Disaster Recovery Plan s1
Total Page:16
File Type:pdf, Size:1020Kb
Disaster Recovery Plan Basic Checklist & Questionnaire
1. First and foremost you must have Top Management support to implement this plan.
2. Define the goals or plan objectives. a. Determine if your Vision & Mission Statement are capable of being delivered if this plan is executed based on the Corporate Objective in your original version.
3. Prepare a Business Impact Analysis a. Define different scenarios that will impact your business b. Define a timeframe for acceptable recovery from loss c. Goals of recovery
4. What should the Plan include? a. Define types of disaster i. Flood/Hurricane ii. Tornado iii. Fire iv. Power outage v. TMI vi. Bomb Threat vii. Disgruntled Employee/Client/Vendor/Spouse 1. Restricting access to your facilities 2. Loss of data 3. Data shared with vendors or customers viii. Loss of phone ix. Loss of email x. Loss of internet xi. Loss of vendor(s) xii. Loss of computer hardware (server/workstation/printer/fax/data communication) xiii. Loss of software application (data corruption, supplier goes out of business xiv. Loss of production equipment xv. Loss of papers/records xvi. Loss of facilities xvii. Loss of a Team Member (duties need to be covered) xviii. Emergency in a neighboring building 1. Limited access to your building b. Employees i. Take care of employees so they can take care of customers ii. Develop a call list iii. Identify key employees iv. Keep employees informed v. Train employees on process vi. Outline a plan for processing payroll vii. Identify transportation options viii. Define a plan to offer emotional support ix. Plan for a timely post-disaster meeting c. Vendors d. Insurance Contracts and Agency Information e. Facilities i. Floor Plans of each facility ii. Identify hot site iii. Replacement facility 1. Square footage required 2. Special requirements necessary 3. NOTE: You may not be the only company affected. There may be competition for these facilities. iv. Equipment list and how to acquire f. Public Relations Communications i. Prepare for message to employees, vendors, customers, and public g. Departmental Plans i. Outline critical processes in detail ii. Outline plan for manual processing of business operations iii. Identify how you may mark items in case of emergency (ex. Rubber stamp) h. Accounting/Finance i. Banking/Financial Information ii. Checks/Deposit Slips iii. Special Stamps iv. Signatures to Process Documents i. Administrative i. Vendor Lists ii. Customer Lists iii. Post Office, UPS, FedEx, 3rd Party Carriers iv. Utilities v. Payroll processing j. Technical i. Phone systems to be used to communicate ii. Access to hardware to continue processing information iii. Access to software to continue processing information iv. Ability to restore/rebuild information v. UPS Systems or generators vi. Instructions to rebuild network infrastructure vii. Instructions to install software including license keys and passwords 5. Form a Team a. Management Sponsor b. HR c. Facilities Personnel d. Operations e. Public Relations f. Department Managers/Delegates g. Accounting/Finance h. IT i. Safety
6. Plan Development a. Ascertain management approval b. Include detail facility plans, office plans and department plans c. Train the team d. Communicate the Plan to the employees e. Test the Plan f. Identify acceptable amount of downtime i. Estimate cost of downtime Minimum list of items you will need to create your plan:
i. Installed Hardware list 1. Equipment Specifications 2. Serial Numbers 3. Date of Purchase 4. Support Contracts 5. Configuration Settings 6. Passwords ii. Installed Software list 1. Version numbers 2. List of Service Pack, Patch and Hot Fix 3. Number of Licenses 4. Support Contracts 5. License Keys 6. Passwords iii. Connectivity types and carriers 1. Voice communications 2. Data communications 3. Satellite connectivity 4. IP Addresses iv. Organizational Chart v. List of employees 1. names, addresses, phone numbers, emergency contacts vi. Facility Floor Plan vii. Systems Backup 1. Type of Backup 2. Rotation of Backup 3. Location of Backup viii. List of Critical Vendors/Suppliers to Contact 1. names, addresses, phone numbers ix. Identify DR Committee x. Alternate Locations xi. Alternate Vendors Questions
1. Who will be a part of our DR Team?
2. Who will be the chair of the DR Team?
3. What do we consider to be a Disaster? e.g. – Electrical Outage, Building is not accessible, Print Vendor is not accessible, etc.
4. What do we consider to be a Business Disruption? – Electrical Outage, Server Crash, no internet access, etc.
5. What will the impact be on our business, each department, our employees, our customers and our business partners?
6. What is the amount of time that we consider acceptable to recover from a Disaster? (RTO)
7. Who do we need to contact in case of a Disaster or Business Disruption?
8. Who will be responsible for the points of contact above? Identify the person in each area that will make contact and create a contact list for that person.
9. Where will we establish a point of presence if our building were not accessible?
10. How do we respond if a critical vendor would have a disaster or business disruption?
11. How will report the information to our team, our vendors, our customers, and the public? a. Who will be responsible for each of these areas? b. What will be the message? c. What will be the form of communication?
12. In an evacuation of our building where will we meet? How will we take a role call?
13. How will we educate the team on the DR plan?
14. How will we test the plan?
15. How will we keep the plan updated?