Step 1: Set Project Scope
In order to ensure that the DRP project does not overreach itself, and consequently stays within budget, proper scoping must be set. This means choosing the right people for the job and defining their roles within the larger context of the DRP initiative.
Info-Tech Tip: Building a DRP team is crucial, so you will need to bring in people from other business units and offices, thus making the team-building exercise crucial. Whatever the size of the DRP team, setting the scope of the project is an essential step for companies of all sizes.
|
 |
1.1 Assemble the DRP Team
While some team members may be selected as a result of the Stakeholder Analysis, other members will simply be logical choices drawn from existing IT staff. This advanced tool documents who the members are, the tasks required of them, and their contact information. Assembling a DRP team likely will be too advanced for smaller companies with only a few IT staff members.
|
|
- Building a DRP Team: The Main Event
|
 |
1.2 Conduct a Scope Set Meeting with DRP Team
Here you will define project goals and definitions. At this point, you may have to revisit the Disaster Recovery Planning Workbook used earlier in the Business Impact and Risk Assessment steps.
|
|
|
Step 2: Create Recovery Objectives
This step is comprised of only a single task, using just one tool to document important information on the recovery objectives for critical systems, applications, and other IT assets.
Info-Tech Tip: RPO and RTO calculations are essential for prioritizing which applications, systems, and other IT assets must be restored first in the event of a disaster. The DRP is incomplete without this document on hand.
|
|
2.1 Build Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)
There are vast differences in what constitutes essential data across industries and across enterprises. How data and IT services are prioritized depends upon the nature of the business. This worksheet is designed to help you map out how quickly critical applications must be restored, and to which point in time they must be rolled back.
|
|
- Three Key Decisions Guide Small Enterprise Backup Strategy
- Achieving High Availability in the Data Center
- Mobile Data Centers: Disaster Recovery in a Double-Wide?
- Save Costs with a DRP Outsourcer
- Set Recovery Objectives to Resume IT Services Fast
|
|
2.2 Implement a Hot Site or Cold Site
A disaster-level event such as a flood, fire, or other catastrophe will require a facility with enough power, space, and cabling that it can be set up with equipment with very short notice. Planning for data center redundancy involves serious consideration of an offsite backup facility. This research note discusses: the technology aspects of hot sites, cold sites, and mobile data centers, and key tradeoffs between the service types offered.
- The "Compliance Checklist" is designed for those companies for which legislative compliance for changes to production systems is a concern.
|
|
- Hot Site? Cold Site? Explore Your DRP Options
|
Step 3: Document the DRP
Now begins the process of assembling all of the DRP materials generated thus far in the process and packaging them into a formal structure. This will also include gathering the team together for a debrief, as well as having a vulnerability assessment conducted by an external party.
Info-Tech Tip: The "Recovery Control Meeting" template is the only advanced tool in this entire step, as it involves the use of a formal DRP team, which is generally not required in smaller, more basic IT shops.
|
|
3.1 Establish Recovery Objectives to the Team
Use the "Recovery Control Meeting" template to update the DRP team of the advancements made so far in the DRP creation process. This is also a good time to go through the actual tasks involved with responding to a disaster.
|
|
|
|
3.2 Ensure Third-Party Testing for Vulnerabilities
For companies with advanced needs, always have a third party test the corporate network for vulnerabilities and weaknesses. Performing such a test at this stage ensures that that all possible risks are mitigated before fully committing to the DRP. Use the "Penetration Testing and Network Assessment Checklist" and the sample "Penetration Services Agreement" to craft your contract.
|
|
- Highlight Perimeter Security Weakness with Vulnerability Assessment
|
|
3.3 Create a Formal DRP Document
Complete the "DRP Template," incorporating all policies, procedures, spreadsheets, and templates and agreements in the DRP document. When everything is complete, print all the documentation and place it into a binder – this is the enterprise’s official DRP. Distribute the binder to all necessary stakeholders and perform the "DRP Documentation Review" to ensure that everyone is aware of the DRP’s contents.
|
|
|
Step 4: Communicate the Plan
Having a DRP is one thing – letting the rest of the company know it is quite another. This step involves two key tasks needed to finalize the plan in terms of communication with stakeholders and the enterprise at large.
Info-Tech Tip: It is considered best practice for enterprises using these tools to establish official closure and sign-off for the DRP project in order to get management’s seal of approval for the project’s completion.
|
|
4.1 Obtain Sign-Off for the DRP
The leaders of the recovery teams must sign off on the DRP to ensure completeness and accuracy of the plan. Use the "DRP Publication Sign-off" section to record sign-off of all members of the DRP team as well as to record where copies of the plan will be kept.
|
|
- When Calamity Strikes, Get the Word Out with Message Maps
|
|
4.2 Distribute the DRP
Now that the organization has a DRP, it is necessary to prepare a program to create corporate awareness and enhance the skills required to execute the plan. Use the "DRP Communications Plan" template to convey the DRP goals and purpose to the rest of enterprise.
|
|
|
DRP Team Build Sheet
Disaster Recovery Planning Workbook
