Disaster Recovery Planning Template

Core backup and recovery concerns

rss@e-janco.com — Fri, 20 Jan 2012 08:08:03 -0700

CIOs and IT Managers need to consider manadated compliance requirements

Question that need to be answered are:
Is our data safe in transit and at rest?
What prevents hackers from gaining access to our data?
Is our data properly handled, stored, and deleted?
Who can access our data?
What are the benchmark measurements?
Is our data backup strategy compliant?
Will our recovery be successful?

How long should it take to create a business continuity plan?

rss@e-janco.com — Sat, 07 Jan 2012 17:39:01 -0700

Business continuity planning is a continual process, and not something that is done once and filed away to be used in an emergency. In error many organisations treat the creation of a business continuity plan as a normal project, subsequently deploying the plan and handing over to an operational department for maintenance.

In most organizations, DR is the quintessential complex, unfamiliar task. Disasters happen so rarely that recovery operations are the opposite of routine. What's more the myriad, interconnected data, application and other resources that must be recovered after a disaster make recovery an exceptionally difficult and error-prone effort.

How to create a business continuity plan...

Which states had the fewest major weather disasters

rss@e-janco.com — Wed, 14 Dec 2011 06:21:40 -0700

The U.S. has sustained 112 weather/climate disasters over the past quarter century in which overall damages/costs reached or exceeded $1 billion. The total standardized losses for the 112 events exceed $750 billion, according to The National Oceanic and Atmospheric Administration (NOAA), National Climatic Data Center.

Foundation necessary for disaster recovery and business continuity

rss@e-janco.com — Sat, 05 Nov 2011 07:14:24 -0700

As an essential foundation step toward disaster recovery and business continuity readiness, are these best practices:

Extending management technologies that automate the process of asset management, system configuration, and software distribution (This reduced the number of steps that required hands-on intervention and reduced IT staff time.)
Constraining their environment to a finite number of standard processors, operating systems, database products - making it easier to maintain and update
Consolidating servers over a long-term road map, reducing the number of server "footprints" that had to be maintained and updated
Standardizing IT practices, especially management of settings and configurations
Providing protected storage space within the organization's storage resources and establishing rules for backup of mission-critical data (This ensured adequate capacity for backup and recovery procedures and for restart of applications.)

Information security incident management - 27035:2011

rss@e-janco.com — Thu, 27 Oct 2011 09:50:21 -0700

ISO has announced the official launch of the new International Standard entitled 'Information technology Security techniques Information security incident management', the standard gives how to guidance on detecting, reporting and assessing information security incidents and vulnerabilities.

ISO says that ISO/IEC 27035:2011 will help organizations respond to information security incidents, including the activation of appropriate controls for the prevention and reduction of, and recovery from, impacts, and, in so doing, learn and improve their overall approach.

Edward Humphreys, whose team developed the original version of the standard, ISO/IEC TR 18044:2004, commented: Effective and timely handling of major incidents can make the difference between the survival or death of an organization. The new ISO/IEC 27035 standard provides tried and tested advice on the processes and methods that need to be deployed for ensuring effective management of information security incidents.

Incidents can vary from the minor, which may have an impact on an isolated business system to a major incident, which affects all business systems. Some incidents have the effect of disrupting an organization and the use of its business resources for 24-72 hours or more; some cause a serious loss and/or destruction of data and some can leave the organization with a serious crime on their hands. ISO/IEC 27035:2011 offers a solution.

ISO/IEC 27035:2011, which replaces technical report ISO/IEC TR 18044:2004, supports the general concepts specified in ISO/IEC 27001:2005.

The new standard is applicable to any organization, irrespective of size. It covers a range of information security incidents, whether deliberate or accidental, and whether caused by technical or physical means.

Business Continuity Experts Do Not Agree on a Key Definition

rss@e-janco.com — Sun, 16 Oct 2011 14:23:28 -0700

The maximum tolerable period of disruption (MTPD) is the term used for the requirement within which a recovery time objective (RTO) needs to be set. It is not universally accepted by business continuity practitioners and still seems to cause a great deal of confusion.

The Business Continuity Institute's Good Practice Guidelines defines MTPD as "The duration after which an organization's viability will be irreparably damaged if a product or service delivery cannot be resumed." This seems straightforward and unambiguous enough, but it's only when you look closely at the definition and try to think about how it might be applied in practice that you'll see that not only is it of very little use, but it is also different from what was originally intended.

If something does not work in practice then the theory is wrong. The idea that there is some point beyond which an organization's viability will be irreparably damaged if a product or service delivery cannot be resumed would be an extremely useful concept if such a thing existed. However, in practice, you will never really know if an organization's viability has been irreparably damaged until the organization fails, let along the point at which this happens.

Disasters can occur any where at any time

rss@e-janco.com — Sat, 01 Oct 2011 13:32:18 -0700

Disasters are unpredictable by nature and can strike anywhere at anytime with little or no warning. Recovering from one is expensive and time consuming, particularly for those who have not taken the time to think ahead and prepare for such possibilities.

Disaster Planning - Janco has found that 80% of all enterprises that do not have a disaster recovery / business continuity plan in place before a disaster occurs never reopen. However, when disaster strikes, those who have prepared and made recovery plans survive with comparatively minimal loss and/or disruption of productivity.

Disasters can take several different forms. Some primarily impact individuals -- e.g., hard drive meltdowns -- while others have a larger, collective impact. Disasters can occur such as power outages, floods, fires, storms, equipment failure, sabotage, terrorism, or even epidemic illness. Each of these can at the very least cause short-term disruptions in normal business operation. But recovering from the impact of many of the aforementioned disasters can take much longer, especially if organizations have not made preparations in advance.

Most of us recognize that these potential problems as possibilities. Unfortunately the randomness of some of these disasters lulls some organizations into a sense of false security-"that's not likely to happen here." However, if proper preparations have been made, the disaster recovery process does not have to be exceedingly stressful. Instead the process can be streamlined, but this facilitation of recovery will only happen where preparations have been made. Organizations that take the time to implement disaster recovery plans ahead of time often ride out catastrophes with minimal or no loss of data, hardware, or business revenue. This in turn allows them to maintain the faith and confidence of their customers and investors.

Disaster Recovery Planning is the factor that makes the critical difference between the organizations that can successfully manage crises with minimal cost and effort and maximum speed, and those that are left picking up the pieces for untold lengths of time and at whatever cost providers decide to charge; organizations forced to make decision out of desperation.

Reducing recovery time

rss@e-janco.com — Fri, 16 Sep 2011 09:01:37 -0700

Rather than thinking of a recovery effort as a sequence of three steps performed in a more or less linear way - first, data recovery, then application re-hosting, then user reconnection.

Janco suggests an alternative. First, sufficient data (including application software) is used to re-host the application and users are reconnected to the recovery platform where they can proceed with order taking, email, and other functions. At the same time, more and more of the production systems historical data is recovered.

Such a strategy has the potential to abbreviate time-to-recovery by making critical application functionality available to workers sooner, enabling work to continue almost immediately after an
interruption event occurs and while the impact of the event is being reduced.

This strategy has enormous potential to improve business continuity strategies without significantly increasing their costs.

Disaster Planning for international enterprises

rss@e-janco.com — Mon, 12 Sep 2011 09:16:31 -0700

Disaster recovery and business continutiy plans for internationaly base organizations need to take in to account limitiations that various counties place on location of data.

Many parts of Europe forbid some data from being transmitted or stored outside of the country. Canada also has some rules that prohibit some data being stored in the United States due to the U.S. Patriot Act's provisions that let the federal government examine corporate records.

It's important to note that the legal issues are local to where your customer resides. You have to understand the laws and make sure that personally identifiable data and some financial records are kept local if required by the law.

This could be an issue as cloud computing systems become more distributed. Indeed, while the primary facility may be in-country, the failover site, or perhaps the site used when the primary site is under maintenance, could be across the border and, thus, noncompliant.

Business continuity framework

rss@e-janco.com — Thu, 08 Sep 2011 04:44:57 -0700

Identify all critical applications and servers. Include ancillary systems like domain servers.
In collaboration with business management and technical experts, set recovery objectives (RTO and RPO) that strike the right balance between risk mitigation and practicality.
Create a well-defined IT disaster recovery plan, and update it at least annually. Include allowances for locating and activating the right people.
Test your recovery process at least monthly. Choose the most critical servers, not just the most convenient.
Use test results to update your IT disaster recovery plan.
When reviewing potential solutions, include the recovery process a part of your evaluation. Test not only the technical backup capability, but also the complexity of the recovery.

Next Disaster Requires Culture of Preparedness

webmaster — Mon, 05 Sep 2011 12:31:19 -0700

At the center of the recent White House report, there is a call to "foster a new, robust culture of preparedness."

The challenge comes after the report details the long list of tragedies that last year's deadly hurricane wrought, including more than 1,330 deaths and $96 billion in property damage. In terms of communications, 38 centers that normally handled 911 calls failed, while 3 million customers lost phone service.

The report urges a wide variety of players to build this new culture, including myriad federal agencies and tens of thousands of state and local emergency first responder agencies. And it calls on private citizens and the private sector to take part.

How well did you disaster plan survive the latest storm

rss@e-janco.com — Mon, 05 Sep 2011 12:30:53 -0700

Weather
DRP/BCP Tutorial
Disaster Recovery Defined
DRP BCP Basics
ISO 27031
Types of Disasters
Why Plans Fail
10 Commandments of DR & BC Planning
Cloud Backup
Disaster Preperation
Pandemic
Risk Assessment Process
Interruption
Life Cycle
Best Practices
Compliance Requirements
Media
Communication
Facility Loss
Clean up - How To
What to do after an explosion, terrorist attack, or random act of violence
Disaster Recovery and Business Continuity
Metrics
Funding
Funding Request Presentation
Maximum Tolerable Period of Disruption
Disaster Recovery Guide
Common Mistakes
Why Disaster Recovery Business Continuity is not complete and or inaccurate

Many businesses had not tested the recovery plans before the hurricane for a server or site failure. With business continuity a core component of risk management, a well-rehearsed plan lays the foundation for confidence that your IT systems will work when needed most. Testing at least once per month is important to maintain engineering best practices, to comply with stringent standards for data protection and recovery, and to gain confidence and peace of mind. In the midst of disaster is not the time to determine the flaws in your backup and recovery system.

Testing Disaster Recovery and Business Continuity Plans

rss@e-janco.com — Sun, 14 Aug 2011 08:18:25 -0700

Importance of testing is critical towards disaster recovery and online business continuity planning

Most good disaster recovery together with contingency plans with creating a good solid backup from data. Although systems and applications will be reinstalled and reconfigured, data should not be rebuilt out of nothing. The key to that has a good backup is to ensure the data is correct and will be successfully restored. This is not always as easy considering that it seems. One company had this kind of issue. Their backup administrator wouldn't correctly follow procedures while he thought he was doing a backup, he actually was not writing anything. When they tried in order to a database, they discovered all the tapes ended up blank.

IT is critical to business continuity. So why haven't more organizations started planning?

rss@e-janco.com — Sun, 14 Aug 2011 08:12:32 -0700

The CEO calls you into an executive meeting as word comes that a full-blown H5N1 avian influenza pandemic is spreading rapidly from central Asia. Your job: Keep mission-critical IT systems working despite staff absenteeism rates that could reach 40% at the height of the pandemic, which is expected to run its course over a period of six to eight weeks.

Supply chain disruptions are expected as countries close their borders, so you can not count on spare parts. With emergency travel restrictions in effect, you can forget about moving staffers between global locations to cope with labor shortages. You also need to enable remote access for an unprecedented number of employees who will either be out sick, caring for ill family members or afraid to come to the office. You have weeks, possibly just days, before the outbreak overtakes one of your major data centers.

Are You Ready?

For many businesses, the answer is probably no.

What is disaster recovery plan

rss@e-janco.com — Sun, 14 Aug 2011 08:10:40 -0700

CIOs, CSO's, Disaster Recovery and Business Continuity Managers constantly will work to improve their rescue point objective (RPO) plus recovery time objectives (RTO) as a result of performing fast, non-disruptive backups, and even by performing data recovery. All comprehensive data protection solutions involve many issues and contingencies.

Here are a few of the things that can break with your data and therefore the backup requirements that ought to be addressed:

Accidental or malicious deletion of critical data - Requirement that provides to be able to quickly and easily bring back individual files and version.
Data that is wasted or corrupted over time - Requirement to jiggle back individual records to renovate database corruptions. The ability to get better data from any previous point in time, and have it as granular as you can.
A crashed disk - Requirement to recover a disk volume is special than recovering a individual file, but it should be done just as fast, and with automation to keep operational disruptions to a minimum.
A server failure - Requirement recover operations when replacing a broken server may well be complicated by the desire to install different drivers over the new system if the hardware seriously isn't an exact match. It helps to give the capability to move the required forms workload to a standby server (with unique hardware) or virtual server while the system is being swapped out or repaired.
A local or regional disaster - Requirement once you lose an entire work to fire, flood, and / or other disaster, have a pre-existing copy of your you important information in another location that is definitely outside the disaster sector.
Remote offices and part offices - Requirement to experience a process in place to revive with minimal technical sustain as remote and branch offices often will not have the luxury of acquiring an on-site technical resource that can assist in backups and restores.
Resource-intensive backup processes - Requirement frequent or continuous backup that is not resource-intensive.
Security breaches - Obligation to secure data. When ever moving data between websites, it needs to always be protected from potential security measure breaches. A breach of data security, whether actual damage is over or not, can be devastating to all your company's reputation, as dozens of substantial enterprises and government agencies have found a lot.

Many large companies they they are immune to disasters

rss@e-janco.com — Mon, 08 Aug 2011 08:19:19 -0700

Disaster Strikes Amazon Europe down for two days

A lightning strike knocked out servers at Amazon's only European data center and the provider has warned some of those affected face delays of up to two days before they get back online.

Amazon has told its EC2 customers in Europe some of them could face outages of as long as 24 to 48 hours as the cloud provider struggles to recover from a lightning strike that disrupted power supplies to its Dublin, Ireland data center. It took 3 hours to recover the first of the affected instances last evening European time (midday Pacific Time) and after almost 12 hours a quarter still remained offline, with knock-on effects slowing their likely recovery time.

Cloud is a critical component of business continuity plans

rss@e-janco.com — Fri, 29 Jul 2011 09:46:50 -0700

The emergence of new utility-priced outsourcing options is leading many enterprises to explore cloud computing in addition to existing DR strategies. Low-cost cloud-based storage offerings are maturing, and can provide an effective alternative to building dedicated recovery facilities. Cloud based storage provides an elastic pool of trusted storage, if several key requirements are met. The provider platform must be able to scale quickly, on demand, and to large capacities. It must provide clear multi-tenancy policies to isolate one firms data from all others, and must enable secure access to data at any time. Cloud storage providers must also provide rapid, robust data recovery, which demands a storage infrastructure with very high MTBF and MTTDL (mean-time-to-data-loss).

Many industry leaders expect DR to be one of the most compelling use cases for cloud-based storage, which has matured from a poorly-understood technology to a sought-after solution. In fact, over 40% of enterprise datacenter managers recently reported that they either have or plan to deploy some form of cloud storage by the end of this year. Most business-critical applications are protected by some amount of off-site backup today, but many firms require more advanced DR capabilities in order to satisfy industry compliance, risk mitigation, or business partner requirements - they struggle, however, to justify the capital and operating costs required to implement them.

Digital content serving, video surveillance, and medical image archiving are some common data use cases for cloud storage which demand strong protection and security, and cloud storage vendors are quickly adding more advanced functionality for additional data types. However cloud storage is implemented, it demands a reliable, efficient, and high volume WAN interface. Any DR strategy which includes cloud-based storage will clearly benefit from maximizing capacity and performance of the WAN infrastructure.

Disaster recovery plans fail

rss@e-janco.com — Tue, 19 Jul 2011 07:39:44 -0700

Industry analysts say that 30 to 40 percent of all IT organiztions either have no disaster recovery system in place or do not know how to use it correctly. Second, even if an organizatio does have a DR apparatus in place and tests it occasionally, there are plenty of examples of such systems not performing according to plan.

In the world of data recovery, the data is the easy part, the recovery can be hellish, and IT administrators are the ones commissioned with connecting the dots. Enterprises laid up for extensive periods of time due to IT knockouts do not have a glittering record of surviving, so there's more than a modicum of pressure involved here. The National Archives and Records Administration reported in 2010 that 93 percent of enterprises whose data centers were down for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster.

The term "data recovery disaster" defines a situation in which an extended power outage forces an enterprise to recover its data and files from an alternate location - whether that is within the enterprise's physical system or in a cloud backup and recovery service. A short-term power outage or failure of an individual server, or even a rack of servers, isn't generally considered a data recovery disaster.

The Difference Between Disaster Recovery Planning and Business Continuity Planning Defined

rss@e-janco.com — Tue, 12 Jul 2011 16:19:51 -0700

Disaster Recovery Planning (DRP) is the process by which you resume business after a disruptive event. This typically means that you can get the enterprise computers, networks, and data base operational. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.

Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. However Janco has found that over one third of all enterprises have had to activate their Disaster Plans in the last few years.

Business Continuity Planning (BCP) suggests a more comprehensive approach to making sure you can keep the enterprise going and meet it business objectives. This goes beyond the enterprise computers, networks and data bases. However, the two terms are married under the acronym DR/BC or DRP/BCP. At any rate, Disaster Recovery Planning and/or Business Continuity Planning facilitate how a company will keep functioning after a disruptive event until its normal facilities are restored.

Outsorucing disaster recovery, business continuity and security

rss@e-janco.com — Wed, 06 Jul 2011 08:16:10 -0700

The move toward outsourcing certain IT disaster recovery, business continuity and security functions is borne out in a recent survey conducted by Janco Associates with more than 120 CIO. Those survey respondents indicated a growing movement among their firms toward hiring oursource providers to carry out a variety of disaster recovery, business continuity and security-related tasks: Nearly 60 percent of the survey said they felt positive toward outsourcing as an IT disaster recovery, business continuity and security strategy, primarily due to such factors as cost savings, access to specialized disaster recovery, business continuity and security expertise, cost predictability and 24/7/365 monitoring.

More than 20 percent of the survey respondents said their organizations either will begin using outsource providers for the first time this year or will increase their usage of those services, according to the Janco survey, while an additional 21 percent said they will at least maintain their current usage levels of oustourced disaster recovery, business continuity and security services.

Disaster planning needs to consider political violence and terrorisim

rss@e-janco.com — Wed, 08 Jun 2011 04:04:49 -0700

The 2011 Aon Terrorism and Political Violence Map shows increased risk of political violence in the Middle East and North Africa, reflecting the significant turbulence of the Arab Spring uprisings in the region. The risk of coup d'etat and rebellions in Africa reflect a continent that presents a significant political violence risk. Civil unrest and employment disputes arising from austerity measures in Western European nations such as Greece, France, Spain and the UK are also reflected on the map. Meanwhile, terrorism continues to severely afflict established conflict zones like Iraq, Afghanistan, Pakistan and Somalia as well as parts of Nigeria and the Sahel region. The threat of occasional acts of international terrorism remains significant for most Western nations and major powers.

Disaster Plan

Explosion, Terrorist Attack, or Random act of Violence

Data protection and business continuity

rss@e-janco.com — Wed, 01 Jun 2011 09:23:01 -0700

The ever-increasing digitization of information - documents, customer records, employee records, financial records, photos, music, etc. - is forcing companies to store more and more data. The expansion of data is inexorable and the Internet is certainly the driving force. More and more, we rely on data to run our businesses. Today, protecting our data means protecting our livelihoods.

The U.S. Bureau of Labor Statistics reports that the majority of small-to-medium businesses (SMBs) never recover from a catastrophic data loss. Yet most businesses have no data-protection plan. Unlike the loss of physical assets such as buildings and equipment, which can be replaced relatively quickly through insurance payouts, lost data offers very little recourse. It is no surprise that data protection is now a top concern for businesses. It can mean the difference between being in business or not.

A data-protection solution must succeed across three dimensions in order to meet the needs of businesses:

Comprehensive - It must address all facets of data protection - human errors, hardware or software failures, and disasters such as theft, fire, flooding, etc.
Convenience - It must be set-and-forget. Businesses are strapped for resources, so any solution that requires constant care will not be effective.
Cost-effective - It must fit within the budget. Businesses have a very limited budget for IT overall and data protection is only one part of an IT budget. Any solution needs to have a cost that does not change dramatically month to month - particularly with ever-increasing amounts of
data.

Cloud Disaster Recovery and Security

rss@e-janco.com — Sun, 29 May 2011 16:12:46 -0700

It's common knowledge that virtualization (cloud computing) enables server consolidation, cuts costs and improves overall IT efficiency, but not everyone knows that virtualization can dramatically increase the manageability and flexibility of data recovery for critical systems.

In fact, virtualized Disaster Recovery promises better-optimized hardware, more redundant backups, and faster clones and restores. Virtualized DR enables new capabilities, such as the ability to transport an entire operating system, configurations and data in one move, without the need to take dissimilar hardware into account.

The Practical Guide for Cloud Oursourcing addresses these issues and more -- including:

The factors to consider and prepare for when implementing a virtualization solution such as resources and costs
Determining which applications are a good fit for virtualization, as well as setting priorities
How to budget for a virtualization solution that delivers excellent Disaster Recovery with low TCO
The components and architecture of a virtualized DR solution -- servers and server memory, storage (EQL) and backup, networking, and software (Windows Server 2008 R2 with Hyper V)

DRP from small businesses

rss@e-janco.com — Sat, 14 May 2011 06:42:10 -0700

Mid-sized businesses (SMB) have long struggled to protect their IT systems. Many firms are inadequately protected and mistakenly think that a disaster is rare and will not happen to them anytime soon. Experience shows there is a lot of confusion and misunderstanding regarding what disaster recovery encompasses and how to implement it effectively.

SMBs must work with limited finances infrastructure and human resources. Robust disaster recovery used to be affordable and manageable only by large enterprises. SMBs rely more on backup than on a formal disaster recovery plan. As businesses' reliance on IT has grown, backup has increasingly shown its weaknesses. However, the introduction and maturation of several key technologies, such as virtualization, have brought affordable and easily implementable DRP to small and mid-sized companies. SMBs do not always equate virtualization with DR because awareness of the many virtualization applications is just starting to grow.

Organizations that ensure survival following a disaster understand the basics of creating a good plan; however, there are many obstacles and pitfalls that they can easily avoid. Based on working with thousands of customers, Janco Associates has developed a Disaster Recovery and Business Continuity Template that includes everything that you need to create a custom Disaster Plan.

You can download a full copy of the table of contents by going to http://www.e-janco.com/Register_drp.asp.

Backup is the primary Disaster Plan for Many SMBs

rss@e-janco.com — Sat, 14 May 2011 06:40:42 -0700

You can download a full copy of the table of contents by going to http://www.e-janco.com/Register_drp.asp.