The assignment for this week says to create an epic Disaster Recovery Plan. The list of features is not very useful because it asks for complete works of fiction based on the hypothetical employees of the enterprise whose plan you are writing.
In ITS 4350, we saw some relevant statistics:
The three statistics above should tell you to have a plan in place that will not let the disaster close your company.
It often helps people to deal with a problem if they can break the problem into smaller pieces. I think this is why there are so many subset discussions in IT. Consider two classification schemes regarding disasters:
What should be crossing your mind now is why the category you place a disaster in should matter? Are the plans in the red books or the blue books depending on the classification? If that is how your organization works, go for it. The rest of us are going to the next topic.
The course planners seem to think we should form a team for Disaster
Recovery, and assign duties to each position or role. In a small company,
you should expect that many things are done by a handful of people, and
this is so on each team in a large company. You should form a group to
handle the concerns of each item
in your BIA, since those are the
elements that you decided were important at the beginning of the planning
process. If you need a separate group for each BIA element, you probably
have a very complex organization. If one team can do the whole thing,
good for them. You are better served if all the teams (however many there
are) cooperate and communicate
their intentions to each other. They are all building (or rebuilding)
the same company. Management oversight should be quite thorough because
the end result of this process is our new, improved organization.
A formal guide to DRPs can be found in NIST SP 800-34, Revision 1. Get support to make the plan, consult the BIA, propose and add controls to reduce the need for the plan, plan to service the disaster, write out the plan (Duh?), test the plan, then review and maintain the plan. Familiar enough?