DR is part of BCPPreventative: UPSs, Backup generators, security locks, etcDetective: Spiceworks, alerts, security systems, etcCorrective: Data backups, security escorting offender off property, etc.
ASK: based off definition has anyone here experienced disaster?How did you fix?
Common: most plans coverLess common: things that bite you in the buttEquipment: servers, UPS, wiring, etcSoftware: built in house, proprietary, etc
Dilbert – come up with better plan when talking to your pointy haired boss
Location: faulty wiring, bad foundation, natural disastersBusiness: online – DDOSHospital – PII, High impact, low probability – Tsunami in London Deadlines – Newspaper example
Dept Heads – (hopefully) in touch with day to day operations. Will know what needs to be coveredCompliance officers – If backup plan is to take hard drive home with you every night and leave on kitchen table with PII on it, might not be compliantBusiness owners – Don’t tell your boss he’s a monkey in my presentation
Call tree – Names and numbers of emergency contacts if disaster happens. Make sure everyone is around.Job Responsibilities – Make sure people know what to do in case of emergency. Also have backup peopleInfo – Example earlier – phone/internet lines cut, where can you find info? EXIT SIGN EXAMPLEOwners – People responsible for keeping abreast of changes. DR is living document
Considerations when backing information upAutomation – don’t want to manually press button for each backup, want preventative, detective, and corrective measures in place as much as possible without manual interventionHow often – back to examples for Developers, Sales, HR, Etc
Distance – far enough to not be affected by same disastersPower grid – don’t put colocation on dirt road with single power line that is rottingNatural Disaster proof – colocation in basement of flood prone areaRemote support – install software, reboot server, etc.
Security – physical and digital. Location with secure access to servers, data transferred securely, stored securelyBackup – are incremental\\delta\\block backups available. Don’t want to backup all data all the time (time constraint)Restore – same as backup. Easy to restore? Not disaster proof – “transfer certificate” to secure communications with new VM. Bug with cert expiration date (Feb 29th) caused failures, migrated to other vms, caused more failures. Down 13 hours to fix.
Cover? – Talking with dept heads and everything they need backed up/covered, is budget enough? If not, reconvene Cheaper alternatives – goes with doing your due diligence. Make sure your solution is best, but also cost effeciveCost per dept – make sure everyone’s getting a fair piece of the pie. Also helps with scalability for changes to business/plan
Pic from 1923, Washington DCImagine what guy on left is thinking. “Has he tested this yet?”Test anytime anything changesPhases – Don’t compound issues and create potential disaster for yourself. Isolate tests (think dominoes)Timeframe – If dev gives you 8 hours to restore source code, makes sure that’s feasible
WebinarsHow-tos (Exchange 2003, rescuing deleted files)DR planning template Questions and answers from Pros.