Disater Recovery Plan

Appoint coordinator/project leader, if the leader is not the dean or chairperson. 1. Determine most appropriate plan organization for the unit 2. Identify and convene planning team and sub-teams as appropriate (for example, lead computer support personnel should be in the team if the plan will involve recovery of digital data and documents). 3. At the unit level

a. scope – the area covered by the disaster recovery plan, and objectives – b. assumptions
4. Set project timetable
5. Obtain approval of scope, assumptions and project plan, if the leader is not the administrator.

Step Two – Conduct Business Impact Analysis

In order to complete the business impact analysis, most units will perform the following steps: 1. Identify functions, processes and systems
2. Interview information systems support personnel
3. Interview business unit personnel
4. Analyze results to determine critical systems, applications and business processes 5. Prepare impact analysis of interruption on critical systems

Step Three – Conduct Risk Assessment
1. Review physical security (e.g. secure office, building access off hours, etc.)
2. Review backup systems
3. Review data security
4. Review policies on personnel termination and transfer
5. Identify systems supporting mission critical functions
6. (Such as flood, tornado, physical attacks, etc.)
7. Assess probability of system failure or disruption
8. Prepare risk and security analysis

Step Four – Develop Strategic Outline for Recovery
1. Assemble groups as appropriate for:

Hardware and operating systems




Other critical functions and business processes as identified in the Business Impact Analysis 1 For each system/process above quantify the following processing requirements:

Light, normal and heavy processing days

Transaction volumes

Dollar volume (if any)

Estimated processing time

Allowable delay (days, hours, minutes, etc.)
Detail all the steps in your workflow for each critical business function Identify systems and application
Component name and technical id (if any)

Type (online, batch process, script)


Run time

Allowable delay (days, hours, minutes, etc.)
Identify vital records (e.g., libraries, processing schedules, procedures, research, advising records, etc.)

Name and description

Type (e.g., backup, original, master, history, etc.)

Where are they stored

Source of item or record

Can the record be easily replaced from another source (e.g., reference materials)


Backup generation frequency

Number of backup generations available onsite

Number of backup generations available off-site

Location of backups

Media type

Retention period

Rotation cycle

Who is authorized to retrieve the backups?
1 Identify if a severe disruption occurred what would be the minimum requirements/replacement needs to perform the critical function during the disruption.

Type (e.g. server hardware, software, research materials, etc.)

Item name and description

Quantity required

Location of inventory, alternative, or offsite storage

7. Identify if alternate methods of processing either exist or could be developed, quantifying where possible, impact on processing. (Include manual processes.) 8. Identify person(s) who supports the system or application 9. Identify primary person to contact if system or application cannot function as normal 10. Identify secondary person to contact if system or application cannot function as normal 11. Identify all vendors associated with the system or application 12. Document unit strategy during recovery (conceptually how will the unit function?) 13. Quantify resources required for recovery, by time frame (e.g., 1 pc per day, 3 people per hour, etc.) 14. Develop and document recovery strategy, including:

Priorities for recovering system/function components

Recovery schedule

Step Five – Review Onsite and Offsite Backup and Recovery Procedures 1. Review current records (OS, Code, System Instructions, documented processes, etc.) requiring protection 2. Review current offsite storage facility or arrange for one 3. Review backup and offsite storage policy or create one

4. Present to unit leader for approval

Step Six – Select Alternate Facility
ALTERNATE SITE: A location, other than the normal facility, used to process data and/or conduct critical business functions in the event of a disaster.
1. Determine resource requirements
2. Assess platform uniqueness of unit systems
3. Identify alternative facilities
4. Review cost/benefit
5. Evaluate and make recommendation
6. Present to unit leader for approval
7. Make selection
Step Seven – Develop Recovery Plan

The steps for developing the Recovery Plan are listed below in outline form to demonstrate how a unit may choose to organize their Disaster Recovery Plan.

1. Objective

Establish unit information
2. Plan Assumptions
3. Criteria for invoking the plan

Document emergency response procedures to occur during and a fter an emergency (i.e. ensure evacuation of all individuals, call the fire department, after the emergency check the building before allowing individuals to return)

Document procedures for assessment and declaring a state of emergency

Document notification procedures for alerting unit and university officials

Document notification procedures for alerting vendors

Document notification procedures for alerting unit staff and notifying of alternate work procedures or locations. 1 Roles Responsibilities and Authority

Identify unit personnel

Recovery team description and charge

Recovery team staffing

Transportation schedules for media and teams
1 Procedures for operating in contingency mode

Process descriptions

Minimum processing requirements

Determine categories for vital records

Identify location of vital records

Identify forms requirements

Document critical forms

Establish equipment descriptions

Document equipment – in the recovery site

Document equipment – in the unit

Software descriptions

Software used in recovery

Software used in production

Produce logical drawings of communication and data networks in the unit

Produce logical drawings of communication and data networks during recovery

Vendor list

Review vendor restrictions

Miscellaneous inventory

Communication needs – production

Communication needs – in the recovery site
1 Resource plan for operating in contingency mode
2 Criteria for returning to normal operating mode
3 Procedures for returning to normal operating mode
4 Procedures for recovering lost or damaged data
5 Testing and Training

Document Testing Dates

Complete disaster/disruption scenarios

Develop action plans for each scenario

Plan Maintenance

Document Maintenance Review Schedule (yearly, quarterly, etc.)

Maintenance Review action plans

Maintenance Review recovery teams

Maintenance Review team activities

Maintenance Review/revise tasks

Maintenance Review/revise documentation
Step Eight – Test the Plan
1. Develop test strategy
2. Develop test plans
3. Conduct tests
4. Modify the plan as necessary

Step Nine – Maintain the Plan
1. Review changes in the environment, technology, and procedures
2. Develop maintenance triggers and procedures
3. Submit changes for systems development procedures
4. Modify unit change management procedures
5. Produce plan updates and distribute
Step Ten – Perform Periodic Audit
1. Establish periodic review and update procedures

What do you think?

Written by admin


Leave a Reply

Your email address will not be published. Required fields are marked *



Personal Ethics Statement

Investigatory project