Description
Book SynopsisIf you have a business or a nonprofit organization, or if you're the one responsible for information systems at such an operation, you know that disaster recovery planning is pretty vital. But it's easy to put it off.
Table of ContentsForeword xix
Introduction 1
About This Book 1
How This Book Is Organized 2
Part I: Getting Started with Disaster Recovery 2
Part II: Building Technology Recovery Plans 2
Part III: Managing Recovery Plans 2
Part IV: The Part of Tens 3
What This Book Is — and What It Isn’t 3
Assumptions about Disasters 3
Icons Used in This Book 4
Where to Go from Here 4
Write to Us! 5
Part I: Getting Started with Disaster Recovery 7
Chapter 1: Understanding Disaster Recovery 9
Disaster Recovery Needs and Benefits 9
The effects of disasters 10
Minor disasters occur more frequently 11
Recovery isn’t accidental 12
Recovery required by regulation 12
The benefits of disaster recovery planning 13
Beginning a Disaster Recovery Plan 13
Starting with an interim plan 14
Beginning the full DR project 15
Managing the DR Project 18
Conducting a Business Impact Analysis 18
Developing recovery procedures 22
Understanding the Entire DR Lifecycle 25
Changes should include DR reviews 26
Periodic review and testing 26
Training response teams 26
Chapter 2: Bootstrapping the DR Plan Effort 29
Starting at Square One 30
How disaster may affect your organization 30
Understanding the role of prevention 31
Understanding the role of planning 31
Resources to Begin Planning 32
Emergency Operations Planning 33
Preparing an Interim DR Plan 34
Staffing your interim DR plan team 35
Looking at an interim DR plan overview 35
Building the Interim Plan 36
Step 1 — Build the Emergency Response Team 37
Step 2 — Define the procedure for declaring a disaster 37
Step 3 — Invoke the interim DR plan 39
Step 4 — Maintain communications during a disaster 39
Step 5 — Identify basic recovery plans 41
Step 6 — Develop processing alternatives 42
Step 7 — Enact preventive measures 44
Step 8 — Document the interim DR plan 46
Step 9 — Train ERT members 48
Testing Interim DR Plans 48
Chapter 3: Developing and Using a Business Impact Analysis 51
Understanding the Purpose of a BIA 52
Scoping the Effort 53
Conducting a BIA: Taking a Common Approach 54
Gathering information through interviews 55
Using consistent forms and worksheets 56
Capturing Data for the BIA 58
Business processes 59
Information systems 60
Assets 61
Personnel 62
Suppliers 62
Statements of impact 62
Criticality assessment 63
Maximum Tolerable Downtime 64
Recovery Time Objective 64
Recovery Point Objective 65
Introducing Threat Modeling and Risk Analysis 66
Disaster scenarios 67
Identifying potential disasters in your region 68
Performing Threat Modeling and Risk Analysis 68
Identifying Critical Components 69
Processes and systems 70
Suppliers 71
Personnel 71
Determining the Maximum Tolerable Downtime 72
Calculating the Recovery Time Objective 72
Calculating the Recovery Point Objective 73
Part II: Building Technology Recovery Plans 75
Chapter 4: Mapping Business Functions to Infrastructure 77
Finding and Using Inventories 78
Using High-Level Architectures 80
Data flow and data storage diagrams 80
Infrastructure diagrams and schematics 84
Identifying Dependencies 90
Inter-system dependencies 91
External dependencies 95
Chapter 5: Planning User Recovery 97
Managing and Recovering End-User Computing 98
Workstations as Web terminals 99
Workstation access to centralized information 102
Workstations as application clients 104
Workstations as local computers 108
Workstation operating systems 113
Managing and Recovering End-User Communications 119
Voice communications 119
E-mail 121
Fax machines 125
Instant messaging 126
Chapter 6: Planning Facilities Protection and Recovery 129
Protecting Processing Facilities 129
Controlling physical access 130
Getting charged up about electric power 140
Detecting and suppressing fire 141
Chemical hazards 144
Keeping your cool 145
Staying dry: Water/flooding detection and prevention 145
Selecting Alternate Processing Sites 146
Hot, cold, and warm sites 147
Other business locations 149
Data center in a box: Mobile sites 150
Colocation facilities 150
Reciprocal facilities 151
Chapter 7: Planning System and Network Recovery 153
Managing and Recovering Server Computing 154
Determining system readiness 154
Server architecture and configuration 155
Developing the ability to build new servers 157
Distributed server computing considerations 159
Application architecture considerations 160
Server consolidation: The double-edged sword 161
Managing and Recovering Network Infrastructure 163
Implementing Standard Interfaces 166
Implementing Server Clustering 167
Understanding cluster modes 168
Geographically distributed clusters 169
Cluster and storage architecture 170
Chapter 8: Planning Data Recovery 173
Protecting and Recovering Application Data 173
Choosing How and Where to Store Data for Recovery 175
Protecting data through backups 176
Protecting data through resilient storage 179
Protecting data through replication and mirroring 180
Protecting data through electronic vaulting 182
Deciding where to keep your recovery data 182
Protecting data in transit 184
Protecting data while in DR mode 185
Protecting and Recovering Applications 185
Application version 186
Application patches and fixes 186
Application configuration 186
Application users and roles 187
Application interfaces 189
Application customizations 189
Applications dependencies with databases,operating systems, and more 190
Applications and client systems 191
Applications and networks 192
Applications and change management 193
Applications and configuration management 193
Off-Site Media and Records Storage 194
Chapter 9: Writing the Disaster Recovery Plan 197
Determining Plan Contents 198
Disaster declaration procedure 198
Emergency contact lists and trees 200
Emergency leadership and role selection 202
Damage assessment procedures 203
System recovery and restart procedures 205
Transition to normal operations 207
Recovery team 209
Structuring the Plan 210
Enterprise-level structure 210
Document-level structure 211
Managing Plan Development 212
Preserving the Plan 213
Taking the Next Steps 213
Part III: Managing Recovery Plans 215
Chapter 10: Testing the Recovery Plan 217
Testing the DR Plan 217
Why test a DR plan? 218
Developing a test strategy 219
Developing and following test procedures 220
Conducting Paper Tests 221
Conducting Walkthrough Tests 222
Walkthrough test participants 223
Walkthrough test procedure 223
Scenarios 224
Walkthrough results 225
Debriefing 225
Next steps 226
Conducting Simulation Testing 226
Conducting Parallel Testing 227
Parallel testing considerations 228
Next steps 229
Conducting Cutover Testing 230
Cutover test procedure 231
Cutover testing considerations 233
Planning Parallel and Cutover Tests 234
Clustering and replication technologies and cutover tests 235
Next steps 236
Establishing Test Frequency 236
Paper test frequency 237
Walkthrough test frequency 238
Parallel test frequency 239
Cutover test frequency 240
Chapter 11: Keeping DR Plans and Staff Current 241
Understanding the Impact of Changes on DR Plans 241
Technology changes 242
Business changes 243
Personnel changes 245
Market changes 247
External changes 248
Changes — some final words 249
Incorporating DR into Business Lifecycle Processes 250
Systems and services acquisition 250
Systems development 251
Business process engineering 252
Establishing DR Requirements and Standards 253
A Multi-Tiered DR Standard Case Study 254
Maintaining DR Documentation 256
Managing DR documents 257
Updating DR documents 258
Publishing and distributing documents 260
Training Response Teams 261
Types of training 261
Indoctrinating new trainees 262
Chapter 12: Understanding the Role of Prevention 263
Preventing Facilities-Related Disasters 264
Site selection 265
Preventing fires 270
HVAC failures 272
Power-related failures 272
Protection from civil unrest and war 273
Avoiding industrial hazards 274
Preventing secondary effects of facilities disasters 275
Preventing Technology-Related Disasters 275
Dealing with system failures 276
Minimizing hardware and software failures 276
Pros and cons of a monoculture 277
Building a resilient architecture 278
Preventing People-Related Disasters 279
Preventing Security Issues and Incidents 280
Prevention Begins at Home 283
Chapter 13: Planning for Various Disaster Scenarios 285
Planning for Natural Disasters 285
Earthquakes 285
Wildfires 287
Volcanoes 288
Floods 289
Wind and ice storms 290
Hurricanes 291
Tornadoes 292
Tsunamis 293
Landslides and avalanches 295
Pandemic 297
Planning for Man-Made Disasters 300
Utility failures 300
Civil disturbances 301
Terrorism and war 302
Security incidents 303
Part IV: The Part of Tens 305
Chapter 14: Ten Disaster Recovery Planning Tools 307
Living Disaster Recovery Planning System (LDRPS) 307
BIA Professional 308
COBRA Risk Analysis 308
BCP Generator 309
DRI Professional Practices Kit 310
Disaster Recovery Plan Template 310
SLA Toolkit 311
LBL ContingencyPro Software 312
Emergency Management Guide for Business and Industry 312
DRJ’s Toolbox 313
Chapter 15: Eleven Disaster Recovery Planning Web Sites 315
DRI International 315
Disaster Recovery Journal 316
Business Continuity Management Institute 316
Disaster Recovery World 317
Disaster Recovery Planning.org 317
The Business Continuity Institute 318
Disaster-Resource.com 319
Computerworld Disaster Recovery 319
CSO Business Continuity and Disaster Recovery 320
Federal Emergency Management Agency (FEMA) 320
Rothstein Associates Inc 321
Chapter 16: Ten Essentials for Disaster Planning Success 323
Executive Sponsorship 323
Well-Defined Scope 324
Committed Resources 325
The Right Experts 325
Time to Develop the Project Plan 326
Support from All Stakeholders 326
Testing, Testing, Testing 327
Full Lifecycle Commitment 327
Integration into Other Processes 328
Luck 329
Chapter 17: Ten Benefits of DR Planning 331
Improved Chances of Surviving “The Big One” 331
A Rung or Two Up the Maturity Ladder 332
Opportunities for Process Improvements 332
Opportunities for Technology Improvements 333
Higher Quality and Availability of Systems 334
Reducing Disruptive Events 334
Reducing Insurance Premiums 335
Finding Out Who Your Leaders Are 336
Complying with Standards and Regulations 336
Competitive Advantage 338
Index 339
