1. 0 | P a g e
Interpharm DR Plan
Business Impact Analysis
Contained in this document are instructions on how
to recover from a disaster quickly and with only minor
disruption to normal business. It includes a Business
Impact Analysis and a Disaster Recovery Plan. The
main objective is to have critical services restored
within 4 hours in the event of Total Network Outage.
David Donovan
5/5/2013
2. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 1
Table of Contents
Introduction ......................................................................................................................................2
Maximum tolerable outage / Recovery Time Objective ................................................................2
Recovery tasks and duration........................................................................................................2
Internet Connection ......................................................................................................................3
Total cost......................................................................................................................................3
Level of Protection ...........................................................................................................................4
Policy Statement..............................................................................................................................5
Staff Responsibilities ....................................................................................................................5
Business Impact Analysis ................................................................................................................6
Note: MTO- Maximum Tolerable Outage......................................................................................6
Critical Functions for IT Network: .................................................................................................6
Device Recovery Times................................................................................................................7
Disaster Definitions..........................................................................................................................8
Important contacts:.......................................................................................................................9
Backup Strategies ........................................................................................................................9
Disaster Recovery Implementation ................................................................................................10
Steps for Disaster Plan...............................................................................................................10
Flow Chart..................................................................................................................................11
Testing Disaster Recovery Plan.....................................................................................................12
Works Cited ...................................................................................................................................13
Disclaimer ......................................................................................................................................13
3. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 2
Introduction
Interpharm requires that no data is to be
outsourced or transmitted over shared
bandwidth.
A disused bomb shelter has been
purchased for use as an emergency site.
This recovery ‘cold site’ site has a
dedicated Ethernet over First Mile Point
to Point connection with Berkley Vale
Office.
File server needs to be running
continuously so data stored on
Interpharm’s File Servers is continuously
replicated to the server at the Emergency
Site.
XenServer needs to be installed on the
physical servers so the hard-drives
storing the backup of the virtual servers
at Berkley Vale can be plugged into the
physical servers quickly.
Maximum tolerable outage / Recovery Time Objective
Diagram 1 – MTO and RTO
This plan achieves a recovery time objective (RTO) of 2.5 hours. The maximum tolerable outrage
is 5 hours. Specific Disaster Recovery instructions are specified on page
Recovery tasks and duration
Task Name
Duration
Minutes
Report Fault 10
Evaluate and Declare Disaster 20
Contact Relevant Personnel 10
Obtain Relevant Documentation 15
Collect backups 10
Go to Recovery Site 30
Boot Needed Servers and
Workstation. 15
Connect Virtual Devices 10
Test 30
Total Hours 2.5
4. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 3
Internet Connection
Internet: Will be provided by Telstra
Business Broadband Ethernet Plans
10Mbps Synchronous connection.
Carriage is via a dedicated business-
only network, supported by Telstra’s
IT staff.
Staff can access the network from
any location using the VPN server.
(Telstra, 2013)
Infrastructure
The following has been set-up and cabled at the emergency site.
Hardware:
2 Routers
2 Switches
6 Virtual Servers 3 Physical Servers With Citrix XenServer Installed.
a. 2 domain controller’s (to be used as DHCP server for workstations)
b. 1 file server. (Storage)
c. 1 exchange server (to be used as file and internal web server)
d. 1 VPN server. (To be used so remote staff can access network.)
20 thin clients.
5 Workstations
Software:
1. Backups of all switch and router start-up configurations.
2. Citrix Xen Server 6.1.0 (3 licences)
3. Citrix Xen Centre 6.1.0 (1 licence can be installed on a workstation)
Total cost
Hardware Servers, Routers, etc. (Inc.
Generator, surge protector and UPS)
$60, 000
Software Licences Virtualization Software shown on pg. 2
$5,787
Internet Connection $95,172 per year Unlimited.
Location $130,000
Total $195,787 + $95,172 /12 months
Table 1
http://www.telstra.com.au/business-enterprise/business-products/internet-data/ethernet-
dsl/business-broadband-ethernet/index.html
5. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 4
Level of Protection
(Gould, 2001)
The DR plan will give us between tier 5 and tier
4 recovery times, with no loss of data. This is
the best option for Interpharm.
It gives Interpharm total control over the
security.
It provides an off-site location where all
important data can be replicated
instantly. So there is no-chance of losing
important data.
Equipment is there if needed, but not
running continuously.
6. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 5
Policy Statement
Corporate management has approved the following policy statement
The company shall develop a
comprehensive IT disaster recovery plan.
A formal risk assessment shall be
undertaken to determine the
requirements for the disaster recovery
plan.
The disaster recovery plan should cover
all essential and critical infrastructure
elements, systems and networks, in
accordance with key business activities.
The disaster recovery plan should be
periodically tested in a simulated
environment to ensure that it can be
implemented in emergency situations
and that the management and staff
understand how it is to be executed.
All staff must be made aware of the
disaster recovery plan and their own
respective roles.
The disaster recovery plan is to be kept
up to date to take into account changing
circumstances.
Staff Responsibilities
Staff must report any problems with
connecting with the company network /
Internet and hardware/software faults
with workstations to IT staff members
immediately.
If possible, Disaster Recovery should
only be implemented after IT recovery
officers determine that IT operations
cannot be resumed within the MTO
(Maximum Tolerable Outage).
7. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 6
Business Impact Analysis
This following is for IT staff to work out priorities when recovering from a major disaster.
MTO for network (hrs.) Priority
Production 4 2
Sales 4 5
Warehouse
&Distribution
4 3
Marketing 8 6
Finance & Accounts 4 5
IT 4 1
Research &
Development
12 7
Admin 4 4
Table 2
Note: MTO- Maximum Tolerable Outage
Critical Functions for IT Network:
1. Receiving orders through via Internet.
2. Connecting remote users to the network
3. Issue bills and receive payments.
4. Maintain/Secure data & records.
5. Maintain and monitor specialised applications.
6. Inter-Department communication.
7. VoIP
Department Critical function
Production Applications to monitor & control
equipment, communicate with W&D +
Accounts.
Warehouse & Distribution Communicate with Production,
Accounts
Accounts Send out bills and receive payments
Table 3
8. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 7
Device Recovery Times
Recover Critical Network Equipment
Device Name Replace
Hardware(min)
Recover
Settings(min)
Recover all Data
(min)
Total Recovery
(min)
BVDC1 60 60 60 180
BVDC2 60 60 60 180
BVPROXY1 60 60 60 180
BVSW1 30 20 30 80
BVROUTER1 30 20 30 80
WGSW1 30 20 30 80
WGROURER1 30 20 30 80
WGRODC1 60 60 60 180
WGPROXY1 60 60 60 180
WGSAMBA1 60 60 60 180
NCSW1 30 20 30 80
NCROUTER1 30 20 30 80
NCRODC1 60 60 60 180
NCPROXY1 60 60 60 180
NCSAMBA1 60 60 60 180
total (hours) 12 11 12
Berkley Vale 12 Hours Total Time
Wollongong 12 Hours 35 Hours
Newcastle 12 Hours
Table 4
Note: Device names are written on the outside of all hardware. Or they can be found in the logical
network diagram.
9. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 8
Disaster Definitions
Key trigger issues at headquarters that would
lead to activation of the DRP are:
• Total loss of all communications
• Total loss of power
• Flooding of the premises
• Loss of the building
When an incident occurs the Emergency
Response Team (ERT) must be activated.
The ERT will then decide the extent to which
the DRP must be invoked. All employees
must be issued a Quick Reference card
containing ERT contact details to
be used in the event of a disaster.
Responsibilities of the ERT are to:
• Respond immediately to a potential
disaster and call emergency services;
• Assess the extent of the disaster and its
impact on the business, IT network, etc.;
• Establish and manage disaster recovery
team to maintain vital services and return
to normal operation;
Ensure employees are notified and allocate
responsibilities and activities as required
Note: DRP – Disaster Recovery Plan
Table 5
(Kirvan, IT Disaster Recovery (DR) Plan Template, 2009)Disaster
Potential D Probability Rating Impact Rating Brief Description Of Potential
Consequences & Remedial Actions
Flood 3 4 Critical Network equipment is
located on second floor
Fire 3 4 FM200 suppression system
installed in main computer centers.
Fire and smoke detectors on all
floors.
Tornado 5
Electrical storms 5
Act of terrorism 5
Act of sabotage 5
Electrical power
failure
3 4 Redundant UPS array together with
auto standby generator that is
tested weekly & remotely monitored
24/7. UPSs also remotely monitored.
Loss of communications network
services
4 4 Ethernet over First mile comes with
backup dedicated circuits. As well
as dialup access for remote staff.
10. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 9
Important contacts:
Name Number
Telstra (Nadil Hazma) 43254745
Grahame Beard (CEO) 43422112
Bruce McWhirter (CIO) 43422111
Ambulance 000
Fire 000
Table 6
Backup Strategies
KEY BUSINESS PROCESS BACKUP STRATEGY
IT Operations Data replicated to Recovery Site
continuously, copies of all Virtualized
Hardware sent to recovery site once a
month.
Facilities Management Data replicated to Recovery Site
continuously, copies of all Virtualized
Hardware sent to recovery site once a
month.
Email Data replicated to Recovery Site
continuously, copies of all Virtualized
Hardware sent to recovery site once a
month.
Finance Data replicated to Recovery Site
continuously, copies of all Virtualized
Hardware sent to recovery site once a
month.
Warehouse & Inventory Data replicated to Recovery Site
continuously, copies of all Virtualized
Hardware sent to recovery site once a
month.
Product Sales Data replicated to Recovery Site
continuously, copies of all Virtualized
Hardware sent to recovery site once a
month.
Web Site (internal) Data replicated to Recovery Site
continuously, copies of all Virtualized
Hardware sent to recovery site once a
month.
Table 7 (Kirvan, IT Disaster Recovery (DR) Plan Template, 2009)
11. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 10
Disaster Recovery Implementation
Steps for Disaster Plan
Step 1 Declare Disaster
Before implementing this plan, ensure a disaster has been declared by ERT staff listed it this table
below. Or if the one of the key triggers listed in the disaster definitions occurs.
If none of these people are on-site at the time attempt to contact them in the order listed. One of
the IT staff will contact the CIO and CEO.
IT Contacts (Emergency Response Team) ERT.
Name Position Location Email Number
Dave
Williams
IT Staff Berkley
Vale
dave@Interpharm.local 43666669
Richard
Nixon
IT Staff (systems back-
up Administrator)
Berkley
Vale
richard@Interpharm.local 43009099
Rod Rude IT Staff (recovery officer) Berkley
Vale
Rod@Interpharm.local 40339902
Table 8
(Copies of backups are kept by Richard Nixon, Rod Rude and Ben Dover.)
Step 2 Ensure the safety of the people around you.
Step 3 Assemble at the recovery site with the network documents and backup media.
Step 4 Connect Backup Drives to the Virtual Server. And power up physical devices.
Step 5 Using Xen Centre on the IT’s workstation boot the virtual machines.
Step 6 Perform Testing procedures.
12. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 11
Flow Chart
Will the fault impact the
critical network functions?
Use the tables
provided to
determine if the
critical infrastructure
can be recovered by
the Recovery Point
Objective (RPO)
Fix the problem
and have normal
services
resumed within
the RTO.
Email IT
support to
report the
problem
No
Determine if the
problem device/s
can be recovered
within 4 hours
Recovery Site has a copy
of all network devices and
servers. These have
been setup with the same
settings. Network
documentation of secure
site can be found in the
safe.
Yes
Declare a Disaster
Inform all Staff in Table 4
to assemble at Recovery
Site.
Yes
No
Recovery Staff will
power up all equipment
and test
Services
Resume
13. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 12
Testing Disaster Recovery Plan
The disaster recovery plan needs to be updated and tested every 6 months to ensure plan is
effective.
Be sure to replicate any changes to the network to the emergency site. And the table below shows
the optimum time to strive for.
Task Name
Duration
Minutes
Report Fault 10
Evaluate and Declare Disaster 20
Contact Relevant Personnel 10
Obtain Relevant Documentation 15
Collect backups 10
Go to Recovery Site 30
Boot Needed Servers and
Workstation. 15
Connect Virtual Devices 10
Test 30
Total Hours 2.5
Table 9
14. Disaster Recovery Plan (Diploma) 5/05/2013
David Donovan Page 13
Works Cited
Gould, P. (2001, Feb 18th). N/A. N/A, N/A, Australia.
Kirvan, P. (2009, September 9th). IT Disaster Recovery (DR) Plan Template. Retrieved May 5th,
2013, from SearchDisasterRecovery:
http://searchdisasterrecovery.techtarget.com/feature/IT-disaster-recovery-DR-plan-
template-A-free-download-and-guide
Kirvan, P. (2009, July 7th). Using a Business Impact Analysis Template (BIA). Retrieved May 5th,
2013, from SearchDisasterRecovery:
http://searchdisasterrecovery.techtarget.com/feature/Using-a-business-impact-analysis-
BIA-template-A-free-BIA-template-and-guide
Disclaimer
This document is based on the template provided by TechTarget, Inc. Conditions for the
use of copyright material can be found at
http://searchdisasterrecovery.techtarget.com/about/copyright