters occur more frequently
        3. 1.1.3. Recovery isn't accidental
        4. 1.1.4. Recovery required by regulation
        5. 1.1.5. The benefits of disaster recovery planning
      2. 1.2. Beginning a Disaster Recovery Plan
        1. 1.2.1. Starting with an interim plan
      3. 1.3. Beginning the full DR project
      4. 1.4. Managing the DR Project
        1. 1.4.1. Conducting a Business Impact Analysis
        2. 1.4.2. Developing recovery procedures
      5. 1.5. Understanding the Entire DR Lifecycle
        1. 1.5.1. Changes should include DR reviews
        2. 1.5.2. Periodic review and testing
        3. 1.5.3. Training response teams
    8. 2. Bootstrapping the DR Plan Effort
      1. 2.1. Starting at Square One
        1. 2.1.1. How disaster may affect your organization
        2. 2.1.2. Understanding the role of prevention
        3. 2.1.3. Understanding the role of planning
      2. 2.2. Resources to Begin Planning
      3. 2.3. Emergency Operations Planning
      4. 2.4. Preparing an Interim DR Plan
        1. 2.4.1. Staffing your interim DR plan team
        2. 2.4.2. Looking at an interim DR plan overview
      5. 2.5. Building the Interim Plan
        1. 2.5.1. Step 1—Build the Emergency Response Team
        2. 2.5.2. Step 2—Define the procedure for declaring a disaster
        3. 2.5.3. Step 3—Invoke the interim DR plan
        4. 2.5.4. Step 4—Maintain communications during a disaster
        5. 2.5.5. Step 5—Identify basic recovery plans
        6. 2.5.6. Step 6—Develop processing alternatives
        7. 2.5.7. Step 7—Enact preventive measures
        8. 2.5.8. Step 8—Document the interim DR plan
        9. 2.5.9. Step 9—Train ERT members
      6. 2.6. Testing Interim DR Plans
    9. 3. Developing and Using a Business Impact Analysis
      1. 3.1. Understanding the Purpose of a BIA
      2. 3.2. Scoping the Effort
      3. 3.3. Conducting a BIA: Taking a Common Approach
        1. 3.3.1. Gathering information through interviews
        2. 3.3.2. Using consistent forms and worksheets
      4. 3.4. Capturing Data for the BIA
        1. 3.4.1. Business processes
        2. 3.4.2. Information systems
        3. 3.4.3. Assets
        4. 3.4.4. Personnel
        5. 3.4.5. Suppliers
        6. 3.4.6. Statements of impact
        7. 3.4.7. Criticality assessment
        8. 3.4.8. Maximum Tolerable Downtime
        9. 3.4.9. Recovery Time Objective
        10. 3.4.10. Recovery Point Objective
      5. 3.5. Introducing Threat Modeling and Risk Analysis
        1. 3.5.1. Disaster scenarios
        2. 3.5.2. Identifying potential disasters in your region
      6. 3.6. Performing Threat Modeling and Risk Analysis
      7. 3.7. Identifying Critical Components
        1. 3.7.1. Processes and systems
        2. 3.7.2. Suppliers
        3. 3.7.3. Personnel
      8. 3.8. Determining the Maximum Tolerable Downtime
      9. 3.9. Calculating the Recovery Time Objective
      10. 3.10. Calculating the Recovery Point Objective
    10. II. Building Technology Recovery Plans
    11. 4. Mapping Business Functions to Infrastructure
      1. 4.1. Finding and Using Inventories
      2. 4.2. Using High-Level Architectures
        1. 4.2.1. Data flow and data storage diagrams
        2. 4.2.2. Infrastructure diagrams and schematics
      3. 4.3. Identifying Dependencies
        1. 4.3.1. Inter-system dependencies
        2. 4.3.2. External dependencies
    12. 5. Planning User Recovery
      1. 5.1. Managing and Recovering End-User Computing
        1. 5.1.1. Workstations as Web terminals
        2. 5.1.2. Workstation access to centralized information
        3. 5.1.3. Workstations as application clients
        4. 5.1.4. Workstations as local computers
        5. 5.1.5. Workstation operating systems
      2. 5.2. Managing and Recovering End-User Communications
        1. 5.2.1. Voice communications
        2. 5.2.2. E-mail
        3. 5.2.3. Fax machines
        4. 5.2.4. Instant messaging
    13. 6. Planning Facilities Protection and Recovery
      1. 6.1. Protecting Processing Facilities
        1. 6.1.1. Controlling physical access
        2. 6.1.2. Getting charged up about electric power
        3. 6.1.3. Detecting and suppressing fire
        4. 6.1.4. Chemical hazards
        5. 6.1.5. Keeping your cool
        6. 6.1.6. Staying dry: Water/flooding detection and prevention
      2. 6.2. Selecting Alternate Processing Sites
        1. 6.2.1. Hot, cold, and warm sites
        2. 6.2.2. Other business locations
        3. 6.2.3. Data center in a box: Mobile sites
        4. 6.2.4. Colocation facilities
        5. 6.2.5. Reciprocal facilities
    14. 7. Planning System and Network Recovery
      1. 7.1. Managing and Recovering Server Computing
        1. 7.1.1. Determining system readiness
        2. 7.1.2. Server architecture and configuration
        3. 7.1.3. Developing the ability to build new servers
        4. 7.1.4. Distributed server computing considerations
        5. 7.1.5. Application architecture considerations
        6. 7.1.6. Server consolidation: The double-edged sword
      2. 7.2. Managing and Recovering Network Infrastructure
      3. 7.3. Implementing Standard Interfaces
      4. 7.4. Implementing Server Clustering
        1. 7.4.1. Understanding cluster modes
        2. 7.4.2. Geographically distributed clusters
        3. 7.4.3. Cluster and storage architecture
    15. 8. Planning Data Recovery
      1. 8.1. Protecting and Recovering Application Data
      2. 8.2. Choosing How and Where to Store Data for Recovery
        1. 8.2.1. Protecting data through backups
        2. 8.2.2. Protecting data through resilient storage
        3. 8.2.3. Protecting data through replication and mirroring
        4. 8.2.4. Protecting data through electronic vaulting
        5. 8.2.5. Deciding where to keep your recovery data
        6. 8.2.6. Protecting data in transit
        7. 8.2.7. Protecting data while in DR mode
      3. 8.3. Protecting and Recovering Applications
        1. 8.3.1. Application version
        2. 8.3.2. Application patches and fixes
        3. 8.3.3. Application configuration
        4. 8.3.4. Application users and roles
        5. 8.3.5. Application interfaces
        6. 8.3.6. Application customizations
        7. 8.3.7. Applications dependencies with databases, operating systems, and more
        8. 8.3.8. Applications and client systems
        9. 8.3.9. Applications and networks
        10. 8.3.10. Applications and change management
        11. 8.3.11. Applications and configuration management
      4. 8.4. Off-Site Media and Records Storage
    16. 9. Writing the Disaster Recovery Plan
      1. 9.1. Determining Plan Contents
        1. 9.1.1. Disaster declaration procedure
        2. 9.1.2. Emergency contact lists and trees
        3. 9.1.3. Emergency leadership and role selection
        4. 9.1.4. Damage assessment procedures
        5. 9.1.5. System recovery and restart procedures
        6. 9.1.6. Transition to normal operations
        7. 9.1.7. Recovery team
      2. 9.2. Structuring the Plan
        1. 9.2.1. Enterprise-level structure
        2. 9.2.2. Document-level structure
      3. 9.3. Managing Plan Development
      4. 9.4. Preserving the Plan
      5. 9.5. Taking the Next Steps
    17. III. Managing Recovery Plans
    18. 10. Testing the Recovery Plan
      1. 10.1. Testing the DR Plan
        1. 10.1.1. Why test a DR plan?
        2. 10.1.2. Developing a test strategy
        3. 10.1.3. Developing and following test procedures
      2. 10.2. Conducting Paper Tests
      3. 10.3. Conducting Walkthrough Tests
        1. 10.3.1. Walkthrough test participants
        2. 10.3.2. Walkthrough test procedure
        3. 10.3.3. Scenarios
        4. 10.3.4. Walkthrough results
        5. 10.3.5. Debriefing
        6. 10.3.6. Next steps
      4. 10.4. Conducting Simulation Testing
      5. 10.5. Conducting Parallel Testing
        1. 10.5.1. Parallel testing considerations
        2. 10.5.2. Next steps
      6. 10.6. Conducting Cutover Testing
        1. 10.6.1. Cutover test procedure
        2. 10.6.2. Cutover testing considerations
      7. 10.7. Planning Parallel and Cutover Tests
        1. 10.7.1. Clustering and replication technologies and cutover tests
        2. 10.7.2. Next steps
      8. 10.8. Establishing Test Frequency
        1. 10.8.1. Paper test frequency
        2. 10.8.2. Walkthrough test frequency
        3. 10.8.3. Parallel test frequency
        4. 10.8.4. Cutover test frequency
    19. 11. Keeping DR Plans and Staff Current
      1. 11.1. Understanding the Impact of Changes on DR Plans
        1. 11.1.1. Technology changes
        2. 11.1.2. Business changes
        3. 11.1.3. Personnel changes
        4. 11.1.4. Market changes
        5. 11.1.5. External changes
        6. 11.1.6. Changes—some final words
      2. 11.2. Incorporating DR into Business Lifecycle Processes
        1. 11.2.1. Systems and services acquisition
        2. 11.2.2. Systems development
        3. 11.2.3. Business process engineering
      3. 11.3. Establishing DR Requirements and Standards
      4. 11.4. A Multi-Tiered DR Standard Case Study
      5. 11.5. Maintaining DR Documentation
        1. 11.5.1. Managing DR documents
        2. 11.5.2. Updating DR documents
        3. 11.5.3. Publishing and distributing documents
      6. 11.6. Training Response Teams
        1. 11.6.1. Types of training
        2. 11.6.2. Indoctrinating new trainees
    20. 12. Understanding the Role of Prevention
      1. 12.1. Preventing Facilities-Related Disasters
        1. 12.1.1. Site selection
        2. 12.1.2. Preventing fires
        3. 12.1.3. HVAC failures
        4. 12.1.4. Power-related failures
        5. 12.1.5. Protection from civil unrest and war
        6. 12.1.6. Avoiding industrial hazards
        7. 12.1.7. Preventing secondary effects of facilities disasters
      2. 12.2. Preventing Technology-Related Disasters
        1. 12.2.1. Dealing with system failures
        2. 12.2.2. Minimizing hardware and software failures
        3. 12.2.3. Pros and cons of a monoculture
        4. 12.2.4. Building a resilient architecture
      3. 12.3. Preventing People-Related Disasters
      4. 12.4. Preventing Security Issues and Incidents
      5. 12.5. Prevention Begins at Home
    21. 13. Planning for Various Disaster Scenarios
      1. 13.1. Planning for Natural Disasters
        1. 13.1.1. Earthquakes
        2. 13.1.2. Wildfires
        3. 13.1.3. Volcanoes
        4. 13.1.4. Floods
        5. 13.1.5. Wind and ice storms
        6. 13.1.6. Hurricanes
        7. 13.1.7. Tornadoes
        8. 13.1.8. Tsunamis
        9. 13.1.9. Landslides and avalanches
        10. 13.1.10. Pandemic
      2. 13.2. Planning for Man-Made Disasters
        1. 13.2.1. Utility failures
        2. 13.2.2. Civil disturbances
        3. 13.2.3. Terrorism and war
        4. 13.2.4. Security incidents
    22. IV. The Part of Tens
    23. 14. Ten Disaster Recovery Planning Tools
      1. 14.1. Living Disaster Recovery Planning System (LDRPS)
      2. 14.2. BIA Professional
      3. 14.3. COBRA Risk Analysis
      4. 14.4. BCP Generator
      5. 14.5. DRI Professional Practices Kit
      6. 14.6. Disaster Recovery Plan Template
      7. 14.7. SLA Toolkit
      8. 14.8. LBL ContingencyPro Software
      9. 14.9. Emergency Management Guide for Business and Industry
      10. 14.10. DRJ's Toolbox
    24. 15. Eleven Disaster Recovery Planning Web Sites
      1. 15.1. DRI International
      2. 15.2. Disaster Recovery Journal
      3. 15.3. Business Continuity Management Institute
      4. 15.4. Disaster Recovery World
      5. 15.5. Disaster Recovery Planning.org
      6. 15.6. The Business Continuity Institute
      7. 15.7. Disaster-Resource.com
      8. 15.8. Computerworld Disaster Recovery
      9. 15.9. CSO Business Continuity and Disaster Recovery
      10. 15.10. Federal Emergency Management Agency (FEMA)
      11. 15.11. Rothstein Associates Inc.
    25. 16. Ten Essentials for Disaster Planning Success
      1. 16.1. Executive Sponsorship
      2. 16.2. Well-Defined Scope
      3. 16.3. Committed Resources
      4. 16.4. The Right Experts
      5. 16.5. Time to Develop the Project Plan
      6. 16.6. Support from All Stakeholders
      7. 16.7. Testing, Testing, Testing
      8. 16.8. Full Lifecycle Commitment
      9. 16.9. Integration into Other Processes
      10. 16.10. Luck
    26. 17. Ten Benefits of DR Planning
      1. 17.1. Improved Chances of Surviving "The Big One"
      2. 17.2. A Rung or Two Up the Maturity Ladder
      3. 17.3. Opportunities for Process Improvements
      4. 17.4. Opportunities for Technology Improvements
      5. 17.5. Higher Quality and Availability of Systems
      6. 17.6. Reducing Disruptive Events
      7. 17.7. Reducing Insurance Premiums
      8. 17.8. Finding Out Who Your Leaders Are
      9. 17.9. Complying with Standards and Regulations
      10. 17.10. Competitive Advantage