Disaster Recovery Planning free essay sample

Disaster recovery planning can best be defined as an organization’s procedures for continuing operations in the event of the destruction of program and data files, as well as processing capability. In the case of any disaster or incident that causes a stop in the continuing work, businesses must be prepared with a business continuity plan, or a way to resume the activities required to keep your organization running during a period of displacement or interruption of normal operation. Due to the amount of money being dealt with and the high demand of services from banking institutions during times of a community disaster, banks must find a way to continue business. A proactive approach is critical to banks and planning is crucial to disaster recovery to avoid potential problems before they ever occur. Banks were among the earliest adopters of information technology in the business world. They embraced the benefits of computers almost from the birth of the high-tech industry. However, being so highly dependent on technology can cause banks to suffer at a time of disaster and is the reason why they should be well prepared for it so they can minimize the damage. If a bank were without a disaster recovery and business continuity plan and disaster occurred, they would be in huge trouble as IT is an integral part of their operations. Not only would the bank suffer but the economy would as well. The cost and effort it takes to put a disaster recovery plan in place and maintain it is well worth it considering how catastrophic it would be if a bank could not operate. There are several steps and matters that must be looked into in the disaster recovery planning process. The steps in a disaster recovery plan are assessing the risks, identifying mission-critical applications and data, developing a plan for handling the mission-critical applications, determining the responsibilities of the personnel involved, and testing the disaster recovery plan. Risk assessment is one of the biggest steps in disaster recovery planning. Risk assessment is a process that identifies, quantifies, and prioritizes risks against criteria for risk acceptance and business objectives relevant to the organization. It is something that should be performed periodically as changes in the environment and security requirements occur regularly. When developing a disaster recovery and business continuity plan, a bank must weigh how vulnerable they are to a disaster. The threat of a disaster can spell big trouble in the banking sector. Anything that may pose as a threat to disrupting their business should be addressed and an effort should be made to try and prevent or minimize any damage that could be incurred. Because of their extremely high vulnerability to a disaster, it is essential for them to do everything they can to have the best recovery plan to continue business. Once risk assessment is completed, identification of applications that are critical to accomplishing the business’s mission is essential. In other words, priorities should be set as to what is more important to the organization and what is not. This is a critical step because unfortunately in a disaster not everything will be able to be recovered, but you must have what is necessary to continue on with business. One way of going about this is going department by department in a business and seeing the function of each. Once this is done, you can rank the functions in order of what is most important. Backup files must be put in place as well as important telephone numbers and other important information being saved and stored in a secure storage location away from the regular location. Now that the bank has come to see what applications are absolutely necessary to continue business, designing a plan for handling this is the next step. There are many different strategies and ideas of recovery that must be taken into consideration. There are three different basic strategies that can be used in a disaster recovery plan. These strategies are preventative measures, detective measures, and corrective measure. Preventative measures are measures and actions taken to try and prevent disaster from striking. The bank is looking to identify and reduce risks. Obviously in the case of a natural disaster such as a hurricane or tornado or any weather related event, there is only so much that can be done. However outside of that, other things can be done to prevent a disaster such as implementation of access controls or having programs for security awareness. Detective measures are controls that identify conditions that indicated that an undesirable event has occurred. Examples of this are intrusion detection systems and audit logs. Corrective measures are measures designed to fix or correct any type of damage that has already taken place from a disaster. Some alternative ways of continuing business are storing all the critical applications in either a hot site, warm site, or cold site. A hot site is an off-site location that holds all of the company’s major applications and can take over the company’s data processing. This type of location may also hold backup copies of essential data and programs. Typically after a disaster, business can be continued at a hot site within a few hours. Backup data being loaded onto the standby equipment is the only thing that needs to be done. A warm site is a facility that is already stocked with all the hardware that it takes to create a reasonable duplicate of the primary data center. If disaster should occur, business can continue at a warm site within a day. A cold site has all the electrical connections and other physical requirements for data processing, but it does not have the actual equipment. Business can resume after a disaster anywhere from one to three days at a cold site. Hardware at a cold site is typically very generic and can be quickly obtained from vendors. A big difference between these sites is the cost involved. A hot site, due to its capability of continuing business quicker than both a warm site and cold site is obviously going to have the highest cost of the three. A warm site on the other hand, is a compromise between a hot site and cold site, cheaper than a hot site, but more costly than a cold site, which is the cheapest of the three. Banks, because they have so much at stake and the most demand during a disaster, would more likely than not be willing to invest money in the best possible state of the art type recovery plan. Because of the importance of a constant business flow for banks, electronic vaulting has become a more popularly used method. Electronic vaulting is the electronic transfer of data to a backup site. Two components of electronic vaulting are remote shadowing and mirroring. These components allow banks to replicate information exactly as they have it to a remote location. This transfer is obviously much quicker and simpler than the physical transferring and shipping of backup disks and tapes. More and more, banks and financial institutions are using electronic vaulting over a hot site in their disaster recovery plans. Shadowing and mirroring close the window of recovery for a bank’s mission-critical applications so that instead of waiting hours to recover at hot site, banks can be up and running again almost instantly when disaster occurs. While it is more expensive to invest in electronic vaulting, the money may be well worth it if business is not put to a halt upon the strike of disaster. Once a bank has put together a plan with all the suitable measures necessary and the best off-site location to resume business, a disaster recovery team should be assigned with specific responsibilities. Management must decide who does what. There are many different responsibilities involved in a disaster recovery plan. Personnel must be assigned to areas or teams such as administrative functions, facilities, logistics, user support, computer backup, and restoration. Each area of the plan should have a manager along with team members that perform different assignments. With a plan developed and teams now in place, a disaster recovery plan is still not considered complete. The next step is testing the plan. Testing is necessary to ensure that there are no loose ends or flaws in the plan. During a test run, often times management can see areas that need to be modified or have something added to the plan to make it as perfect as possible. It also provides preparation for the team managers and team members. The only way to ensure perfection is by practicing. By testing the plan, you can also get an idea of how long it will take for the bank to recover from a disaster and resume business activity. Once all testing has been concluded, it is then time to propose the plan to top management and get their approval of it before making the plan official. Having a disaster recovery plan implemented definitely provides a sense of security for banks and financial institutions. It also minimizes the risk of having delays. If disaster occurs, there is no wasted time in making a decision on what should be done. Simply follow the procedures of the plan in place and everything should go smoothly. As you can see, there is much more to disaster recovery planning than simply selecting an offsite location. Disaster recovery within the banking industry is something that will continue to evolve. Disaster recovery solutions will typically follow as banks and financial institutions become more sophisticated technology users. Planning for a disaster must be something that is done every step of the way. The key to successful disaster recovery is what happens long before a disaster strikes. With a realistic and secure recovery plan, properly tested and committed to by senior management, banks can effectively maintain operations while providing for the safety of people and assets.