Disaster Recovery / Business Continuity

April 27, 2017 isec No Comments

Service overview

Your business need

It is only a matter of time before a disaster affects information, systems, business and brand. Every organization should develop and properly maintain a solid plan, so the road to recovery gets a half shorter. In the process of managing disaster recovery, essential are the working teams, planning activities and effective recovery procedures.

Disaster recovery activity is part of a more complex business continuity process. However, there are situations in which recovery is the only existing process for business continuity. Planning activities must follow a detailed risk analysis and take into account all business services and processes resulted with high and medium priority in the above analysis. Usually, there are four levels for the priority-ranking: critical, essential, necessary, desirable. Recognizing a disaster is not always easy as it might not have immediate or significant impact on a service or on the availability of operations. To facilitate de process, organizations should furthermore use a detailed categorization scheme.

Our approach

isec’s consultants have extensive experience in implementing recovery processes in case of disasters, knowledge and a situational thorough approach using different points of view: business, operational or involved efforts.  After developing all the necessary documentation and the management approves it, we intensively test the processes with the use of different scenarios.

It is possible that sometimes it seem far away from reality, but experience has shown us that you can never be enough prepared for situations of natural or human disaster, either accidental or resulted from malicious actions. The test results are analyzed and furthermore actions should be taken. We strongly suggest managers to continuously test the approved DRP for improvement and gaps identifications.

Methodology

Teams needed for a solid disaster recovery process can be: location’s team, recovery operations team, business recovery team, etc.

Typical recovery procedures include creating notification lists, establishing teams with members and their coordinators and resources needed to launch clear recovery operations, authorizations, access, forms, storage location and methods of access, facilities, documentations and critical or vital records.

For those businesses that needs special recovery teams for certain services and business lines, team members must have easy access to all relevant information and special approvals must be facilitated during the recovery activities.

Entire documentation should be available to authorized team members ​​after approval, distributed according to distribution lists agreed in the planning phase, so that recovery can start with all the necessary information available.

Every DRP should be maintained, tested and personnel should be trained. Afterwards, the plan should be properly promoted and activities coordinated through intervention teams.

Deliverable

Deliverables for this service are as follows:

  • Scope statement for the BCP effort
  • BIA (Business Impact Analysis), RA (Risk Assessment), SPOF (Single Points of Failure) documents
  • BCP Plan
  • Communication and Coordination Plan
  • Emergency Response Plan
  • Test methodology and Test Plan
  • Results of testing, Maintenance proposal in final report