Disaster Recovery - Indiana University of Pennsylvania
Download
Report
Transcript Disaster Recovery - Indiana University of Pennsylvania
Disaster Recovery versus
Continuity of Operations
“Disaster recovery” is the process by which you
resume business in the short term after a disruptive
event.
"Business continuity planning" is a more
comprehensive approach to making sure the
organization continues to keep operating and
making money.
Disaster recovery could be considered a sub-part of
continuity of operations.
Both apply across a range from an earthquake to a
computer virus attack.
Business continuity actions
Mitigation: Something done to
reduce the likelihood of occurrence
and the severity of the loss
Avoidance: Actions taken to
eliminate the event from occurring
Transference: Shift the risk to a
third party
Federal Government Continuity of
Operations Plan (COOP)
FPC-65 describes the planning considerations and
requirements for COOP plans.
FPC-65 requires that all Federal Executive Branch agencies
must:
Be capable of implementing their COOP plans with and without
warning.
Be operational not later than 12 hours after activation.
Be capable of maintaining sustained operations for up to 30 days.
Include regularly scheduled testing, training, and exercising of
personnel, equipment, systems, processes, and procedures used
to support the agency during a COOP event.
Provide for a regular risk analysis of current alternate operating
facilities.
Locate alternate facilities in areas where the ability to initiate,
maintain, and terminate COOP is optimal.
Take advantage of existing agency field infrastructures and give
consideration to other options, such as telecommuting, work-athome, and shared facilities.
Business Continuity Plans
Plans that enable your company to
operate at possibly reduced levels
during and immediately following a
disaster.
Steps in Planning
To build a disaster recovery plan,
the following steps should be taken:
Identify critical assets
Identify risks to the assets
Determine the likelihood of the threat
and reduce it
Steps to minimize damage
Response actions
Contingency Plan Coordination
Designated person to coordinate the
contingency plan
Adequate knowledge and knowledge to
implement the plan
Select a team to develop and implement
the plan
Finance
Legal
Safety
Production
Administration
Business Impact Analysis
A business impact analysis (BIA) is the first step
in developing a BCP. It should include:
Identification of the potential impact of
uncontrolled, non-specific events on the
institution's business processes and its
customers;
Consideration of all departments and business
functions, not just data processing; and
Estimation of maximum allowable downtime and
acceptable levels of data, operations, and
financial losses.
Business Impact Analysis
As part of a disaster recovery plan, BIA is likely to
identify costs linked to failures, such as loss of
cash flow, replacement of equipment, salaries
paid to catch up with a backlog of work, loss of
profits, and so on.
A BIA report quantifies the importance of
business components and suggests appropriate
fund allocation for measures to protect them.
The possibilities of failures are likely to be
assessed in terms of their impacts on safety,
finances, marketing, legal compliance, and quality
assurance.
Risk Assessment
Combined likelihood and severity of the
event
Tangible losses
Costs that can be readily quantified
Lost productivity
Lost income
Extra expenses
Property damage
Intangible losses
Costs related to the event but hard to quantify
Lost business opportunities
Damaged reputation
Examples of Risk Assessments
Tornadoes
Earthquakes
Thunderstorms
Snows
Extreme thunderstorms
Hurricanes
Floods
Potential Manmade Risks
Maps of hazardous materials routes
Locations of hazardous facilities
Pipelines
Railroads
Dams
Rivers
Facility Risks
Electricity
Telephones
Water
Climate control
Data networks
Structural
Security Risks
Workplace violence
Bomb threats
Physical security of property
Sabotage
Intellectual property thefts
Medical Threats
Illness
Deaths
Serious accidents
Factors that can Affect Risks
Time of day
Day of the week
Location
COOP Elements
Elements that make a COOP plan viable,
include:
Essential functions.
Delegations of authority.
Succession planning.
Alternate facilities.
Interoperable communications.
Vital records and databases.
Human capital.
Testing, training, and exercise program.
Plans for devolution and reconstitution.
COOP Plans
COOP planning objectives include:
Ensuring continued performance of essential
functions.
Reducing loss of life and minimizing damage.
Ensuring succession to office of key leaders.
Reducing or mitigating disruptions to
operations.
Protecting essential assets.
Achieving a timely recovery and reconstitution.
Maintaining a test, training, and exercise
program for program validation.
FEMA’s COOP Elements
Elements that make a COOP plan
viable, include:
Essential functions
Delegations of authority
Succession planning
Alternate facilities, communication
systems
Vital records and databases
A test, training, and exercise program
Plans for devolution and reconstitution
Essential Functions
Essential functions are those
functions that allow the organization
to provide vital services
Essential functions are those
functions which must continue to be
provided without interruption
Delegations of Authority
Delegations should be
predetermined and documented
in writing. They should state
explicitly:
What authorities are delegated.
To whom.
Exceptions to the successor’s authority
to redelegate.
Limitations on the delegated authority.
Succession Planning
Order of Succession provides an
orderly transition of power in the
event of an emergency
Orders of succession should be
established management,
supervisors, etc. who are
responsible for performing essential
functions
Alternate Facilities, Communications
In the event of a disaster,
arrangements for alternate facilities
should be identified beforehand
Arrangements should be made
ahead of time to ensure
communication systems can be
brought back up and operational
with limited interruptions
Vital Records
In the event of a disaster, loss of
data and loss of records may occur
Provisions and procedures should
be made in advance to ensure back
up copies are made and available
Examples of these records include
legal records, financial records, etc.
Tests
From a COOP perspective, tests are an excellent
way to evaluate functions such as:
Communications connectivities.
Alert and notification procedures.
Deployment procedures.
Training
Training is instruction in core competencies
and skills and is the principal means by
which individuals achieve a level of
proficiency
Provides the tools needed to accomplish a
goal, meet program requirements, or
acquire a specified capability.
Training encompasses a range of activities,
each intended to provide information and
refine skills.
Exercises
Exercises are events that allow
participants to apply their skills and
knowledge to improve operational
readiness.
Exercises also allow planners to
evaluate the effectiveness of
previously conducted tests and
training activities.
Devolution
Devolution is the capability to
transfer statutory authority and
responsibility for essential functions
from an agency’s primary operating
staff and facilities to other
employees and facilities.
Reconstitution
Reconstitution is the process by
which agency personnel resume
normal agency operations from the
original or a replacement primary
operating facility.