Disaster Recovery Plan Template
Business Continuity Planning
Sarbanes - Oxley, ISO 27000 (27001 & 27002)
PCI, & HIPAA Compliant
This Disaster Recovery Plan and Business Continuity Template can be used for any size of enterprise. The Disaster Recovery Planning template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The DRP Template comes as a Word document and includes:
- Disaster Recovery Plan and Business Continuity Template
- Business and IT Impact Analysis Questionnaire
- Work Plan
- Disaster Recovery / Business Continuity Audit Program
- Pandemic Planning Check List
New are:
- Compliance with the new ISO 27000 (27001 and 27002), Sarbanes-Oxley, PCI-DSS and HIPAA standards
- Web Site Disaster Recovery Planning Form
- Department Disaster Recovery Activation Workbook
- Quick Reference Guide
- Team Alert List (Form)
- Disaster Recovery Plan and Business Continuity Team Responsibilities
- Disaster Recovery Plan and Business Continuity Team Checklist
- Critical Functions Definition
- Normal Business Hour Response Procedures
- After Hours Response Procedures
- Disaster Recovery Plan and Business Continuity Location(s) Definition
- Disaster Recovery Plan and Business Continuity Recovery Procedures
- Notification Procedures
- Notification Call List (Form)
- Updated Business and IT Impact Analysis Questionnaire
- Vendor Disaster Recovery Questionnaire
- Vendor Phone List Form Updated
- Key Customer Notification Form
- Critical Resources to be Retrieved Form
- Business Continuity Off-Site Materials Form
- Chief Information Officer
- Chief Security Officer
- Chief Compliance Officer
- VP Strategy and Architecture
- Director Disaster Recovery and Business Continuity
- Director e-Commerce
- Manager Disaster Recovery
- Manager Disaster Recovery and Business Continuity
- Disaster Recovery Coordinator
- Disaster Recovery - Special Projects Supervisor
- Manager Database
- Capacity Planning Supervisor
- Manager Media Library Support
- Manager Site Management
- Pandemic Coordinator
The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:
- Plan Introduction
- Business Impact Analysis - including a sample impact matrix
- DRP Organization Responsibilities pre and post disaster - drp checklist
- Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
- Recovery Strategy including approach, escalation plan process and decision points
- Disaster Recovery Procedures in a check list format
- Plan Administration Process
- Technical Appendix including definition of necessary phone numbers and contact points
- Job Descriptions (each 3 pages long) for:
- Disaster Recovery Manager
- Manager Disaster Recovery and Business Continuity
- Pandemic Coordinator
- Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)
There is a extensive section that show how a full test of the DRP can be conducted. It includes
- Disaster Recovery Manager Responsibilities
- Distribution of the Disaster Recovery Plan
- Maintenance of the Business Impact Analysis
- Training of the Disaster Recovery Team
- Testing of the Disaster Recovery Plan
- Evaluation of the Disaster Recovery Plan Tests
- Maintenance of the Disaster Recovery Plan
Click on the link below to get the Disaster Recovery Plan and Business Continuity sample pages now and make it a part of your disaster recovery toolkit.
This template is
not for resale or re-distribution
>
Disaster Planning - Business Continuity News
Simple Disaster Planning Activities
Creating a disaster recovery plan is a complex task; however there are a number of basic steps that you can follow to start thre process
- Prepare your systems, processes, and people for an organized response to disaster when it strikes.
- Identify critical IT systems and develop a long-range strategy.
- Select and train your disaster recovery team.
- Conduct a Business Impact Analysis.
- Determine risks to your business from natural or human-made causes.
- Get management support.
- Create appropriate plan documents.
- Test your plan.
Disaster Plan & Business Continuity Infrastructure
The key technology
elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP)
infrastructure are the primary data center, a remote site that duplicates the
resources in that primary location and the method used to get files (master and
transaction) between the two sites - such as high-bandwidth network
connections. The best DRP/BCP strategies follow a "redundant every-thing"
philosophy throughout the data center. Multiple mainframes and servers should
run in the production and backup data facilities. Then, if a component in the
production system encounters problems, it immediately fails over to the local
backup as a first line of defense.
Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.
White House email system down for a day
High tech White House falls down when its email disaster plan does not work.
The White House Press Secretary Robert Gibbs announced at a 1:45 p.m. press briefing that he was unable to send out the customary week-ahead memo as the White House e-mail system was "not working so well." D.C. reporters got their next e-mail from the White House around 8:30 the following morning indicating that the outage lasted most of a day.
- more infoHow to calculate the cost of downtime
One overlooked truth is that downtime costs accelerate in a non-linear fashion every hour. If a system fails for five minutes, the costs are fairly low because manual methods (paper and pencil) of making records or communicating by telephone instead of e-mails can suffice to conduct business. Over an extended period, however, the volume of work overwhelms the manual processes. Yet some businesses - such as Amazon or e-Bay - cannot run at all on manual processes. Business and financial operations increasingly deteriorate, and the rate of dollar losses grows - sometimes to the point of fatally damaging the business.
In addition, when assessing the financial impact of downtime, you need to consider factors such as potential lost revenue, reductions in worker productivity, and damaged market reputation. In some cases, downtime can even reduce shareholder confidence, which can create unnecessary and unplanned costs. Financial analysts and accountants at your company can help you come up with the factors at your company that are affected by downtime and contribute to its costs.
- more infoDisaster Planning Considerations
Many enterprises have taken a segmented approach to
Business Continuity and Availability, adding
point technology and reactive services to address disaster recovery. This
approach can be very complex, time-consuming and
costly. The task becomes much easier when a single vendor takes responsibility for architecting, implementing, testing
and supporting the solution.
There is an increase in the number of companies and organizations
requiring 24 x 365 days of IT uptime. In fact, ESG research indicates that 36%
of enterprises indicate they will incur significant revenue loss or other
adverse business impact if they have even an hour or less of downtime on their
mission-critical applications. Almost 15% indicate they cannot tolerate any
downtime.
Many Businesses Fail After a Disaster
Businesses'
reliance on IT systems and digital data has never been greater. The 2007 Best's
Underwriting Guide found that only 6% of companies that suffer catastrophic data
loss survive while 43% never reopen and 51% close within 2 years of the
disaster. Best's Underwriting Guide 2007 also found that 93% of the companies
that did not have their data backed up in the event of a disaster went out of
business. An analysis of SMBs' prioritization of disaster recovery, backup and
high availability for 2008 shows that businesses understand the risks to their
business and the value of protection. However, many organizations still think
that backup is a sufficient disaster recovery plan. However, mid-sized
enterprises are at the most risk to disaster and are more likely to rely
strictly on backup as a disaster recovery plan.
The needs and resources of mid-market
firms are unique. Midsized companies must work with limited finances
infrastructure and human resources. Robust disaster recovery used to be
affordable and manageable only by large enterprises. Mid-sized enterprises
relied more on backup than on a formal disaster recovery plan. As businesses'
reliance on IT has grown, backup has increasingly shown its weaknesses. However,
the introduction and maturation of several key technologies, such as
virtualization, have brought affordable and easily implementable Disaster Recovery and Business
Continuity to small and mid-sized companies. SMBs do not always equate
virtualization with Disaster Recovery and Business Continuity because
awareness of the many virtualization applications is just starting to
grow.
Number of Mission Critical Applications Increases
More processes are "mission-critical" as up to 60% of all applications in US-based medium-to-large enterprises are considered business-critical today (including email, collaboration, and intranet applications and data). This evolution demands that more systems, in more locations, that rely on more timely and sensitive data, be covered by Disaster Recovery and Business Continuity planning, and requires that datacenter operations teams provide tier-1 application support and data protection for a growing percentage of applications. - more info