Peak Performance through ...

        Experience

              Intelligence

                   Integrity

 

 

 

 

 

 

 

 

Disaster Recovery Planning

Absolutely essential to the survival of every organization; regardless of their size, their product, or their service.

 

◄FACT►

Most businesses do not have disaster or business recovery plans.  On average, 45% of companies that experience a disaster, never recover from that disaster; they close!

 

Business Continuity Planning

 Logistical planning to return the business to normal functions in the event of a full or partial interruption of business.

 

Threats that face businesses today; exist, are present,  and are very real.  Evaluating and planning for worse case scenarios of business and IT disasters should be part of every businesses' annual process --  businesses should do it, audit & compliance require it; stakeholders and clients expect it!

 

 

 

◄FACT►

MKG researched over 100 companies.  80% lacked Disaster Recovery Plans & Preparation documentation.  20% that had documentation; only 5% performed some testing.  Only 1 believed they could recover from a total IT environmental disaster.

 

 

ISACA tests & examinations indicated that the number one asset to protect are people.  MKG has always practice one simple statement; "the People are the Product".  When businesses place the highest importance on their employees, their clients and their vendors, the byproduct creates a well run and managed organization.

 

 

◄FACT►

Over the past 6 years, MKG discovered that 95% of companies do not perform backup recovery testing to ensure their production data & systems could be recovered in the event of a disaster.

 

 

Potential Threats that every company should evaluate:

 

►People; the "trust" factor

►Terrorism

►Espionage & sabotage

►Vendor's sabotage; faults

►Communication outages;

   cloud corruption

►Power outages; fluctuations

►UPS protection failure

►Fire; smoke damage

►HVAC outages

►Vandalism

►Located near vulnerable

   areas; airports, railheads,

   chemical plants, etc.

►Natural disasters; floods,

   Earthquakes, severe storms

►Supply chain interruptions

►Denied access to your

   office space

►Threats that impact other

    businesses that directly, or

    indirectly affect your

    business

►Internet inaccessibility

►Network & hardware down

►Government; regulation;

    compliance;

►Computer viruses, scams,

   spam, phishing, spyware

   DoS attacks, adware ...

►Business growth

 

 

 

Ask yourself, what do we do to

alleviate, mitigate and eliminate the threats.

 

Follow these steps:

 

1.) Perform a Business Impact Analysis (BIA)

2.) Develop of a Risk Assessment & Risk

     Analysis

3.) Create & keep current IT Asset Inventories:

     ◘ Organization Charts (People)

     ◘ Job Descriptions & Functional Charts

     ◘ IT Password Database (High Security)

     ◘ Network Diagrams(LAN/WAN)-data & voice

     ◘ Manufacturer, Make, Model, Firmware,

       Revision Levels, Versions, Service Levels:

        ▪ Network & Communication Devices

        ▪ Telecommunications Systems

        ▪ Servers & Primary Processing Units

        ▪ Operating Systems

        ▪ Utility & Maintenance Software

        ▪ Application Systems (purchased)

        ▪ Application Systems (created)

        ▪ Wireless Systems

        ▪ Internet Sites

        ▪ Desktops, Laptops, Handhelds

        ▪ Proprietary Devices & Specialized Units

        ▪ Telephony numbers - voice & data

     ◘ Floor Plans; Building Plans

     ◘ Policies & Procedures documentation

4.) From the lists above, create RTOs & RPOs

     for all IT programs & systems.  Basically, ask

     yourself this; "what Client and Internal IT

     programs & systems must be restored first,

     second, third; etc.".  Prioritize all systems

     recovery objectives.

5.) Determine types of locations are required:

    ◘ Hot site - ready when a disaster is declared

    ◘ Warm site - some hardware, software and

       network preparation is required

    ◘ Cold site - site is available, but not housed

       with hardware, software and network gear.

   ◘ Internal Company Alternate Sites

   ◘ Home operations and relocations

 

       ▪ Documentation

                ▪ Documentation

                            ▪ Documentation

 

It is a MUST DO!

 

There is NO substitute!

 

It is an audit & compliance requirement!

 

 

Where do we start ...

 

►Appoint a champion/s,

   a leader/s, a sponsor/s of

   DRP and BCP.

►Establish a DRP/BCP

   steering committee.

►Develop a:

    ◘ Mission Statement

    ◘ Corporate Policy

►Board of Directors

    review and approval.

►Perform an Internal IT Audit.

►Create Policies and

    Procedures.

►Enlist the services of a

   specialist; an experienced

   group of people that can take

   the lead and follow through

   on the commitment.

►Ensure IT Data and Systems

   Backup/Recovery Testing is

   being performed on a daily,

   monthly & quarterly basis.

►Who, what, when, where

   and why a disaster is

   declared!

►Check, confirm & verify that

   insurance for all assets are

   reviewed annually & current.

►Ensure the "change

   management" process of IT

   and systems create a

   process flow to update the

   DRP & BCP - it's just part

   of the natural flow of program

   and system changes.

►Develop checklists.

►Identify Logistics for all

   facets of Disaster Recovery

   and Business Continuity.

►Develop, create & document

   the DRP & BCP plans.

►Perform testing of the

   planning & preparation

   documents.

►Management review &

   approval.

►Key staff review & revisions.

►Simulated walk-thru's.

►Specialized testing.

►Partial system testing.

►Full DRP & BCP testing

 

Mark Gengozian has decades of experience, knowledge and know-how to administer and deliver Disaster Recovery Planning, Documentation and Administration.

 

Mark believes that DRP becomes overwhelming when management and staff look at the size of the landscape of business & technology.  It is overwhelming.  It's voluminous and it is complicated.  However, Mark breaks it down; makes it easy to understand and less complicated to manage.  Experience with systems; management of 4 IT departments, and C-level positions provide your company with Mark's proven success.

 

Unless companies begin to assess the business and risk associated with the people and technology, organizations will not develop the appropriate planning and documentation to even begin to tackle this vitally important objective for business and IT recovery.  Mark will help, assist, advise, document and test DRP areas for your company.

  

Mark is an agent for Presilient, LLC;

a Managed Services company specializing in DRP and remote;

off-site backup & recovery services.

Mark is a member of ISACA

Information Systems Audit

and Control Association

 

  Stay Tuned - New Documentation Links coming soon! 

Key elements to developing a solid Data Backup Policy

Policies. Acronyms, Terms & Definitions

Audit, Governance, Framework Links by MKG

DRP Checklists & Questionnaires

and more ...

....

Management  |  Systems  |  Audit  |  Technology

      Home  |  Biography  |  Consulting  |  Disaster Recovery  |  Audit & Compliance  |  Resume  |  References  |  Leadership

                            Copyright © 2011- Mark K. Gengozian, MKG LLC  |  Denver, Colorado  |  Privacy Statement

                                                                                             Email Contact to MarkG...