Login Signup
Verified Document

Disaster Recovery Refers To The IT Components Essay

Related Topics:
Disaster Management Earthquake Mitigation Business Continuity Fire Prevention
Open Document Cite Document

Disaster recovery refers to the IT components of the business that, in times of a disaster, need to be safeguarded so that business can be continued. Disaster recovery is more a preventive plan set in motion prior to the organization and implementation of the business than a series of actions that are followed once the disaster hits the company. Given that most companies are, to a large extent and in many ways, reliant on their IT system, and that collapse of IT system has ramifications beyond the company, disaster recovery has become a significant part of planning to today's organization. Disasters can be classified into two areas:

Natural disasters -- for example floods, hurricanes, or earthquakes where mitigation measures ahead of time can work towards avoiding or reducing data loss and IT cessation.

Man-made disasters -- such as terrorism where surveillance and avoidance planning can also work towards mitigating and reducing possible determinable results.

Most large companies spend between 2% or 4% of their budget on disaster recovery planning, with the hope that they will avoid large losses were their business to collapse and cease to function, even for a short period of time, due to IT loss of operation and immobility to access data.

The basic principles of planning for recovering from a disaster

Disaster recovery planning (DRP) is a sublet of business continuity plan (BCP) and the two are integrated together when forming a plan for recovering from disaster. Essentially, three measures are involved. These are:

1. Preventative measures -- which are strategies that are planned and worked through to prevent an event form occurring

2. Detective measures -- where controls are put in motion for detecting potential disasters ahead of time

3. Corrective measures -- where controls are planned ahead of time in order to correct and restore the system (business continuity) planning after the disaster has occurred.

The entire plan is outfitted with recovery point objectives (RPO) (i.e. goals for recovery) and recovery time objective (i.e. optimal time limit in which recovery should occur) (RTO). All of this must be matched with the IT systems and infrastructure itself. Each IT infrastructure is then outfitted with specific plans that are most suitable for its recovery and for its system. Both RPO and RTO metrics need to be aligned t a suitable budget, and to be carefully planned in accordance with that budget particularly since some solutions are more expensive than others. Some businesses, again, may have to revert to more expensive solutions depending on their reliance on their IT system.

The most common strategies for data protection include the following:

High availability systems where data and system is replaced in an off-site area where there is continuous access to data and systems

Replication of data to an off-site system

Backups made to both a disk on- and off-site, or backups made directly to an off-site disk.

Backups made to a tape and sent at regular intervals to off site locations.

Precautionary measures that organizations implement include the following:

Anti-virus software and other security systems

Fire prevention

Backup generator and/or uninterruptible power supply to keep the system going in the case of a power failure

Surge protectors

Local mirrors of systems and use of disk protection technology

Why disaster recovery is important

With some companies possessing customers worldwide and operating in extremely competitive atmospheres, it is crucial for these organizations to respond instantly and speedily. The organizations not only have to ensure that their customers are satisfied but they have to delver timely and quality treatment. Data of these customers and issues related to them would have to be easily and rapidly accessed and, with some businesses, IT downtime may spell a spiral of ramifications where other clients are, in turn affected. Accordingly, downtime, if occurring, would not just have to be explained to one client but to exponential other individuals. For these reasons, the organization has to do it its utmost to prevent disaster, or, in the case, of disaster, deal with it as speedily and as efficiently as possible.

Another factor that demands instant and continuous processing is the nature of the work itself. Some companies have clients who rely on the organization for their computer-related problems or for data that is computer based and information has to see to these clients on a regular standard. If the IT base is unavailable, the organization may experience a significant loss of one or more - or even a chain of -valuable customers.

A break in this work may set off a toppling effect, where other companies, experiencing loss too, set off a spiral of destructive events that may cause significant loss and negative...

The first is relocating to an alternate vendor facility where the organization would have to implement a contract with a vendor for which the organization would have pay a monthly service of, for instance $25-$35 for the 'seat'. The vendor guarantees the location to be available for the company during a disaster, and the vendor provides a trailer at this alternative site where all IT equipment such as the required laser printers, PCS and phones, fax machines, access to conference rooms, copiers, switchboards, and LAN servers are available.
The second option is relocating to an internal alternate facility at the company itself. Here, the advantages are that the organization would not have to pay monthly payment; space would have been available, and the alternate facility would have been fashioned prior to disaster so that all equipment would be ready for company to use in case of disaster. The disadvantages, of course, are that the disaster (such s a fire or earthquake) may impact the whole business, impacting this internal site too)

The third option is finding an external alternate site at the time of disaster. Whilst this may be cheaper for the organization, the benefits depend on the extent to which the organization is reliant on IT as part of its business. To some whose business depends on IT (such as being in constant contact with other clients via their IT system and having to keep up minute-by-minute with Internet news), such a scheme may be ruinous to the organization since precious time would be consumed in locating a vacant facility and purchasing and setting up the needed equipment. Long lead times on some of the digital equipment may accrue; and challenges include the fact that the organization must recover systems with software that is (hopefully) backed up and stored offsite

The fourth option is that employees may work from their home. This is advantageous in that it is simplest and least costly to the organization. However, employees need more than PC laptops for them to function equitably. They need a complex system of technological devices. Furthermore, a competitive and complex company necessitates synchronous work and contact. Employees' security certificates must be current, and their Internet connection must be assured to be highly efficient and working smoothly and rapidly for this latest plan to succeed.

The roles individuals and management play in disaster recovery planning, testing, and implementation

The disaster recovery process consists of an a priori plan of defining rules and processes in order to ensure the smooth going of the operation. This means coordination of a planning group as well as performing risk assessments and audits as well as recovery strategies and developing verification criteria.

Stakeholders of the company as well as key people of each division should be members of the team.

Roles that the individuals play are in identifying possible risks and making plans to mitigate the risks as well as exposure to these risks. Further plans are conducted to work towards restoring the operability of systems in the event that hey has collapsed.

The IT Disaster recovery planning process consists of 6 steps where the team does the following:

1. Develops the business contingency planning policy and business process priorities

2. Conducts a risk assessment

3. Conducts the business impact analysis

4. Develops business continuity and recovery strategies

5. Develops business continuity plans

6. Conducts awareness, testing and training of the disaster recovery plan (DRP)

7. Conducts DRP maintenance and implementation.

(Bahan, 2003).

The importance of testing and ongoing maintenance

It is critical that continuous testing and ongoing maintenance be conducted of the DRP. This is so because organizations undergo continuous change and disasters are often unpredictable and unexpected. The organization does not want to be caught off guard leading in its possibility of losing valuable data and having to fold its business. Plans, therefore, must be up-to-date and change management processes must be constantly reviewed to ensure recovery plan maintenance. Some times, plans may have to be modified and changed altogether as when the business goes through a radical transition or through new hands or moves to a new location.

Maintenance of DRP is important since, if not performed, millions of dollars and valuable customers can be lost and never recovered where IT processes to be disrupted. This…

Continue Reading...
Sources used in this document:
Sources

Bahan, C. The Disaster Recovery Plan. SANS Reading Room, 2003

http://www.sans.org/reading_room/whitepapers/recovery/

Bell, Judy. Why Some Recovery Plans Won't Work. Disaster Recovery

Journal. Spring 2003
http://www.contingencyplanning.com/PastIssues/apr2003/5.cfm
http://findarticles.com/p/articles/mi_m0DUD/is_1_22/ai_68864006/
http://archive.devx.com/enterprise/articles/drecovery/IBM_BCRS/Demarco-1.asp
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Disaster Theory & Emergency Management
Words: 3083 Length: 10 Document Type: Term Paper

As Nielsen and Lidstone (1998) note, It is ironic that the public demands safety yet a number of cost-effective and feasible measures to mitigate disasters are not adopted by many... Such a failure of the public to adopt disaster mitigation measures has a long record in Australia (Nielsen and Lidstone 1998) This attitude is one of the reasons given for the greater emphasis on public education. In theoretical terms, the view is

Read More
Essay
Data Backup, Recovery, and Business Continuity at Google
Words: 1505 Length: 5 Document Type: Essay

Strategic Plan for Google The following is an outline of the strategic plan for Google that provides insights into the organizational activities, competitiveness, and performance. Executive summary of the business plan of Google Google The mission statement of Google Corporate Culture of Google Historical Development, Performance, and Results of Google Management and the Leadership Structure of Google Situational Analysis of Google (SWOT) Analysis Strengths of Google Weaknesses of Google Opportunities of the Company Threats Facing the Performance and Competitiveness of Google Market Research

Read More
Essay
Virtualization Technologies Virtualization Refers to
Words: 2722 Length: 8 Document Type: Research Paper

A virtualized environment also meets the requirement of offsite backup storage and geographical compliance requirements. Virtualization is also important to an organization with a mobile workforce because it enhances data concentration hence posing less risk of data loss compared to having the data dispersed on removable media, portable computers or embedded devices while out in the field. If the organizations security staff carefully constructs applications that restrict access and services

Read More
Essay
Emergency Management Disasters Are Political Occurrences; They
Words: 2908 Length: 8 Document Type: Essay

Emergency Management Disasters are political occurrences; they can either destroy or glorify politicians. The spectacular temperament of disasters calls for the involvement of these chief executives and they test their leadership merits. How politicians control these rare occurrences can frame how their whole term in office receive judgments. During his last White House Press Conference, President George W. Bush was asked about the mistake he made during his reign, and among

Read More
Essay
Computer Security: Corporate Security Documentation Suitable for
Words: 5280 Length: 19 Document Type: Essay

Computer Security: Corporate Security Documentation Suitable for a Large Corporation Item (I) in-Depth Defense Measures (II) Firewall Design (III) Intrusion Detection System (IV) Operating System Security (V) Database Security (VI) Corporate Contingency of Operation (VII) Corporate Disaster Recovery Plan (VIII) Team Members and Roles of Each (IX) Timeline with Goal Description (X) Data Schema (XI) Graphical Interface Design (XII) Testing Plan (XIII) Support Plan (XIV) Schematics Computer Security: Corporate Security Documentation Suitable for a Large Corporation (I) In-Depth Defense Measures Information Technology (IT) Acceptable Use Policy The intentions of

Read More
Essay
Information Security Evaluation for OSI Systems a Case Study
Words: 4698 Length: 10 Document Type: Case Study

OSIIT An analysis of IT policy transformation The aim of this project is to evaluate the effectiveness of information security policy in the context of an organization, OSI Systems, Inc. With presence in Africa, Australia, Canada, England, Malaysia and the United States, OSI Systems, Inc. is a worldwide company based in California that develops and markets security and inspection systems such as airport security X-ray machines and metal detectors, medical monitoring anesthesia

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now