APPENDIX 8: ITDR PLAN
<Organization>
IT disaster recovery plan
<Version>
<Date of approval and publishing>
Scope
The disaster recovery (DR) plan covers the following areas:
- <List all systems and infrastructure by the plan>.
Objective
The objective of the IT disaster recovery plan is to assist <organization> in recovering the IT services and infrastructure as required within the business continuity plans.
Team structure
contact list
Roles and responsibilities
Team leader
- Assist in assessing extent of damage to IT facilities and its ability to provide a data processing service to critical business users.
- Determine the recovery plans to be invoked, based on the current status assessment and approval from the business continuity (BC) team leader after the disaster.
- Determine alternative team members and other support members of the recovery process.
- Notify recovery teams of disaster declaration immediately.
- Coordinate all recovery teams.
- Authorize the recovery teams to provide access to the alternative site for relocation of the DR teams and state recovery actions required.
- Report to BC team leader on the status of the recovery effort.
- Manage and monitor the overall ITDR process.
- Continue to provide support services to business users at the DR location.
- Determine the priorities and schedule to initiate normalcy restoration activities with approval from the BC team leader.
- Coordinate normalcy restoration with the BC team leader and other BC teams.
Network team
- Establish a user/system network by establishing connections and arrangements for the server room.
- Coordinate with the ISP to provide the means for wide area network links.
- Re-establish local area networks, access to network resources and the overall end-user connection at the system recovery site.
- Re-establish data and voice communications and access to these facilities.
- Provide ongoing support for data and voice communications and oversee communications integrity.
- Participate in and perform normalcy restoration activities.
- Liaise with other recovery teams to ensure an effective and timely recovery.
Hardware team
- Prioritize the provision of hardware that may be required to support critical services.
- Plan, coordinate transportation of, install, and maintain hardware at the alternative site.
- Coordinate with the network and communications team to ensure hardware connectivity with local, regional, and remote locations and third-party entities.
- Ensure that the hardware resources are sufficient to meet the processing requirements at the alternative site.
Software team
Platform:
- Coordinate restoration of stand-alone operating systems onto the main servers.
- Coordinate restoration of network operating systems.
- Ensure the security policy of the network operating system is adequate and appropriate with relevant controls configured to authenticate and authorize users’ access to network resources.
- Ensure that the active directory is set up appropriately with the required group and individual privileges and services for effective and secure access.
- Assess the operating system for system and data integrity before release to end-users.
- Update the DR team leader on the status of platform recovery and availability at the alternative site.
Applications:
- Coordinate restoration of applications and data which are critical to end-users and business operations as a whole.
- Follow documented procedures to recover all application files to a point in time as close to that of the event as possible.
- Assess the applications for system and data integrity before release to end-users.
- Ensure backups of applications and data are scheduled once the alternative site is active.
- Update the DR team leader on the status of application recovery and availability at the alternative site.
End-user software:
- Coordinate restoration of end-user software such as desktop operating systems, office and mail applications, and other tools and utilities required by users to perform the day-to-day business operations.
- Ensure that a standard pre-approved loadset comprising applications, tools, and utilities is maintained and restored onto end-user systems for recovery at the alternative site.
- Update the DR team leader on the status of recovery and availability of end-user applications at the alternative site.
- Assess the software for system and data integrity before release to end-users.
Data center operators team
- Ensure that access to the backup media is available.
- Communicate with hardware team and network and communications team to arrange travel to the alternative site if needed.
- Ensure availability and operation of data centers at the alternative site.
- Ensure adequate environmental controls are available at the alternative site to operate the production system from this site.
- Verify adequate physical security, such as access control devices for the data center, is available.
- Verify that access to the server rooms is limited to only those authorized and that they are monitored through access logs.
- Continuously monitor the physical and environmental controls at the data center and liaise with other recovery teams to facilitate recovery and operations at the alternative site.
- Participate in and perform normalcy restoration activities.
- Liaise with other recovery teams to ensure an effective and timely recovery.
End-user support team
- Act as a support team to end-users facing issues with hardware, software, or access to the network or network resources.
- Manage the end-user-level interfaces for incidents, problems and other end-user requests.
- Respond to end-user requests and communicate with the hardware, software, and networking and communications team to resolve end-user requests in a timely manner.
- Assist the hardware, software, and network and communications teams as required during the restoration and recovery process.
- Ensure end-users have access to e-mails, applications, and shared folder data as required to perform critical business operations at the alternative site.
Backup recovery team
- Ensure that access to the backup media is available.
- Confirm that backup media has not been destroyed in the disaster.
- Ensure backup media is secured and maintained until requested by the recovery teams.
- Provide the required media to the recovery teams on a timely basis.
- Restore backups at the alternative site for recovery and perform ongoing backups once systems are back in production at the alternative site.
- Restore systems and data using backups available in a predetermined sequence based on the application architecture and criticality of the system being restored.
- Schedule new pick-up point with off-site storage.
- Initialize new tapes as needed in the recovery process.
- Perform and schedule backups at the disaster recovery site based on business requirements and considering the available infrastructure and capacity.
- Ensure backup tapes are sent to a new off-site location for storage.
- Participate in and perform normalcy restoration activities.
- Liaise with other recovery teams to ensure an effective and timely recovery.
Activities to be performed immediately after a disaster
Activities to be performed during disaster recovery
Relevant locations
Primary recovery site
<Address>.
<Map>.
<Other necessary information>.
<Phone numbers/e-mail addresses>.
Secondary recovery site
<Address>.
<Map>.
<Other necessary information>.
<Phone numbers/e-mail addresses>.
Disaster declaration matrix
Recovery procedures
Prerequisites
<List all actions required to be performed before the start of the recovery process>.
Detailed recovery tasks
System |
Tasks |
Responsible staff |
Timing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
List of documents/manuals to be stored off site
- input forms
- user manuals
- system manuals.
<Specific details, such as name, version and storage location at alternative site for the above documents, to be updated on implementation>.
Contact list
Vendor list