A Business Continuity/Disaster Recovery Plan establishes procedures to recover the business applications and functions following a declared disaster. The document is used to plan disaster recovery activities, perform recovery exercises, and to recover in the event of a declared disaster. The plan usually includes the following objectives:
- Maximize the effectiveness of operations through an established plan that consists of the following phases: a notification/activation phase to detect and assess damage and to activate the plan, and arecovery phase to restore temporary IT operations and recover damage done to the original system.
- Identify the activities, resources, and procedures needed to carry out the processing requirements during a declared disaster.
- Assign responsibilities to designated personnel and provide guidance for recovering the application during a declared disaster.
- Ensure coordination with other business staff who will participate in the planning strategies. Ensure coordination with external points of contact and vendors who will participate in the contingency planning strategies.
This plan needs to have as much information about the critical systems as possible so they can be effectively recovered as quickly as possible. A suggested format of data might be something similar to the table below:
|Production Location||Production Server Name||System or Application Name||Description & How Use|
|Main Data Center||DomainController1||Active Directory||Login and access control|
|Secondary DC||DomainController2||Active Directory||Replica of DC|
|Main Data Center||PrintServer1||Printing||Controls printing of forms|
|Main Data Center||SQLDBServer1||MS SQL 2008 R2||DB server for Accounting|
|Main Data Center||APPServer1||XYZ Application||Main Accounting package|
|Application Layer||Disaster Recovery Type||RTO||RPO|
|Active Directory||Rapid Recovery||1 Hour||1 Hour|
|Database||Hot||4 Hours||2 Hours|
|XYZ Application||Hot||6 Hours||2 Hours|
You will notice that it is estimated that it will take longer to restore the application than the database and this is due to the dependency of the application on the database to be able to function. When you perform the exercise of listing your systems and their functions, you will find different dependencies that may not have been documented or remembered until this exercise is completed.
Once these items are documented, we suggest you maintain duplicate copies (paper as well as digital) at the potential disaster recovery sites as well as the main data site so they are available if additional assistance is needed from outside personnel. This can be used as a blueprint/run book/project plan to ensure that the critical business functions are recovered in the proper order as quickly as possible.
Remember: In a disaster, there will be a lot of pressure to have systems operational quickly as well as the other distractions and confusion. Having these things documented ahead of time will save precious time and resources as well as it helps to get the most reliable and accurate recovery to business function.
Here’s an example of a BC/DR Outline is included below:
Table of Contents
2 Critical Application Functionality and Assumptions
3 Application RTO / RPO
4 Recovery Contacts and Important Phone Numbers
5 Critical Vendors and Partners
6 Critical Required Skills
7 Recovery Requirements
8 Vital Records Required
9 Hardware Required
10 Storage Required
11 Application Software Required
12 Critical Dependencies
13 Supported Critical Business Processes
14 Critical Infrastructure and Service Predecessors
15 Recovery Procedures & Timelines
16 Technical Validation Procedure(s)
17 Application Recovery Procedure(s)
18 Application Test Plan(s)
19 Return to Normal Operations
Do you have questions about developing a Disaster Recovery Plan? Contact the IT infrastructure experts.