Unfortunately, many organizations have to experience the pain of disaster to understand how it could be circumvented or mitigated the events that caused the pain. Provide a short disaster recovery plan (DRP) to prevent a small company’s IT operation. Make a list of procedures to complete in preparation of the DRP. You may use fictitious examples to support your argument.
The first thing in the development of disaster recovery plan is the identification of potentials threats to IT infrastructure of organization and then perform a risk assessment as well that could highlight the vulnerabilities in the infrastructure. Later on there is need to prioritize the IT elements that are meant to be protected to keep business processes live again. The team aimed at the development of plan should have meetings with the internal development team and other teams including networking teams to inform them and convince them about the DRP. The team then will gather all the relevant documents including network diagrams and collect the copies of existing DRP as well if there is any. Then it comes to threat identification and the internal development team should be asked about what they think can be a serious threat to the IT domain of company; the threat can be any fire, human error, attack or anything (Kirvan, 2009). The DRP team should also consider other vulnerabilities in the system that could cause a greater danger in case of emergency like older database copies or backup power plans. It is also important to know the time that the management team can afford if the system is unavailable to them in case of any vulnerability in system. Reviewing the existing repose strategies in case of emergency can also help in formation of new DRP and its results can also be considered. An important aspect is to form an emergency response team of the employees and assign them their duties relevant to all critical aspects. The team should be trained accordingly to the role assigned to them. This new DRP should be reviewed with the existing practices adopted by company in order to prevent attack on its IT domain. This new plan should be presented to the management of company and inform them about what new has to be implemented in this plan. Once finalized it should be documented properly so that it can work as a guide for emergency response team. The testing of plan will help in evaluation of plan and issues in that plan. A testing emergency situation should be created and ask employees about it is a test for emergency plan.
BCP and DRP are getting more attention in organizations because the risks are better understood, business partnership constructs require them, and regulatory and legal requirements pertaining to this type of protection are increasing. Provide examples with organizations that have undergone these BC/DR requirements for their business nature. You may use fictitious examples to support your argument.
The organizations have understood very clearly that what damages they might have to face in case of any disaster to their business processes and how it could affect their image and competitive advantages in market. It has now become essentials for all organizations to focus on the formation of plans that could let them continue their businesses even in case of any disaster. The organizations are well aware of the fact that disaster can be natural or man made and the disasters can occur anytime but they have to be prepared for it every time so that in case of emergency they could implement their emergency plan to keep the business processes running on another location. Let us take an example of an IT company that had in-house product, an e-commerce website. They had their server in the same building where they had their whole development team and sales team all together. When the disaster hit the company all the operations of company were down not even sales team neither their development team were able to do anything (FR-Tech, 2016). Then they realized that there is need for business continuity process that could help them in running their business process in a steady manner even in case of any emergency. The development team decided to move their servers to another secure location that is least expecting natural disaster however there might be another manmade disaster. Moreover they focused on shifting to cloud servers as well. Routine backup was scheduled on their server moreover that backup was also synched with their cloud servers so that even in case of attack on their server, their data should be available. The company also decided to set up a separate space for sales team and order processing so that all those operations should be handled at a more secure place. The company also focused on development of Disaster Recovery Plan that how they should act in case of emergency (Harris, 2012). The team was formed and their roles were assigned as well that if again such disaster happens how the employees should be acting and what should be their priorities.
If the companies do not focus on the formation and implementation of BCP and DRP then the company might have to face a lot more loss that they expect. They might be in debt as a disaster can ruin the whole organization as well. The companies also focus on moving to a different location temporarily depending upon the nature of business; like a business where public dealing is involved and the company has to offer its walk in customers.
To develop and carry out business continuity efforts successfully, plenty of thought, planning, time, and effort must go into the different phases of this activity. The real threats must be identified and understood, reasonable countermeasures must be put into place, and detailed plans must be outlined for the unfortunate but anticipated day when they are needed. As part of the DRP, make a list of procedures to complete a successful DR plan. You may use fictitious examples to support your argument.
In order to define a disaster recovery plan for an organization, there are several points that are taken into consideration before the planning stage. The identification of threats and internal information about the organization is important that should be consulted all the time while going towards the designing phase. Once the threats are identified then comes the formation of a contingency planning policy statement that could work as a guidance to develop a contingency plan in case of emergency. In order to prioritize the IT assets Business Impact Analysis can do its part as it will point out which assets are critical for operations in organization (Chisholm, 2016). The next step is the identification of controls that could work better in emergency to reduce the damages to the assets and could keep the information availability possible and systems running. It cannot be said that those controls will surely eradicate the damage however that can be utilized in minimizing the damages. Following these steps comes to the development of recovery strategy that could be implemented in case of any disruption in IT system so that the system could be saved from larger disaster. Once the recovery strategy has been designed then comes to design a contingency plan that could help the system to be restored after the emergency situation. Once all the steps have been completed and a complete DRP is formed then comes the stage to test that plan. It is important to train the employees of organization so that they could understand their roles and responsibilities at the time of disaster. This training will help in successful implementation of DRP. Moreover the senior management support should be obtained in order to ensure achievement of goals. This process should be focused on correct and current information because if the information will be out dated then the plan formed on that information will not fit best for current scenario or company business processes settings. All the security standards should be consulted and applied in plan.