Disaster Recovery Plan (DRP)

Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster.

Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. This article focuses on disaster recovery planning as related to IT infrastructure.

Classification of Disasters

Disaster can be classified in two broad categories. Viz, 1) Natural disasters- Preventing a natural disaster is very difficult, but it is possible to take precautions to avoid losses. These disasters include flood, fire, earthquake, hurricane, smog, etc 2) Man made disasters- These disasters are major reasons for failure. Human error and intervention may be intentional or unintentional which can cause massive failures such as loss of communication and utility. These disasters include accidents, walkouts, sabotage, burglary, virus, intrusion, etc.

General steps to follow while creating BCP/DRP

1. Identify the scope and boundaries of business continuity plan.
First step enables us to define scope of BCP. It provides an idea for limitations and boundaries of plan. It also includes audit and risk analysis reports for institution’s assets.
2. Conduct a business impact analysis (BIA).
Business impact analysis is study and assessment of financial losses to institution resulting from destructive event as unavailability of important business services.
3. Sell the concept of BCP to upper management and obtain organizational and financial commitment.
Convincing senior management to approve BCP/DRP is key task. It is very important for security professional to get approval for plan from upper management to bring it to effect.
4. Each department will need to understand its role in plan and support to maintain it.
In case of disaster, each department has to be prepared for the action. To recover and to protect the critical systems each department has to understand the plan follows it accordingly. It is also important to maintain and help in creation of plan for each individual department.
5. The BCP project team must implement the plan.
After approval from upper management plan should be maintained and implemented. Implementation team should follow the guidelines procedures in plan.
6. NIST tool set can be used for doing BCP.
National Institute of standards and Technologies has published tools which can help in creating BCP.

Source: Wikipedia