developing plans and procedures chapter 5. you will learn how to… determine what disaster recovery...
TRANSCRIPT
You Will Learn How To…
Determine what disaster recovery procedures need to be developed
Develop and write disaster recovery procedures Review and approve disaster recovery
procedures Develop basic disaster recovery plans for a
facility Publish the disaster recovery plan
What Disaster Recovery Procedures Are Needed
Recovery procedures fall into one of six categories Direction, control, and administration Internal and external communications Safety and health Containment and property protection Resuming and recovering operations Restoring facilities and normalizing operations
Classifications of disaster Catastrophic, Major, and Minor
Developing and Writing Disaster Recovery Procedures
Planning team should monitor committee work for thoroughness and consistency
Subcommittees of the disaster recovery team may form to work with departments to develop procedures
All affected parties must draft and approve procedures, including those employees that implement the procedures
Procedures should be maintained on paper, intranets may make the more accessible
Reviewing and Approving Disaster Recovery Procedures
Entire planning team reviews drafts Subcommittee of planning team or group of
middle managers not involved in procedure development can act as independent reviewer
Reviewers should ensure that the procedure has the following attributes Clearly documented Easy to Read and understand Consistent with other procedures Does not contradict other procedures
Reviewing and Approving Disaster Recovery Procedures
Review committee submits changes to drafting committee
Drafting committee resubmits the changed procedure to the review committee
The review and revision process continues until the disaster recovery team and review committee are satisfied
Acceptance is a formal process involving the entire disaster recovery planning team, allowing all members of the planning team to comment
Developing Basic Disaster Recovery Plans for Every Facility Basic rules for a disaster recovery plan
Everything must be clearly documented The plan must be understandable by all employees Multiple copies of the plan must be available from
multiple locations to ensure the plan is accessible All response teams need copies of the plan Team members should be listed on a separate page
in the plan, including their names, department, and contact information
Basic Disaster Recovery Plan Outline
Front matter: Title Page, Table of Contents, Introduction Primary Disaster Recovery Staff Disaster Classification
Disaster Recovery Procedures Appendices:
Contact Lists, Building Plans Risks assessment reports Organizational agreements, Requirements
Basic Disaster Recovery Plan Front Matter
Title Page Name and location of facility or business process Legal confidentiality statements Contact information for Disaster Recovery Staff
Table of Contents Introduction
Overview of the plan Summarize specific laws, policies and regulations Detailed exhibits may be referenced in an appendix
Basic Disaster Recovery Plan Front Matter
Primary Disaster Recovery Staff Names, Titles, Addresses Phone numbers and e-mail addresses
Disaster Classification Clearly define how to classify catastrophic, major, and
minor disasters A catastrophic loss may be downgraded if other
facilities can be used for the same purpose, and no employees are dead or missing
Planning team classifies events to provide response teams with enough information to classify and respond to an event
Direction, Control, and Administration Procedures
These procedures enable managers to direct the organization from response to recovery Organizing the response team Establishing an emergency operations center Establishing first alert notifications Confirming a disaster Declaring the disaster Keeping an activity log
Emergency Operations Center
Especially necessary for catastrophic disasters Response team leaders direct response from
this location Response team may work and rest at this
location Location may be one of the organizations
facilities in a community Local hotel with conference facilities may also be
used
First Alert Procedures
Methodical and structured process for notifying Managers Employees Emergency Services Organizations
Who is responsible for initiating first alerts Who can authorize a first alert Names of those to contact first after a disaster An authorized manager must initiate the alert,
but the manager’s staff may make contacts
Disaster Confirmation Procedure
Verifies that a disaster has occurred Validates the impact of the disaster Determines the initial damage and scope
of the disaster Once confirmed, disaster declaration is
made Disaster is initially classified as
catastrophic, major, or minor
Disaster Recovery Activity Log
Describe the activity, date and time, contact information for the activity
Recovery plan should provide a sample log to be used to record recovery activities
Detailed instructions on how the log should be maintained
Risk assessments help the team understand which operations are affected by an activity
Individual teams may keep logs to integrate into the master activity log
Safety and Health Procedures
Two teams should be organized Evacuation and Rescue Team Security Team
Both teams need access to building plans Teams develop procedures for facility evacuation,
reentry, movement of employees, and crisis counseling One team member keeps the log, entire team may be
debriefed after initial response to complete log Evacuation and rescue team employees should be
trained to supervise evacuation procedures and initiating rescue efforts
Security Team
Ensure facilities and valuable properties are protected during evacuation, after evacuation, and during recovery
Procedures for Internal and External Communication
Establish a communication team The communication team establishes
contact with all parties and provides consistent explanations of the recovery
Timelines for expected recovery activities are distributed after being approved by the director of the disaster response team
Communications Team
Activity log is maintained listing organizations and individuals contacted, and when they were contacted
Contact lists are maintained in an appendix of the recovery plan
Agreements and external relationships that can assist in recovery documented in an appendix
Team members can manage internal and external communications and facilitate disaster response
Team is responsible for contacting law enforcement, government agencies, and media
Procedures for Containment and Property Protection
Establishes an insurance and damage assessment team
Consists of trained employees that canPrepare initial, detailed damage assessmentsFile reports with insurance companiesWork with demolition crews or construction
contractors for cleanup and repairs
Procedures for Resuming and Recovering Operations
Procedures that may be necessary to resume operations Determining the duration of the shutdown Activating back-up systems Activating alternate systems Activating hot or cold sites Moving records Moving equipment Moving supplies Recovering critical systems and functions Recovering essential systems and functions Recovering necessary systems and functions Recovering desirable systems and functions
Business continuation team develops and executes these procedures during recovery
Business Continuation Team
Consists of trained employees with the skills to manage operations and restore critical business systems and functions
Team responsibilitiesMoving employees into temporary quartersProviding telecommunications, computer
networks, and computing supportManaging shipping and receiving
Procedures for Restoring Facilities and Normalizing Operations
The organization’s restoration team is responsible for executing these procedures
The team consists of employees who can manage the restoration or rebuilding of facilities
Team responsibilities Obtaining restoration estimates Managing temporary repairs Preparing facilities for reoccupation
Publishing the Disaster Recovery Plan
The disaster recovery planning team appoints a plan publishing team leader
Team leader should have a background in technical writing, publishing, or procedure documentation
Works with all parties to make sure all materials are accurate and approved
Team leader establishes the document flow from the planning team to the publishing team
Planning team determines how the plan is published, a copy of the plan must always be accessible
All departments receive a copy of the plan Training materials are developed from the plan to train employees The plan is confidential material and the planning team should keep
a log of who has copies of the plan
Disaster Recovery Confidentiality
All employees receiving a copy of the plan should sign a confidentiality and nondisclosure agreements
A blanket nondisclosure agreement signed initially by employees may cover receiving a copy of the recovery plan
Assessing Progress and Moving Forward
Organizations must develop detailed recovery procedures
Disaster recovery procedures must be documented to smoothly recover operations
Chapter 6 discusses the importance of organizational relationships in disaster recovery
Chapter 7 explains how to develop procedures for responding to computer attacks
Chapter 8 covers documenting recovery procedures for special circumstances
Chapter Summary
The disaster recovery planning team needs to evaluate all facilities and business operations to determine what kinds of procedures it must help develop
As planning team members oversee the development of recovery procedures, they should continually monitor the drafts for thoroughness and consistency of formatting
Subcommittees of the disaster recovery team must work with the necessary departments to develop procedures
The procedures must be drafted and approved by all affected parties, as well as by employees who must implement the procedures
Chapter Summary
The entire disaster recovery team should review drafts of all recovery procedures
Planning team members not developing procedures or a group of middle managers not involved should review the procedures
Every facility should have at least a basic disaster recovery plan in place
A team leader should be appointed to oversee publication of the disaster recovery plan