Más contenido relacionado La actualidad más candente (20) Disaster Recovery Planning1. JW
T
JW
Disaster
T
Recovery
Planning (DRP)
Fundamentals
Fundamentals
John WilsonWilson
John
Copyright © 2004 T. John Wilson & Associates P/L
Copyright © 2004 T. John Wilson & Associates P/L
2. JW
T
Single Point of Failure
Captain (Company) Goes Down with the Ship !
Cyclone Graham
Venus
Good Ship
c Client Base
o Infrastructure
m
p s Company Data
h
a
mployees
i
n
y
p E
Copyright © 2004 T. John Wilson & Associates P/L 2
3. Why do we need to Plan for Disasters ? JW
T
We need to assess the potential risks to the
organisation, which could result in disasters or
emergency situations
We need to consider all the possible incident types, and
the impact they may have on the organisation’s ability to
continue in business
40% of major companies that experience a serious
disaster go out of business within one year
WHY ?
Copyright © 2004 T. John Wilson & Associates P/L 3
4. Answer JW
T
Earthquake
The process of resuming
normal business is:
• Too Traumatic
• Too Difficult
• Too Expensive
There has been little or no Planning & Preparation
to minimise the impact of a Disaster
Copyright © 2004 T. John Wilson & Associates P/L 4
5. JW
T
What is a Disaster ?
Act of God:
Earthquake
e.g. Kobe, Turkey
Cyclone/Hurricane
e.g. Florida
Floods
e.g. Nyngan, Bangladesh
Bushfires
e.g. Australia, California
Act of Man:
Accident e.g. Plane Crash, Train Crash
Terrorism e.g. World Trade Centre, Bali
Sabbotage e.g. Network Hacking, Staff Grievance
Copyright © 2004 T. John Wilson & Associates P/L 5
6. DRP in Perspective JW
T
For a business to continue/survive after a disaster,
3 main preparatory disciplines are needed:
– Business Impact, Risk Assessment & Management
(ongoing)
– Business Continuity Planning (non-IT & ongoing)
– Disaster Recovery Planning (IT only & ongoing)
A business ignores
these at its peril !!!
Copyright © 2004 T. John Wilson & Associates P/L 6
7. DRP Becoming Mandatory – JW
T
WHY ?
Other than employees, Information/Data is a
company’s most valuable asset
Business is becoming increasingly dependent on
computerisation and technology
Auditors are demanding it
Insurers are demanding it
Shareholders are holding management responsible
for having it
Copyright © 2004 T. John Wilson & Associates P/L 7
8. Requirements for JW
T
Getting Something Done
The knowledge of how to do it
The skill to do it
The time in which to do it
The desire/motivation to do it
Problem: Requirements may be for Constructive or
Destructive reasons
Motivating Factor: The individual’s Attitude or Frame
of Mind
Copyright © 2004 T. John Wilson & Associates P/L 8
9. Pyramid of Needs JW
T
(Abraham Maslow, in the 1920’s)
I
am
Motivation making Self-Actualisation
the best
Theory of myself
Respect of
family, friends etc. Esteem
Acceptance by
family, friends & workmates Love Needs
Safety (physical) and
Safety from Worry Safety Needs
Food, Warmth, Shelter, Sex
Psychological
Theory: “Once needs have been met at Needs
one particular level, they
cease to be motivators”
Copyright © 2004 T. John Wilson & Associates P/L 9
10. Start with Management by: JW
T
Getting their commitment & support by:
Educating them on the changing role of IT
Explaining the risks & implications to them
Identifying the cost of not having a DRP
Getting them involved in initial planning
Getting their commitment – both financial & People
Making DRP a Corporate Policy
Copyright © 2004 T. John Wilson & Associates P/L 10
11. Corporate Policy Guidelines should: JW
T
Demonstrate that management is serious about DRP
Involve Legal, Financial and Audit departments to
reinforce it
Emphasise the importance of corporate procedures and
data and the need to protect it
Define the minimum requirements to allow the business
to recover after a disaster
Be delivered to all employees concerned in an
authorative manner
Copyright © 2004 T. John Wilson & Associates P/L 11
12. We should have a Running Start – Why ? JW
T
Management are normally already security conscious,
albeit not always from an IT perspective:
Physical access to the building is controlled
Emergency evacuation procedures are in place
Regular evacuation drills are carried out
Basic data backups are being taken
The DRP should be an extension
of these basic procedures
Copyright © 2004 T. John Wilson & Associates P/L 12
13. But First …We Need to: JW
T
Establish the geography of the organisation –
Is it a multi-site organisation ?
Is it a multi-city organisation ?
Establish the geography of the network –
Is it a “glasshouse” centred network ?
Is processing distributed and/or client/server
based ?
Establish what it is we need to recover -
Is it the “glasshouse” environment only ?
Do we need to cater for the recovery of non-
glasshouse equipment ?
Copyright © 2004 T. John Wilson & Associates P/L 13
14. DRP Approach - Deciding Factors JW
T
Can a DRP site be setup elsewhere on own property, or
must we go outside ?
The extent of network & infrastructure changes &
upgrading needed to effect a DRP
How long could the organisation survive without its IT
services ?
This will influence the choice of a “Cold”, “Warm” or “Hot”
site approach
Copyright © 2004 T. John Wilson & Associates P/L 14
15. Cold, Warm or Hot Site ? JW
T
This choice will largely depend on:
Management’s commitment (especially financial) to
providing proper DRP facilities
How long the organisation could survive without IT
services
Whether a Business Continuity Plan (non-IT) exists
So what is the difference between a Cold, Warm or Hot site ?
Copyright © 2004 T. John Wilson & Associates P/L 15
16. DRP “Cold” Site JW
T
Has the necessary accomodation, environmentals and
communications in place, but ….
No computer equipment is installed
Computer equipment is installed when the disaster
occurs
It can take 6 – 8 weeks to get the IT environment up
and running
In financial terms this DRP site is the cheapest, but …
Few businesses could survive
without IT for 6 – 8 weeks
Copyright © 2004 T. John Wilson & Associates P/L 16
17. JW
T
DRP “Warm” Site
Is a full blown alternative IT site, with everything in
place, but …
The equipment is powered off – so no running
costs
To activate requires powering it up, and …
Restoring the necessary backups to provide an
up-to-date running environment
Recovery time for a mainframe/midrange
environment is typically 1-2 days
More expensive than a cold site, but more practical
Copyright © 2004 T. John Wilson & Associates P/L 17
18. DRP “Hot” Site JW
T
Like “Warm” site, everything is in place, but …
Everything is operational – it is a live, parallel fully current
copy of the production environment
Recovery of operations merely involves switching over to
the “Hot” site, therefore …
There is minimal delay in resuming operations
Because everything is duplicated and operational it is the
most expensive DRP site solution
Justification depends on cost to the business of not having
IT services available
Copyright © 2004 T. John Wilson & Associates P/L 18
19. JW
T
Disaster Recovery Management
Three key components are required for successful
Disaster Recovery Planning and Management
– D R Control Group
– D R Committee
– D R Teams
Copyright © 2004 T. John Wilson & Associates P/L 19
20. D R Control Group JW
T
Is active only for the duration of the disaster
Is made up of key decision-making management
– Company Secretary (Chairman)
– Director of Marketing/Communications
– Director of Finance
– Director of H R
– Director of Security
– Director of IT
– D R Manager
– D R Co-ordinator
Responsibilities:
– Manage the DR Committee/Teams
– Official Disaster Declaration
– Disaster-over Declaration
Copyright © 2004 T. John Wilson & Associates P/L 20
21. D R Committee
JW
T
Responsibilities:
– Educate Management on importance of DRP
– Promote importance of DRP in the company
– Ensure DRP is kept up-to-date
– Form & Manage DR Teams
– Execute the DRP in the event of a Disaster
Copyright © 2004 T. John Wilson & Associates P/L 21
22. D R Committee Members JW
T
The DR Committee should consist of Key Managers from:
– IT Department
– HR
– Security
– Finance
– Transport
– Customer Service
– Hardware, Software & Service Providers
Copyright © 2004 T. John Wilson & Associates P/L 22
23. Key Player – DR Manager’s Role JW
T
Is typically someone with a total focus on Security
Chairs the DR Committee Meetings
Assists in the overall co-ordination of the Committee
Is the focal point of contact for all communications regarding the DRP –
Internal and External
Is responsible for officially Declaring a Disaster – on behalf of the DR
Control Group – this is a Major Decision and costs big money
Project Manages the execution of the DRP
Ensures the DR Co-ordinator is managed & kept informed
Copyright © 2004 T. John Wilson & Associates P/L 23
24. Key Player – DR Co-ordinator’s Role JW
T
Typically spends 30% of his/her time on DR issues
Services the DR Committeee – meeting minutes, etc.
Ensures ongoing information flow is maintained
Keeps the DR Plan up-to-date
Deputises for the DR Manager, when required
Co-ordinates off-site backup procedures
Copyright © 2004 T. John Wilson & Associates P/L 24
25. Summary JW
T
Disaster Recovery Planning (in this context) is focused on
recovery of the IT Environment
Ideally, it compliments two chronologically prerequisite
disciplines:
– Risk Assessment & Management
– Business Continuity Planning(BCP) – not ICT
With the ever-growing business dependence on IT, and the
increasing awareness of terrorism and security issues this
issue must be taken seriously
What Price (Business) Survival ?
Copyright © 2004 T. John Wilson & Associates P/L 25
26. JW
T
Q st i on
a
? .
s ! … just in case
ppen red –
!
it ne ver h e prepa
hope . But let’s b
Let’s …
Copyright © 2004 T. John Wilson & Associates P/L 26