Disaster Recovery Plan Template

Business Continuity Planning

Sarbanes - Oxley, ISO 27000 (27001 & 27002)
PCI, & HIPAA Compliant

This Disaster Recovery Plan and Business Continuity Template can be used for any size of enterprise. The Disaster Recovery Planning template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The DRP Template comes as a Word document and includes:

Disaster Recovery Plan and Business Continuity Template
Business and IT Impact Analysis Questionnaire
Work Plan
Disaster Recovery / Business Continuity Audit Program
Pandemic Planning Check List

New are:

Compliance with the new ISO 27000 (27001 and 27002), Sarbanes-Oxley, PCI-DSS and HIPAA standards
Web Site Disaster Recovery Planning Form
Department Disaster Recovery Activation Workbook
- Quick Reference Guide
- Team Alert List (Form)
- Disaster Recovery Plan and Business Continuity Team Responsibilities
- Disaster Recovery Plan and Business Continuity Team Checklist
- Critical Functions Definition
- Normal Business Hour Response Procedures
- After Hours Response Procedures
- Disaster Recovery Plan and Business Continuity Location(s) Definition
- Disaster Recovery Plan and Business Continuity Recovery Procedures
- Notification Procedures
- Notification Call List (Form)
Updated Business and IT Impact Analysis Questionnaire
Vendor Disaster Recovery Questionnaire
Vendor Phone List Form Updated
Key Customer Notification Form
Critical Resources to be Retrieved Form
Business Continuity Off-Site Materials Form

The premium edition contains 15 full job descriptions. They are:

Chief Information Officer

Chief Security Officer

Chief Compliance Officer

VP Strategy and Architecture

Director Disaster Recovery and Business Continuity

Director e-Commerce

Manager Disaster Recovery

Manager Disaster Recovery and Business Continuity

Disaster Recovery Coordinator

Disaster Recovery - Special Projects Supervisor

Manager Database

Capacity Planning Supervisor

Manager Media Library Support

Manager Site Management

Pandemic Coordinator

The DRP template is over 200 pages and includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

Plan Introduction
Business Impact Analysis - including a sample impact matrix
DRP Organization Responsibilities pre and post disaster - drp checklist
Backup Strategy for Data Centers, Departmental File Servers, Wireless Network servers, Data at Outsourced Sites, Desktops (In office and "at home"), Laptops and PDA's.
Recovery Strategy including approach, escalation plan process and decision points
Disaster Recovery Procedures in a check list format
Plan Administration Process
Technical Appendix including definition of necessary phone numbers and contact points
Job Descriptions (each 3 pages long) for:
- Disaster Recovery Manager
- Manager Disaster Recovery and Business Continuity
- Pandemic Coordinator
Work Plan to modify and implement the template. Included is a list of deliverables for each task. (Risk Assessment and Vulnerability Assessment)

There is a extensive section that show how a full test of the DRP can be conducted. It includes

Disaster Recovery Manager Responsibilities
Distribution of the Disaster Recovery Plan
Maintenance of the Business Impact Analysis
Training of the Disaster Recovery Team
Testing of the Disaster Recovery Plan
Evaluation of the Disaster Recovery Plan Tests
Maintenance of the Disaster Recovery Plan

Click on the link below to get the Disaster Recovery Plan and Business Continuity sample pages now and make it a part of your disaster recovery toolkit.

This template is not for resale or re-distribution

Disaster Planning - Business Continuity News

Cost of email downtime is high

In today's economy, the importance of e-mail takes on new meaning. Recovery time and recovery point objectives (RTOs and RPOs) are no longer general rules. The Exchange administrator's ability to meet or exceed the proverbial lines in the sand, in terms of time to recover and the age of the data recovered, can mean the difference between gainful employment and prepping for a job interview. In fact, average yearly cost of Exchange downtime for a 500-person corporation, according to data derived from the Contingency Planning Association and Strategic Research, is over $1.5 million.

Disaster Recovery Planning Template Business Continuity Plan

Sarbanes - Oxley - ISO 27000 (27001 & 27002) - HIPAA - PCI- Compliant

Disaster Recovery Planning (DRP) template can be used by any size enterprise. The template and supporting material have been updated to be Sarbanes-Oxley compliant. The Disaster Recovery Planning Documentation comes as a Word document and includes:

Disaster Recovery Plan Template
Business and IT Impact Analysis Questionnaire
Work Plan
Disaster Recovery & Business Continuity Audit Program

Included in the template is Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager. The premium edition contains 11 full job descriptions.

- more info

Communication during a recovery process often is not well planned

Disaster recovery and emergency team members status communication and news have distinct audiences with different needs when a crisis occurs.

Employees/General Populace: Need access to 'basic information' such as where to go, when to return to work, and how to locate general information about the crisis situation
Disaster Recovery Team Members: Need to account for all employees/constituents safety and assess the state of business operations; need the ability to communicate in real time, disseminate information, track recovery efforts, assign tasks and provision supplies, power, etc.; need the ability to have real time status of the situation
Executives/Leaders: Need to know that their employees and constituents are safe; need to know the status of their business and access a high level, real-time status of the recovery efforts; need to be able to communicate with customers, investors, and people external to their business about the crisis.

Effective crisis communication requires technology to provide a unified solution for communicating information to all involved constituents and should provide a single source of accurate and up-todate information that can be accessed.

- more info

Many Businesses Fail After a Disaster

Businesses' reliance on IT systems and digital data has never been greater. The 2007 Best's Underwriting Guide found that only 6% of companies that suffer catastrophic data loss survive while 43% never reopen and 51% close within 2 years of the disaster. Best's Underwriting Guide 2007 also found that 93% of the companies that did not have their data backed up in the event of a disaster went out of business. An analysis of SMBs' prioritization of disaster recovery, backup and high availability for 2008 shows that businesses understand the risks to their business and the value of protection. However, many organizations still think that backup is a sufficient disaster recovery plan. However, mid-sized enterprises are at the most risk to disaster and are more likely to rely strictly on backup as a disaster recovery plan.

The needs and resources of mid-market firms are unique. Midsized companies must work with limited finances infrastructure and human resources. Robust disaster recovery used to be affordable and manageable only by large enterprises. Mid-sized enterprises relied more on backup than on a formal disaster recovery plan. As businesses' reliance on IT has grown, backup has increasingly shown its weaknesses. However, the introduction and maturation of several key technologies, such as virtualization, have brought affordable and easily implementable Disaster Recovery and Business Continuity to small and mid-sized companies. SMBs do not always equate virtualization with Disaster Recovery and Business Continuity because awareness of the many virtualization applications is just starting to grow.

- more info

Continuous Data Protection can be used as a backup strategy for DRP amd BCP

Continuous Data Protection (CDP) is an increasingly popular disk-based backup strategy. It is replication with an Undo button. Every time a block of data changes on the system being backed up, it is transferred to the CDP system. However, unlike replication, CDP stores changes in a log, so you can undo those changes at a very granular level. In fact, you can recover the system to literally any point in time at which data was stored within the CDP system.

A near-CDP system works in similar fashion except that it has discrete points in time to which it can recover. To put it another way, near-CDP combines snapshots with replication. Typically, a snapshot is taken on the system being backed up, whereupon that snapshot is replicated to another system that holds the backup.
Why take the snapshot on the source before replication? Because only at the source can you typically quiesce the application writing to the storage so that the snapshot will be a meaningful one.

- more info

Consolidation and Disaster Planning

Most organizations today are faced with conflicting goals and challenges. They have geographically distributed workforces, with headquarters, datacenters, branch offices, and mobile workers scattered widely. Everyone needs to access email, file shares, and mission critical applications, and the speed of access directly ties to employee productivity. So computing resources have been widely deployed in many locations to give the local workers the best possible service delivery. However, this approach is now seen as wasteful and expensive with extra hardware and software to buy and maintain for many locations, and often few local IT staff to support the systems. As budgets get tighter, organizations are looking for solutions to handle this burden. IT consolidation is the number one approach today, taking infrastructure out of remote offices and into the main data center as a way to cut costs and boost IT staff productivity. The trick is how to consolidate without hurting the performance for the end users.

While consolidation can certainly bring a number of benefits to organizations, it will take more than just a Friday afternoon to
ensure that your consolidation, disaster recovery, and business continuity projects are truly successful. As far too many IT managers will tell you, a poorly planned project will have your executives screaming, users threatening mutiny, and IT in the hot seat to quickly undo all the effort that went into the project in the first place.

Lay out a change and risk management strategy
Develop a plan for resiliency
Test (and improve) branch office performance & local consolidation
Architect a forward-looking infrastructure & support plan
Plan a phased roll-out

- more info

Lack of disaster planning led to present crisis

Everyone came to the same conclusion: A lack of disaster planning was a key component to the extent of the damage and loss of life.

Seventeen charity and civil society organizations met at the Jeddah Chamber of Commerce and Industry (JCCI) to organize their efforts after a few days of spontaneous but much appreciated mobilized work to collect and distribute donations in the affected areas. This followed a warning issued by the Governorate cautioning individuals and groups against donating haphazardly and instead directed them to give their donations through registered charity organizations, which are supposed to coordinate their distribution work with the Jeddah Governorate to ensure that the donations reach those who need them.

Discussions quickly revealed a lack of coordination among the charities and with the relevant government offices, namely the Civil Defense and the governorate. While several charities focused on the hardest hit areas, which needed every parcel of assistance it could get, other areas that were also hit hard were almost neglected. It turns out that Al-Sawaed, which has become a ghost town with only ruins, and all the Kilo areas and Mahameed were in bad shape. Poor neighborhoods in downtown Jeddah such as Ghulail and Karantina were also stricken with residents living in knee-high stinking sewage with barely the essentials to live by. Other areas hit hard include Um Alsalam, Bahra, Jamaa, Al-Musaid.

- more info

Disaster Plan & Business Continuity Infrastructure

The key technology elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP) infrastructure are the primary data center, a remote site that duplicates the resources in that primary location and the method used to get files (master and transaction) between the two sites - such as high-bandwidth network connections. The best DRP/BCP strategies follow a "redundant every-thing" philosophy throughout the data center. Multiple mainframes and servers should run in the production and backup data facilities. Then, if a component in the production system encounters problems, it immediately fails over to the local backup as a first line of defense.