ISOM - Disaster Recovery Plan

Most businesses depend heavily on technology and automated systems, and their disruption for even a few days could cause severe financial loss and threaten survival.
The continued operations of an organization depend on management’s awareness of potential disasters, their ability to develop a plan to minimize disruptions of critical functions and the capability to recovery operations expediently and successfully.
A disaster recovery plan is a comprehensive statement of consistent actions to be taken before, during and after a disaster. The plan should be documented and tested to ensure the continuity of operations and availability of critical resources in the event of a disaster.
The primary objective of disaster recovery planning is to protect the organization in the event that all or part of its operations and/or computer services are rendered unusable. Preparedness is the key. The planning process should minimize the disruption of operations and ensure some level of organizational stability and an orderly recovery after a disaster.


Other objectives of disaster recovery planning include:
• Providing a sense of security
• Minimizing risk of delays
• Guaranteeing the reliability of standby systems
• Providing a standard for testing the plan.
• Minimizing decision-making during a disaster


The planning committee should prepare a risk analysis and business impact analysis that includes a range of possible disasters, including natural, technical and human threats.
Each functional area of the organization should be analyzed to determine the potential consequence and impact associated with several disaster scenarios. The risk assessment process should also evaluate the safety of critical documents and vital records.
Traditionally, fire has posed the greatest threat to an organization. Intentional human destruction, however, should also be considered. The plan should provide for the “worst case” situation: destruction of the main building.
It is important to assess the impacts and consequences resulting from loss of information and services. The planning committee should also analyze the costs related to minimizing the potential exposures.


Processing and operations should be analyzed to determine the maximum amount of time that the department and organization can operate without each critical system.
Critical needs are defined as the necessary procedures and equipment required to continue operations should a department, computer center, main facility or a combination of these be destroyed or become inaccessible.
A method of determining the critical needs of a department is to document all the functions performed by each department. Once the primary functions have been identified, the operations and processes should be ranked in order of priority: Essential, important and non-essential.

The Steps are as below

1. Obtain Top Management Commitment
2. Establish a planning committee
3. Perform a risk assessment
4. Establish priorities for processing and operations
5. Determine Recovery Strategies
6. Perform Data Collection
7. Organize and document a written plan
8. Develop testing criteria and procedures
9. Test the Plan
10. Approve the plan

Citation-
http://www.drj.com/new2dr/w2_002.htm