DR Planning. Presented by. Matt Stolk Associate Director Northwest Regional Data Center Florida State University

Transcription

1

2 DR Planning Presented by Matt Stolk Associate Director Northwest Regional Data Center Florida State University

3 Why are we here? Over the last couple of years, business continuity has become more of a priority for many organizations. Understanding the needs and requirements for building a successful DR plan are just some of the struggles on the road to implementation. Major challenges in developing this plan center on the identification and classification of applications and data, developing business requirements, determining the infrastructure and software needs, as well as weighing cost against these requirements. This session will go over NWRDC s experiences in building their DR plan and touch on lessons learned from doing this as well as working with our customers in building their plans.

4 Why are we really here?

5 Why is a DR Plan Important

6 So what do we need to plan for?

7 What does a DR Plan Consist of? According to National Institute for Standards and Technology (NIST) Special Publication , Contingency Planning for Information Technology Systems, the following summarizes the ideal structure for an IT disaster recovery plan: Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan. Conduct the business impact analysis (BIA). The business impact analysis helps to identify and prioritize critical IT systems and components Identify preventive controls. These are measures that reduce the effects of system disruptions and can increase system availability and reduce contingency life cycle costs. Develop recovery strategies. Thorough recovery strategies ensure that the system can be recovered quickly and effectively following a disruption. Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system. Plan testing, training and exercising. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness. DR Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements.

8 DR Policy Statement Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan. Example XXXX shall maintain a Disaster Recovery Plan that establishes procedures for business resumption in the event of an emergency. This plan shall be reviewed yearly and updated as necessary. A copy will be located HERE. XXX will conduct annual disaster recovery tests, at a minimum, to ensure services recoverability. The tests will be executed over a 24 hour period.

9 Business Impact Analysis Conduct the business impact analysis (BIA). The business impact analysis helps to identify and prioritize critical IT systems and components. Information needed from Business Units and Application Owners. Completed by both IT and the Business Units Identifies requirements for Recover Time Objective (RTO) as well as perceived impacts to the organization as a whole Identifies System and Application POCs

10 Identify Preventative Controls Identify preventive controls. These are measures that reduce the effects of system disruptions and can increase system availability and reduce contingency life cycle costs. OK so what does this mean? Examples: Server Clustering GEO Replication Offsite backups Backup Replication Hot/Warm/Cold DR Site Cloud

11 Develop Recovery Strategies Develop recovery strategies. Thorough recovery strategies ensure that the system can be recovered quickly and effectively following a disruption. How will things be recovered How will we meet the RTO defined in the BIA Will feed into the DR Runbook

12 Develop IT Contingency Plans Develop an IT contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system. This is the DR Runbook Should have detailed instructions on how to recover Should be written in a way that anyone with Access could run through the recovery

13 Test the Plan Plan testing, training and exercising. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness. If everything goes as planned you are not testing hard enough Depending on the situation the runbook may be modified or not completely followed Be sure to discuss the outcome of the test with the group Improve the plan, post testing is the best time to make changes

14 Review and Update the Plan Plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements. Be sure to keep track of revisions Summary of changes is sometime helpful Ensure that staff and vendor contacts information is current Verify inventories, machine names, backup inventories

15 Resources to Assist FEMA Business Continuity Planning Suite Includes: Disaster Recovery Plan Generator for IT Recovery Business Impact Analysis (BIA) Forms Test Tools (Scenarios) Training Plan Maintenance Walk through

16 DR Plan Generator

17 DR Plan Generator

18 DR Plan Generator*

19 DR Plan Generator

20 DR Plan Generator*

21 DR Plan Generator*

22 DR Plan Generator*

23 DR Plan Generator*

24 DR Plan Generator*

25 DR Plan Generator*

26 DR Plan Generator

27 DR Plan Generator*

28 DR Plan Generator*

29 DR Plan Generator

30 DR Plan Generator

31 DR Plan Generator

32 DR Plan Generator

33 DR Plan Generator

34 DR Plan Generator

35 DR Plan Generator

36 DR Plan Generator

37 DR Plan Generator

38 DR Plan Generator

39 DR Plan Generator

40 DR Plan Generator

41 DR Plan Generator

42 DR Plan Generator

43 DR Plan Generator

44 DR Plan Generator

45 DR Plan Generator

46 DR Plan Generator After completing the wizard in the tool, you can browse to the MS Word version of the file you created. It is stored in the directory listed below: InstallDirectory \Business_Continuity_Planning_Suite\Business_Continuity_Planning_Suite\media \Disaster_Recovery_Plan_Extract\temp.doc

47 What s Next? Actionable Items: Next Week Application and Server Inventories Identify key staff resources for planning Next 1 to 6 Months Meet with Business Process Owners (BIA) Get buy in! Determine the requirements and options Budget Next Year Implement Test! Test! Test! Update, Improve, Maintain

48 Resources FEMA Business Continuity Planning Suite NIST rev1_errata-nov pdf Gartner Northwest Regional Data Center Matt Stolk (850)