In this paper, I address the importance of Disaster Recovery Planning when it comes to protecting business IT from the effects of natural and man-made calamities.
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
1.
“Delivering integrated solutions since 1994”
Disaster Recovery Planning
“A Risk Assessment Exercise”
By: J. Antonio Rico, P.E.
Dear Reader:
Did you know that the State of Texas ranks number one when it comes to natural disasters in
the United States? That is right; according to the Federal Emergency Management Agency
(FEMA) website Texas has had 86 major disasters. And even though the “big flood” of 2006 and
the “big freeze” of 2011 were not catalogued as major disaster, they did create havoc in our
International Borderplex area of El Paso, TX, Las Cruces, NM, and Juarez, MX. During these two
natural events, area business activity was considerably reduced because businesses
experienced problems such as flooding, loss of electricity, loss of Internet and telephone, etc.
and in some cases, loss of line‐of‐business applications and data.
According to the Richmond House Group, 20% of small and midsize businesses will suffer a
major disaster causing loss of critical data every five years. This figure is important for us in our
area; in El Paso, TX 80 % of businesses are considered to be small to midsize.
In this paper, I address the importance of Disaster Recovery Planning when it comes to
protecting business IT from the effects of natural and man‐made calamities. The most critical
part of a (DRP) is to assess the risk systems, applications, and data are exposed to and to
implement measures to reduce or eliminate such exposure.
Thank you
2. Disaster Recovery Planning
“A Risk Assessment Exercise”
By: J. Antonio Rico, P.E.
Introduction
In recent years, the topic of how can a business recover from a major disaster has gain
notoriety and is requiring business decision makers to assess the potential of a major
catastrophe, its impact on the ability of the business to continue operations, and the
development of steps that will bring the business back to full operation in a timely manner.
The intent of this paper is not to define what a catastrophe is, how often one happens, or what
geographic areas are most commonly affected. The intent is simply to highlight the importance
of assessing the potential risks that a business’s Information Technology infrastructure faces
and that it could impede the business’s ability to serve its clients. This is the first and most
critical step, in the preparation of a sound Disaster Recovery Plan (DRP), which is a component
of the Business Continuity Plan (BCP).
Disaster Recovery vs. Business Continuity
At this point, it is important to distinguish between the concepts of Disaster Recovery Plan and
the Business Continuity Plan. The DRP is a set of policies and procedures set to restore critical
infrastructure, such as IT, to its full operating capacity while BCP lays out the roadmap for the
business functions, i.e., Human Resources, Accounting, Facilities, etc., required for the
business to continue operating under the effects of an adverse condition be it a natural or a
man-made disaster.
In this paper, IT infrastructure refers to the telecommunications services used for voice and
Internet connectivity, network and computer hardware, wired and wireless connections,
applications, data back-up, and any other infrastructure used in connecting the business to its
clients and suppliers.
Assessing Risk
Assessing risk can be accomplished by performing an impact analysis of the critical data,
strategic roles, and IT resources that support the business processes. The risk assessment
must evaluate both the external and internal factors. The external factors include suppliers and
vendors while the internal factors include the business’s own infrastructure, processes,
personnel, etc.
The impact analysis will help define two important and widely used parameters, Recovery Point
Objective (RPO) and Recovery Time Objective (RTO), for each of the systems that need to be
restored first or prioritized. RPO defines the maximum amount of time that data might be lost.
RTO is the amount of time allowed for a business process to be restored to operation. These
numbers will impact the cost to implement a DRP; solutions that enable recovery over days or
weeks (longer RTO) are typically much less expensive than solutions that enable a business to
recover in hours, minutes or seconds (short RTO).
Once the RPO and RTO parameters are defined, each area of the IT infrastructure must be
analyzed to determine ways to prevent failure, detect potential threats, and correct any
3. problems within the allowable objectives. Some of the areas that will have to be assessed
include, but are not limited to:
1. Telecommunications Service – What is the Internet and Telephone service provider level
of service; i.e., Response time? Is the service redundant?
2. Network and Computer Hardware Location – Is the IT hardware located in an area prone
to flooding or access by unauthorized people? Are the systems covered by
maintenance plans? Is there sufficient and adequate protection against fire?
3. Electrical Service – Is the electrical service supplying the Network and Computer
Hardware reliable? Is there a back-up power source? Are there Uninterruptible Power
Supplies (UPS) protecting the hardware?
4. Data Back-up Systems – Is the data being backed up appropriately? Are the back-ups
being tested periodically? Are the back-ups held on-site or off-site?
5. Servers - Do servers have the right hard drive protection, i.e. RAID? Is there a
“snapshot” of the configuration that would allow a prompt restoration of a failed
machine?
6. Wireless Devices – Is there the proper security policies in place to prevent unauthorized
access to the network?
7. IT Policies – Are there policies in place to reduce the unauthorized use of passwords?
Do users understand the approved network and computer system uses?
In Closing
Before any Disaster Recovery Plan can be developed, the risks associated with the IT
infrastructure must be thoroughly assessed. This assessment must be conscientious to ensure
that no possibility is ignored. The results of the risk assessment will be the base for the
completion of a sound DRP. It is important to note that the risk assessment is a continuous
action item that will have to be tested anytime a new system or application is added or anytime
the network is modified. Failure to do so will result in an ineffective Disaster Recovery Plan.
About the Author
J. Antonio Rico, P.E. is the President of ESEI; a Telecommunications Engineering and IT
Services company that plans, designs, integrates, and manages networks and systems.