The Dynamics of Disaster Recovery, Term Paper Example

Disaster Recovery Policy and Procedures

ABC Inc. has 3 regional offices located within the same city. Likewise the head office was also located in the same city. However, all these regional offices along with the head office are geographically dispersed. Figure 1.1 defines the network architecture of ABC Inc.

In an emergency, the ABC Inc. top priority is to preserve the health and safety of its staff before proceeding to the Notification and Activation procedures of BCP/DR. The Notification/Activation Phase defines the initial actions taken once a system disruption or emergency has been detected or appears imminent. This phase includes processes to notify recovery personnel, assess damage, and implement the DRP. The Duty Person will closely monitor the event, notifying any member of IT Disaster Recovery team as required to assist in damage assessment according to Call Tree notification. The DRP Call Tree is located in Appendix {XX}.

An emergency event may occur with or without prior warning. The notification process will be the same in either case. Corrigan, A. (2008) The manner in which personnel are notified depends on the type of emergency and whether the emergency occurs during or after normal business hours. Notification during normal business hours will be accomplished by phone, e-mail, word of mouth, cell phone, or pager. Notification after normal business hours will be conducted by activating the Call Tree.

• The first responder is to notify the DR Coordinator. All known information must be relayed to the DR Coordinator.
• The DR Coordinator is to contact the Damage Assessment Team (DAT) Leader and inform them of the event. The DR Coordinator is to instruct the DAT Leader to begin assessment procedures.
• The DAT Leader is to notify team members and direct them to complete the assessment procedures outlined in Section 3.3 to determine the extent of damage and estimated recovery time.

IT Disaster Recovery Team (IT-DRT)

IT disaster recovery team shall be responsible for the recovery of IT operation at alternate recovery site.

Roles and Responsibilities for DR Team

Pre Contingency Coppola, D. P. (2006)

• Responsible for placement of backup server at warm site for contingency purpose
• Responsible for database replication of all critical application from primary site to alternate site
• Responsible for offsite placement of database backup of all critical application as per backup policy.
• Responsible for backup of all critical files placed at file server to alternate site according to backup policy.

• Responsible for deployment of document imaging system for digitalization of critical records.

On activation of Disaster

• Responsible of activation of critical application at alternate site through backup server placed at warm site.
• Responsible for arrangement necessary IT equipment to carry out business critical processes.
• Assess the damages ABC Inc. to identify time for relocation.

Damage Assessment Procedures

Once access to the facility is permitted, an assessment of the damage is made to determine the estimated length of the outage. If access to the facility is precluded, then the estimate includes the time until the effect of the disaster on the facility can be evaluated Comfort, L. K., Oh, N., and Ertan, G. (2009).

The DRP will be implemented following an emergency event based on the damage assessment performed by the DAT. It is imperative that the nature of the emergency and the extent of the damage be assessed as quickly as conditions allow. The DAT will address the following concerns:

• Determine the cause of the emergency;
• Determine the area(s) affected;
• Determine stability of the area;
• Determine the status of the physical infrastructure;
• Determine inventory and functional status of equipment;
• Determine type of damage to equipment (e.g., water, fire and heat);
• Determine items to be replaced;
• Estimate recovery time; and
• Report findings to the BCP Coordinator.

Alternate Assessment Procedures

Upon notification from the DR Coordinator, the DAT Leader is to closely work with management of the building to assess damages and identify following reasons.

• Determine the cause of the emergency;
• Determine the area(s) affected;
• Estimate recovery time; and
• Report findings to the BCP Coordinator

Plan Activation

The DRP will only be instituted when one or more of the following activation criteria have been met:

• Safety of personnel is at stake;
• Severe damage to the facility precludes further operation;
• IT systems will be unavailable for more than 24 hours or
• Extent of damage to systems precludes continued operations.

DR Coordinator

Once the damage has been assessed, the DR Coordinator will select the appropriate strategy and begin the recovery process:

• If the plan is activated, the DR Coordinator will notify all Team Leaders, and provide details of the event, and state whether relocation is required.
• Upon notification from the DR Coordinator, Team Leaders will notify their respective teams. Team members are to be informed of all applicable information and prepared to respond and relocate if necessary.
• The DR Coordinator will notify the off-site storage facility that a contingency event has been declared and to ship the necessary materials (as determined by damage assessment) to the Alternate Site.
• The DR Coordinator will notify the management of DR site. If a contingency event has been declared and to prepare the facility for the Organization’s
• The DR Coordinator will notify remaining personnel on the general status of the incident.

Recovery Strategy

As we all know the best way to prepare for a disaster is to avoid the disaster. Therefore, following control has been already operational to mitigate major risk that lead to disaster due to IT breaches.

High Availability of Business Critical Server

• There may be risk of failure of power supply in critical server that is mitigated by deploying redundant power supply that may automatically operate once problem arrived hence mitigate down time.
• Failure due to surge and electricity fluctuations are common computer hazards, in order to avoid these risks IT department has taken necessary action to overcome the situational hazards to made all of the available server hard drives in form of array called Redundant Arrays of inexpensive disk (RAID level 5) that mitigate downtime for business critical server due to hard disk failure.
• Considering risk of failure of hardware component mention above redundant backup server for critical application server and authentication server is also deployed in organization for contingency purpose.

Power Failure

The primary reasons to apply line-interactive UPSs are to protect the critical load from significant variations in the voltage supplied. To ensure the business running without interruption adequate UPS are installed in ABC Inc. In case of power failure, UPS will be functional; servers, peripheral devices and other users PCs may continue to run in absence of electricity. In the meantime office centralized UPS holds all PCs in running state. Electricity breakers and stabilizers are properly connected with wires to avoid the danger of voltage fluctuations, and electricity surges. Stat-of-art concealed wiring maintains the electricity supply to the devices and electronic equipment with prominent international wiring standards.

External attacks

External attacks are also the risk factor involved in the today’s IT industries. We have deployed state-of-the-art Firewall device that mitigate risk related with external attacks; following are one of the major risk from external attacks

• Ping ‘O’ Death
• IP Spoofing
• Win Freeze
• Tribe flood network
• Un-solicited ICMP echo replies
• DOS/DDOS

Antivirus System

In today world computer viruses are most common thread to IT environment. A serious virus attack may suspend business operation for a long. To mitigate the risk of computer viruses strong antivirus system is deployed in ABC Inc. with strong antivirus policy. Antivirus system automatically updates new virus cleaning files from internet and deploys the same throughout the network. Further, all the point of entry in IT network is strictly scan with antivirus software whether from email, Internet, FTP, USB drive, CD / DVD and other media.

Backup Strategies & Policy

• Information Technology Division is responsible for the backup of all critical business application’s data.
• The backup media (tapes or CD/DVD’s) will be precisely labeled.
• Copies of the back-up media will be preserved safely in an offsite / remote location, at a sufficient distance away to escape any damage from a disaster at the main site.
• Backup data will be retained for ten years.
• Information Technology Division will take necessary steps to conduct random tests of backup data to ensure integrity of backup taken.

Backup procedure

• All SQL databases should be schedule for complete backup by utility provided by Microsoft SQL server. This utility takes backups in designated area on the hard disk. For every working day [Monday, Tuesday, Wednesday, Thursday, Friday, Saturday], the database server is scheduled to take backup in a specified directory corresponding to the respective day.
• The database backup will be taken on backup media (either CD or Tape) on a daily basis.
• There is two backup media for every month and each rotated daily for offsite storage.
• This is responsibility of Administration department to placed backup media offsite arranged in BRR lockers provider. Everyday log should be maintained for offsite storage by signing of both personal of IT department and Administration department in Backup register.
• On every month end and year end complete backup should be taken on tape media for long time preservation and placed in offsite storage arrangement. Month end media should be rotated every year after taken complete year end backup.

Alternate Strategy

We have selected data center as Warm site for ABC Inc. The assumption behind the warm site concept is that the computer can usually be obtained quickly for emergency installation. As server, LAN with environmental requirement (for servers placed) is available, only the installation of the needed components is required at the warm site which can be ready for service within hours.

Considering the nature and size of data, a duplicate server for business critical application is. The backup server is available at warm site in the event of disaster. Only desktop machines have to be required to continue mission critical operation in the event of disasters.

Backup Server

All critical business applications are installed in backup server placed at warm site, and every updates and releases in applications at primary site will be replicated to the backup server. On daily basis backups of databases is electronically transferred from primary location to backup server through dedicated WAN connection twice a day. This replica of server containing critical application as identified in BIA, will help us in rapid restoration of our critical services in case of any disaster. 

Backup Server Identification

Replication of Data backup copies

On daily basis backup copies of databases are replicated from primary site to Warm site in twice in following interval.

• Replication of all application databases backup
• First Replication at 12:00AM with an interval of 5 minutes among applications
• (One database should be replicated at a time)
• Second Replication at 20:00 PM with an interval of 5 minutes among applications

References

Comfort, L. K., Oh, N., and Ertan, G. (2009). The dynamics of disaster recovery: Resilience and entropy in hurricane response systems 2005-2008. Public Organization Review, 9(4), 309-323

Coppola, D. P. (2006). Introduction to international disaster management. Amsterdam: Butterworth Heinemann.

Corrigan, A. (2008). Disaster: Response and recovery at a major research library in New Orleans. Library Management, 29(4), 293-306s